General mission around privacy
Privacy and security, by default
When we built RUMvision, protecting the privacy of your visitors was a foundational requirement - not an afterthought. This page explains how we collect, use, and store data, and why your visitors' personal information never touches our systems.
Hosted and operated in the EU
RUMvision is developed, hosted, and operated from Groningen, the Netherlands. All data is processed exclusively on EU infrastructure. Your data never leaves the EU.
Two distinct contexts: the snippet vs. the RUMvision platform
It's important to understand the difference between what our monitoring snippet collects from your website visitors, and what the RUMvision platform collects from you as a user of our tool.
The monitoring snippet — installed on your website — collects only anonymized performance data from your visitors. No PII is ever collected, stored, or processed about them.
The RUMvision platform — the dashboard you log into — does collect personal data from you as a customer. This includes your name, email address, billing information, and account credentials, which are necessary to provide and manage your subscription. This is standard for any SaaS product and is covered in full in our Privacy Policy.
No visitor PII. Ever.
Our monitoring snippet collects only anonymized performance data. We do not collect, store, or process any personally identifiable information (PII) from your website visitors - including IP addresses, names, email addresses, or any other identifying metrics.
Even browser details are broken down into anonymized signals before they reach our servers. For example, we collect device memory range and connection type as bucketed values, not raw figures.
How the data flows
- Our JavaScript snippet runs on your pages and captures anonymized performance metrics.
- Data is submitted to AWS in Frankfurt, Germany.
- A Dutch server fetches, transforms, and indexes the data into Elastic Search.
- You access your performance data through the RUMvision dashboard, served from our Groningen HQ.
Every step stays within the EU.
Local storage: what we use it for
To accurately distinguish new visitors from returning ones — and to detect multi-page sessions — we use localStorage and sessionStorage by default. This gives you more reliable unique vs. returning visitor data than cookies alone.
You can disable this at any time in your domain settings under Privacy and consent.
We store:
- A timestamp of the first page visit (to identify returning visitors)
- Session identifiers and performance sampling rates
We do not store any visitor names, emails, or identifiers.
Optional extended tracking
We offer optional country-level attribution, derived from our existing AWS infrastructure — no additional IP lookups are performed. This feature is disabled by default. If you choose to enable it, you should inform your own users accordingly in your privacy policy.
Data processors
All visitor data is processed exclusively within the EU. Our infrastructure partners are:
- AWS (Frankfurt, Germany) — receives and stores raw performance data
- Elastic Search — data indexing and search
- Team Blue / Chessweb (Netherlands) — hosting services
- Google Cloud (Belgium) — additional processing and storage
All processors operate under data processing agreements and handle data only on our instructions.
DPA available
We offer a standard Data Processing Agreement (DPA) to all customers who would like to use it for use of the application . Our DPA contains GDPR-compliant contractual terms that reflect our privacy and security commitments.
To request a DPA, contact us at info op rumvision punt com.
For the full details on how we handle your account data, billing information, and your rights under GDPR, see our Privacy Policy.