This Data Processing Agreement ("DPA") forms part of the Clickport Analytics Terms of Service when the General Data Protection Regulation ("GDPR") applies to your use of Clickport to process visitor data.
By using Clickport Analytics, you ("Customer", "Data Controller") accept this DPA on behalf of yourself and, to the extent required under applicable data protection law, your organization. If you do not agree to this DPA, you should not use Clickport Analytics.
Clickport Analytics is operated by David Karpik ("Clickport", "Data Processor"), located in Braunschweig, Germany.
"Customer Data" means any data that Clickport processes on behalf of the Customer via the Clickport Analytics service. This includes website visitor analytics data and any account-related data provided by the Customer.
"Personal Data", "Data Subject", "Processing", "Controller", "Processor", and "Supervisory Authority" have the meanings given to them in the GDPR.
"Sub-processor" means any third party engaged by Clickport to process Customer Data.
Clickport processes Customer Data solely to provide the Clickport Analytics service as described in the Terms of Service. This includes collecting aggregate website visitor metrics and presenting them through the Clickport dashboard.
The nature of the processing is the collection and aggregation of website traffic data. The purpose is to provide the Customer with analytics about their website visitors. The duration of processing is for the term of the Customer's use of the service.
Clickport collects the following non-personal, aggregate data from website visitors:
Clickport does not collect personal data from website visitors. IP addresses are used at request time for country-level geolocation and are immediately discarded. They are never stored in any database or log file. A daily-rotating hash is used for visitor counting, making it impossible to identify or re-identify individual visitors.
The Customer, as Data Controller, is responsible for:
Clickport, as Data Processor, commits to the following:
Clickport will process Customer Data only in accordance with the Customer's documented instructions as set out in this DPA and the Terms of Service. If Clickport believes an instruction violates the GDPR or other data protection law, Clickport will promptly notify the Customer.
All persons authorized to process Customer Data are bound by appropriate confidentiality obligations. Clickport will not disclose Customer Data to third parties except as described in this DPA or as required by law.
Clickport implements appropriate technical and organizational measures to protect Customer Data, including:
Clickport will assist the Customer in responding to data subject requests (access, rectification, erasure, portability, objection) to the extent that the Customer is unable to do so independently through the Clickport dashboard. Given that Clickport does not collect personal data from website visitors, data subject requests relating to visitor analytics data are generally not applicable.
Clickport will notify the Customer without undue delay, and in any event within 48 hours, after becoming aware of a personal data breach affecting Customer Data. The notification will include the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed to address the breach.
The Customer grants Clickport general authorization to engage sub-processors to process Customer Data. Clickport currently uses the following sub-processors:
Clickport will inform the Customer of any intended changes to the list of sub-processors by updating this page, giving the Customer the opportunity to object. If the Customer objects to a new sub-processor on reasonable data protection grounds, the parties will discuss the concern in good faith. If no resolution is reached, the Customer may terminate the service.
Clickport ensures that each sub-processor is bound by data protection obligations no less protective than those in this DPA.
All visitor analytics data is stored and processed within the European Union (Germany). Clickport does not transfer visitor analytics data outside of the EU.
For account-related data, Resend, Inc. (USA) processes customer email addresses for transactional email delivery. Resend is certified under the EU-US Data Privacy Framework, providing an adequate level of data protection as recognized by the European Commission. Paddle.com Market Limited (UK) processes billing data under the UK adequacy decision granted by the European Commission.
Upon termination of the service, or upon the Customer's request, Clickport will delete all Customer Data within 30 days. The Customer can also delete their data at any time through the Clickport dashboard:
Deletion is permanent and irreversible. Clickport does not retain copies of deleted data.
Clickport will make available to the Customer all information necessary to demonstrate compliance with the obligations set out in this DPA. Clickport will allow for and contribute to audits and inspections conducted by the Customer or an auditor appointed by the Customer, at the Customer's expense and with reasonable advance notice.
Each party indemnifies the other against all costs, claims, damages, and expenses incurred as a result of any breach of this DPA by the indemnifying party. The liability of each party under this DPA is subject to the limitations set out in the Terms of Service.
This DPA takes effect when the Customer begins using Clickport Analytics and remains in effect for the duration of the Customer's use of the service. The obligations of Clickport under this DPA will survive termination to the extent necessary to complete the deletion of Customer Data and to comply with applicable law.
For questions about this DPA or to exercise your rights, contact us at privacy@clickport.io.
Last updated: February 11, 2026.