Skip to main content

Overview

Trodo is designed with privacy in mind. This guide covers data handling, compliance-related features, and how to configure privacy for your team.

Data collection

What Trodo collects

Automatically collected (when enabled)
  • Page views and navigation
  • User interactions such as clicks, scrolls, and form submissions (metadata, not field values)
  • Device and browser information
  • Approximate geographic location from IP
  • Session data
Not collected
  • Form field values (metadata only for forms)
  • Passwords or credentials
  • Payment card numbers
  • Full IP addresses (used for coarse geo, not stored as raw IP in the product analytics flow described here)

Default properties

See Default Properties for the full list of automatic fields. 
Captured (examples):
├── country, city (approximate)
├── device_type, browser_name
└── page URL and referrer (where allowed)

Not captured:
├── form field contents
├── passwords
└── full clipboard contents (auto-events use caps and truncation where applicable)

Privacy by design

IP address handling

IP may be used to derive coarse location and is not retained for end-user analytics in the same form as the raw address.

Data minimization

  • Element text in auto-events is truncated
  • Selection and copy signals use length limits
  • Form values are excluded; only structural metadata is captured

Pseudonymization

Anonymous: anon_abc123xyz
Identified: your chosen user id (string)
You control how much identifying information you attach with identify() and people.set(). Load Trodo only after consent when your policy requires it: 
if (userHasConsented()) {
  var script = document.createElement('script');
  script.src = 'https://cdn.trodo.ai/scripts/analytics/trodo.script.min.js';
  script.setAttribute('site-id', 'YOUR_SITE_ID');
  document.head.appendChild(script);
}

Integration with CMPs

OneTrust 
OneTrust.OnConsentChanged(function (e) {
  if (OnetrustActiveGroups.includes('C0002')) {
    loadTrodo();
  }
});
Cookiebot 
window.addEventListener('CookiebotOnAccept', function (e) {
  if (Cookiebot.consent.statistics) {
    loadTrodo();
  }
});

Data retention

Data typeDefault (typical)Configurable
Events24 monthsYes
User profiles24 monthsYes
Sessions24 monthsYes
Configure under Settings → Privacy where available.
Shorter retention reduces storage but limits long-range trends.

Data access & export

RoleAccess
Super User / Admin / UserConfigurable per team
Significant access may be logged in an audit trail.

Data subject requests

Export
  1. Find the user by email or ID
  2. Open the profile
  3. Export as JSON (where supported)
Deletion
  1. Find the user
  2. Delete profile and confirm
Deletion is typically irreversible.

Audit logging

Examples of actions that may be logged:
  • Profile views and exports
  • Retention or privacy setting changes
  • Team membership updates
  • Site configuration changes

Security

StateProtection
In transitTLS 1.3
At restAES-256 (platform standard)
Access controls, timeouts, and authentication integrate with your Trodo account model.

Data storage & infrastructure

Trodo data is processed on Google Cloud Platform in us-central1 (Iowa, United States), unless your contract states otherwise.
LayerProviderRegion
Application & dataGoogle Cloud Platformus-central1
CDN / edgeCloudflareGlobal
EU-only residency may be available for enterprise agreements. Contact [email protected].

Compliance

GDPR highlights

  • Data minimization and configurable retention
  • Export and deletion paths for subject requests
  • DPA and SCCs available on request

CCPA / CPRA

  • Access and delete flows via the dashboard
  • Honor opt-out by not loading the SDK when required

Cookies

CookiePurposeDuration
cq_distinct_idAnonymous / user key1 year
cq_session_idSession30 minutes
No third-party advertising cookies from Trodo analytics.

Privacy settings

Settings → Privacy (where available)
SettingDescription
Data retentionHow long to retain events and profiles
IP / geoToggle coarse location
Auto-eventsReduce sensitive surfaces
Sensitive pathsExclude URLs from tracking

Exclude sensitive paths

script.setAttribute('auto-events-disabled-paths', '/account,/settings,/admin');

Disable specific auto-events

script.setAttribute('auto-events-disabled-events', 'text_selection,copy_action');

Data Processing Agreement

DocumentAvailability
DPAOn request
EU SCCsOn request
UK IDTA / AddendumOn request
Email [email protected] with subject DPA Request.

Privacy policy template

Include something like: 
Analytics

We use Trodo for product analytics. Trodo may collect:
- Pages visited and interactions
- Device and browser information
- Approximate location

We use this to improve the product. We do not sell your data.
You can opt out by not loading analytics or using browser controls.

See Trodo: https://trodo.ai/privacy

Troubleshooting

Locate the profile by email or ID, delete, and confirm completion with your process.
Use profile export where available; provide the file through your secure channel.

Next steps

Team management

Access and roles

Default properties

What is collected automatically