Privacy at FingerprintIQ

FingerprintIQ never stores personally identifiable information. We do not log IP addresses, email addresses, names, or any data that could identify an individual person. Visitor IDs are derived exclusively from device signal hashes through one-way cryptographic functions that cannot be reversed.

Browser signals (Canvas hash, WebGL parameters, font enumeration, etc.) are collected in the browser and combined with edge analysis (JA4/TLS, ASN, HTTP fingerprints) at the edge. The combined signal set is hashed using SHA-256 to produce a visitor ID. The raw signals are processed transiently and discarded after hash computation.

All fingerprint computation happens at edge nodes — the nearest point of presence to the visitor. Data is not shipped to centralized servers for processing. This minimizes data exposure and latency simultaneously.

Because we don't store PII, many GDPR requirements around personal data processing don't apply. Device fingerprints generated by FingerprintIQ are pseudonymous identifiers — they identify a device, not a person. We provide a Data Processing Agreement (DPA) for enterprise customers.

Visit records are retained for the duration of your subscription plan. Free tier data is retained for 30 days. Paid plans retain data according to plan terms (typically 90-365 days). You can request full data deletion at any time through the dashboard or API.

Our SDK is open-source. You can inspect exactly which signals are collected and how they're transmitted. Our live demo shows your own device's fingerprint in real-time — nothing is hidden.