Skip to content data privacy overview

When using our tracking code, you may need to be aware of privacy considerations surrounding’s data collection approach. We will use the term “personal information” in lieu of “personal data” and “Personal Identifiable Information (PII)”.

By default, collects standard web browser information about a reader, the uses of which are described below:

  • ip_address: IP address of the user; used for bot detection and geographic segments
  • user_agent: Identifier for the user’s device; used for device analytics (mobile vs desktop)
  • first_party_uuid: Site-specific identifier (UUID) for user; used in loyalty analytics (new vs returning)

To comply with personal information restrictions in certain geographic regions, as well as the privacy policies of individual publishers, can selectively disable the tracking of ip_address. An example implementation is here. has also exposed the ability to disable the tracking of ip_address on a per-visitor basis when using our standard javascript tracker. This can be especially useful with maintaining GDPR compliance.

What does disabling ip address tracking mean?

When you disable ip_address tracking for a specific site, Site ID, or visitor we perform a hashing algorithm on the original ip address that removes any personal information while maintaining enough information to perform reasonably accurate geographic segmentation.

Is the first_party_uuid a form of personal information?

No. The way we generate the first_party_uuid for web browsers uses server-side crytographic randomness. In the case of our mobile SDKs, we generate the first_party_uuid within the app itself, leveraging Java and ObjC/Swift APIs. The UUID is a unique identifier that can only be used to analyze single-domain or single-app user sessions. does not link the first_party_uuid with any personal information about the web visitor; from’s standpoint, each UUID is an anonymous content-viewing device or user.

Effect of disabling ip_address

Disabling ip_address prevents bot detection and blocking actions may take, but may lead to better compliance with strict privacy policies that consider IP addresses to be personal information.

Disabling ip_address may make our geographic segmentation feature slightly less accurate. Geographic segmentation is most often used with our audience segmentation feature.

To disable ip_address, contact us at

How and where is visitor data securely stored? uses a stateless distributed DNS and CDN infrastructure, which is spread across several geographic regions for redundancy and performance.

Data is immediately processed in a distributed infrastructure located in several data centers in the United States (located in the states of Virginia and Oregon), where it is archived and stored long-term.

All data is stored on secure Linux servers, which are regularly patched and upgraded. These servers are behind a virtual private cloud networking setup. Because we rely on public cloud infrastructure, physical security of our data centers are handled by Amazon Web Services, who has public documentation on cloud security, as well as ISO 27001 compliance for their infrastructure.

Data is also backed up to a cloud distributed data store with 99.999999999% durability, and is only accessible by authorized systems using secure keys. This distributed data store is spread across several data centers clustered geographically in the state of Virginia in the United States.

Do you have a public privacy policy?

Yes. publishes its privacy policy here. Some discussion of our data storage is also included in our product terms of use.

How is data aggregated and anonymized? aggregates and anonymizes customer data for the purpose of studying web-wide attention data. For example, aggregated and anonymized data is used for our data studies which are published to inform media industry trends for customers and the press.

How does handle EU-US Privacy Shield?

We are Privacy Shield certified; our certification page is here. The principles for EU-US Privacy Shield are covered here. Our public privacy policy discusses these points throughout.

Example implementation of disabling ip address tracking per visitor

To disable ip address tracking on a per visitor basis you should define a PARSELY object with an onload function prior to the code for the default implementation. The onload function should call PARSELY.setConfigOptions and pass it an object with the keys and values you’d like to overwrite for this visitor. Currently, the only valid key is track_ip_addresses. The only valid values are true or false.

Use of the setConfigOptions function requires autotrack: false per the dynamic tracking documentation.

<script type="application/javascript">
function shouldTrackAddress () {
  // returns true if we should track IP Address for this visitor

window.PARSELY = window.PARSELY || {
  autotrack: false,
  onload: function () {
      track_ip_addresses: shouldTrackAddress()
      url: location.href,
      urlref: document.referrer,
      js: 1
<!-- Normal integration code goes here -->

Last updated: September 07, 2023