twobucks.ai logoTwoBucks

What We Collect

TwoBucks is committed to privacy and transparency. This page details exactly what data we collect and what we don't collect.

Data We Collect

Pageview Events

Automatically Collected:

  • Page Path: The URL path of the page visited (e.g., /about)
  • Session ID: A unique identifier for the browsing session (expires after 30 minutes of inactivity)
  • Visitor ID: A unique identifier for the visitor (persists for 365 days)
  • Timestamp: When the pageview occurred (ISO 8601 format)
  • Referrer: The website that referred the visitor (if available)
  • User Agent: Browser and device information (anonymized - version numbers truncated)
  • Language: Browser language preference (e.g., "en-US")
  • Timezone: Visitor's timezone (IANA timezone, e.g., "America/New_York")
  • Screen Dimensions: Device screen width and height in pixels
  • Viewport Dimensions: Browser window width and height in pixels
  • UTM Parameters: Marketing campaign data (source, medium, campaign, keyword) if present in URL
  • Ad Click IDs: Marketing attribution IDs (gclid, fbclid, msclkid, etc.) if present in URL

Why We Collect This:

  • Page path: Understand which pages are most popular
  • Session/Visitor IDs: Track user journeys and calculate metrics
  • Referrer: Understand traffic sources
  • User Agent: Detect device type (desktop/mobile/tablet) and browser
  • Language/Timezone: Provide localized analytics
  • Screen/Viewport: Understand device capabilities and responsive design usage
  • UTM Parameters: Measure marketing campaign effectiveness
  • Ad Click IDs: Attribute revenue to marketing campaigns

Payment Events

Automatically Collected (Stripe):

  • Stripe Session ID: Checkout session identifier (starts with "cs_")
  • Session ID: Analytics session identifier (links to pageview session)
  • Visitor ID: Visitor identifier (links to visitor profile)
  • Timestamp: When payment occurred
  • Page Path: Success page path
  • Referrer: Referrer URL (for attribution)
  • User Agent: Browser information (for device detection)

Why We Collect This:

  • Stripe Session ID: Link payment to Stripe checkout session
  • Session/Visitor IDs: Attribute payment to marketing source
  • Revenue: Calculate ROI and revenue metrics

Custom Events

Collected when you track custom events:

  • Event Name: Custom event identifier (e.g., "button_click", "form_submit")
  • Properties: Up to 10 custom properties (key-value pairs, max 255 chars per value)
  • Page Path: Where the event occurred
  • Session ID: Links event to session
  • Visitor ID: Links event to visitor
  • Timestamp: When event occurred

Data We Don't Collect

Personal Information

  • IP Addresses: We hash/anonymize IPs before storage
  • Email Addresses: Only collected if you explicitly call identify() with email
  • Names: Only collected if you explicitly call identify() with name
  • Phone Numbers: Never collected
  • Physical Addresses: Never collected
  • Credit Card Information: Never collected (handled by payment processors)

Browsing Behavior

  • Full URLs: We only collect the path (e.g., /page), not query parameters or hash
  • Keystrokes: Never collected
  • Mouse Movements: Never collected
  • Scroll Position: Only collected if you use scroll tracking attributes
  • Form Data: Never collected (only form submission events if you track them)

Device Information

  • Exact Device Model: We detect device type (desktop/mobile/tablet) but not specific models
  • Exact Browser Version: User agent version numbers are anonymized (truncated)
  • Installed Software: Never collected
  • Hardware Specifications: Only screen/viewport dimensions, nothing else

Location Data

  • GPS Coordinates: Never collected
  • Exact Location: Never collected
  • Timezone: Collected (for time-based analytics, not location tracking)
  • Country/Region: May be inferred from IP (anonymized) for geographic analytics

Data Processing

Anonymization

User Agent:

  • Version numbers are truncated (e.g., Chrome/78.0.3904.108Chrome/78.0.0.0)
  • Browser and OS names are preserved for device type detection
  • Reduces fingerprinting while maintaining analytics value

IP Addresses:

  • IP addresses are hashed using SHA-256 before storage
  • Original IP is never stored
  • Used only for rate limiting and geographic inference

Bot Detection

Client-Side:

  • Detects automation tools (Puppeteer, Playwright, Selenium)
  • Detects HTTP clients (curl, wget, axios)
  • Prevents tracking if bot detected

Server-Side:

  • Detects search engine crawlers
  • Detects monitoring tools
  • Filters bot traffic before storage

Throttling

Duplicate Prevention: Same URL within 1 minute is not tracked (client-side and server-side). Prevents inflated metrics from page refreshes. Only applies to pageview events.

Your Rights

Opt-Out

Users (Website Visitors):

localStorage.setItem('twobucks_ignore', 'true');

Website Owners:

  • Delete your account to remove all data
  • Contact support to request data deletion
  • Export your data before deletion

GDPR Compliance

  • Right to access: View your data in dashboard
  • Right to rectification: Update data via dashboard
  • Right to erasure: Delete account or request deletion
  • Right to data portability: Export data (coming soon)
  • Right to object: Opt-out of tracking (users) or delete account (owners)
PreviousPrivacy
NextCookie Consent