Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/vemetric/vemetric/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Vemetric is built with privacy at its core, providing you with the tools to comply with GDPR, CCPA, and other privacy regulations while still gaining valuable insights into user behavior.
Vemetric gives you full control over cookie usage and data collection, allowing you to respect user privacy choices while maintaining analytics functionality.
Vemetric uses a single first-party cookie (_vuid) to track users across sessions when cookies are enabled. This cookie:
  • Is set as HttpOnly and Secure
  • Uses SameSite=None for cross-subdomain tracking
  • Has a domain scope matching your base domain
  • Expires after approximately 400 days
  • Contains only a user identifier (no personal information)
Vemetric supports two tracking modes:

GDPR Compliance

To comply with GDPR, you must obtain explicit consent before setting cookies. Here’s how to implement consent management with Vemetric:
1

Start with cookieless tracking

Initialize Vemetric with cookies disabled by default:
vemetric.init({
  token: 'your-project-token',
  allowCookies: false // Start without cookies
});
2

Display consent banner

Show your cookie consent banner to users:
<div id="cookie-banner">
  <p>We use cookies to improve your experience. Do you accept?</p>
  <button onclick="acceptCookies()">Accept</button>
  <button onclick="rejectCookies()">Reject</button>
</div>
3

Update tracking based on consent

Enable or disable cookies based on user choice:
function acceptCookies() {
  // Enable cookie tracking
  vemetric.allowCookies(true);
  hideBanner();
}

function rejectCookies() {
  // Continue with cookieless tracking
  vemetric.allowCookies(false);
  hideBanner();
}
4

Persist consent choice

Store the user’s consent preference:
function acceptCookies() {
  localStorage.setItem('cookie-consent', 'accepted');
  vemetric.allowCookies(true);
}

// Check on page load
if (localStorage.getItem('cookie-consent') === 'accepted') {
  vemetric.allowCookies(true);
}

Right to be Forgotten

GDPR grants users the right to have their data deleted. To handle deletion requests:
  1. Identify the user: Use the user identifier or email to locate their data
  2. Contact Vemetric support: Submit a deletion request with the user identifier
  3. Verify deletion: Confirm that all user data has been removed from analytics
Vemetric automatically anonymizes data after retention periods, but explicit deletion requests should be processed immediately.

Data Minimization

Vemetric follows data minimization principles by:
  • Header filtering: Only essential headers are stored (user-agent, referer, SDK headers)
  • IP anonymization: Client IPs are used for geo-location but can be excluded from storage
  • No PII by default: Personal information is not collected unless explicitly sent
Avoid sending sensitive personal data in custom event properties or user data fields. Never include:
  • Email addresses (unless necessary for your use case)
  • Phone numbers
  • Government IDs
  • Payment information
  • Health data

CCPA Compliance

The California Consumer Privacy Act (CCPA) requires businesses to disclose data collection practices and honor opt-out requests.

Do Not Track

Respect the Do Not Track browser setting: 
if (navigator.doNotTrack === '1') {
  // Don't initialize tracking
  console.log('User has enabled Do Not Track');
} else {
  vemetric.init({
    token: 'your-project-token',
    allowCookies: false // Start privacy-friendly
  });
}

Opt-Out Implementation

Provide users with an easy way to opt out of tracking: 
// Opt-out function
function optOutOfTracking() {
  // Stop tracking
  vemetric.optOut();
  
  // Store opt-out preference
  localStorage.setItem('vemetric-opt-out', 'true');
  
  // Delete existing cookie
  document.cookie = '_vuid=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;';
}

// Check opt-out status on load
if (localStorage.getItem('vemetric-opt-out') === 'true') {
  // Don't initialize tracking
} else {
  vemetric.init({ token: 'your-project-token' });
}

IP Exclusion

Vemetric allows you to exclude specific IP addresses from tracking, useful for:
  • Filtering out internal team traffic
  • Excluding office networks
  • Removing bot traffic from specific sources

Configure IP Exclusion

1

Navigate to Project Settings

Go to your project settings in the Vemetric dashboard.
2

Add Excluded IPs

Enter IP addresses to exclude, separated by commas:
192.168.1.1, 10.0.0.5, 203.0.113.42
3

Save Changes

Excluded IPs take effect immediately. Requests from these IPs will be silently ignored.
IP exclusion happens server-side before any data is stored, ensuring excluded traffic never enters your analytics.

Geographic Restrictions

Exclude traffic from specific countries to comply with regional restrictions or focus on target markets: 
// Configure in project settings
excludedCountries: ['CN', 'RU', 'KP'] // ISO country codes
When a request comes from an excluded country:
  • The request is identified by IP geolocation
  • No data is stored or processed
  • The response returns a silent 200 OK status

Data Retention

Vemetric supports configurable data retention periods:

Event Data

Events are retained based on your plan:
  • Free tier: 30 days
  • Pro tier: 1 year
  • Enterprise: Custom retention

User Data

User profiles are retained as long as they remain active. Inactive users are automatically cleaned up after the retention period.

Privacy-First Features

Bot Detection

Vemetric automatically filters out bot traffic using:
  • User agent analysis
  • Known bot pattern matching
  • Behavioral signals
Bot requests are rejected before any data storage occurs.

Prefetch Filtering

Browser prefetch requests are automatically detected and excluded: 
// Automatically handled
if (headers['X-Purpose'] === 'prefetch' || 
    headers['Purpose'] === 'prefetch') {
  // Request is ignored
}

Header Sanitization

Only essential headers are stored for analytics: Allowed headers:
  • user-agent (for device detection)
  • referer (for traffic source analysis)
  • v-sdk, v-sdk-version, v-host, v-referrer (Vemetric SDK headers)
  • sec-ch-* (Client Hints for privacy-preserving device info)
All other headers are stripped before storage.

Best Practices

  • Clearly disclose what data you collect in your privacy policy
  • Explain how analytics data is used
  • Provide links to Vemetric’s privacy documentation
  • Respect opt-out preferences
  • Don’t track users who decline cookies
  • Make it easy to withdraw consent
  • Only track events that provide business value
  • Avoid collecting unnecessary user properties
  • Use aggregated data when possible
  • Always use HTTPS for your website
  • Vemetric enforces secure connections
  • Enable HSTS headers on your domain
This guide provides general information about privacy compliance but does not constitute legal advice. Consult with a qualified attorney to ensure your implementation meets all applicable legal requirements in your jurisdiction.

Next Steps

Cross-Subdomain Tracking

Learn how to track users across multiple subdomains while maintaining privacy.

Best Practices

Follow recommended patterns for event naming and data structure.