Privacy Policy

This Privacy Policy explains how d-edge.me ("we", "us", "operator") processes personal data collected through the d-edge.me domain and its subdomains (including c.d-edge.me) in the course of providing visitor identification services to participating partner websites.

1. Data we collect

When you visit a website that has embedded our tracking pixel, we receive:

Device + browser metadata: user agent, browser name and version, operating system, device type, screen resolution, language, timezone.
Network signals: IP address, ASN, ISP, approximate geographic location (country, city) derived from IP.
Visit context: the URL of the page you viewed on the partner site, the referring URL, UTM parameters when present.
Identifiers: a randomly-generated visitor ID stored in a first-party cookie on the partner site, and a cross-partner identifier stored on the .d-edge.me domain (if your browser permits third-party cookies).
Identification linkage: when you click a tracked email link, submit a form, or otherwise self-identify on a partner site, the email address you provided is linked to the visitor identifier above.

We do not collect: payment information, passwords, biometric data, health data, sexual orientation, religious beliefs, or any data of children under 16.

2. Cookies we set

Cookie name	Domain	Purpose	Lifetime
`dz_visitor_id`	partner site (first-party)	Per-site visitor identifier	13 months
`dz_id_status`	partner site (first-party)	Identification status (helps reduce duplicate tracking)	13 months
`dz_user_id`	.d-edge.me (third-party)	Cross-partner browser identifier	13 months
`dz_person_token`	.d-edge.me (third-party)	Cross-device person identifier (only set after consent / explicit click action)	13 months

3. Why we process this data

Visitor analytics for partner websites — count visits, recognise returning visitors, attribute engagement.
B2B identity resolution — link a returning visitor to their business email when they have self-identified on the partner's site.
Bot detection — distinguish automated traffic (crawlers, scanners) from real visitors using IP reputation and user-agent analysis.
Service operation — ensure the tracking pixel functions correctly, prevent abuse, debug issues.

4. Legal basis (GDPR)

Legitimate interest (Art. 6(1)(f) GDPR) — for non-identifying analytics, cookie identifiers, bot detection.
Consent (Art. 6(1)(a) GDPR) — for personal data linkage and cross-device person identifiers; obtained via the partner site's cookie consent banner.

Partner websites are responsible for obtaining valid consent under their applicable consent management framework (CMP). We rely on the partner's consent signal when setting identifying cookies in jurisdictions that require it (EEA, UK, Switzerland, California, and others).

5. Data retention

Raw event data (visits, clicks, opens): up to 12 months
Identified visitor records: up to 24 months from last activity
Aggregated analytics (counts, totals, no personal identifiers): kept indefinitely

6. Sharing & transfers

We do not sell personal data. Data is shared only with:

The specific partner website that requested the visitor identification (limited to that partner's visitors).
Sub-processors strictly required to operate the service (cloud hosting, error monitoring, geo-IP enrichment) under written data processing agreements.
Authorities when required by law (court order, legal subpoena, regulatory request).

Personal data may be processed in the United States and other jurisdictions where our cloud providers operate. Cross-border transfers are governed by Standard Contractual Clauses (SCCs) where applicable.

7. Your rights

Under GDPR, CCPA/CPRA, and equivalent laws, you have the right to:

Access the personal data we hold about you
Correct inaccurate or incomplete data
Delete your data ("right to be forgotten")
Restrict or object to specific processing activities
Receive your data in portable format
Withdraw consent at any time (does not affect processing already done)
Opt out of "sale" or "sharing" under CCPA (we do not "sell" data, but this right is still available)
Lodge a complaint with your local supervisory authority

To exercise any of these rights, email privacy@d-edge.me with your request. We respond within 30 days (extendable to 60 days for complex requests).

8. Opt out

You can opt out of tracking by:

Deleting dz_* cookies in your browser's privacy settings
Enabling "Do Not Track" or "Global Privacy Control" in your browser — we honor both signals
Using a browser-level tracking-prevention setting (e.g., Safari Intelligent Tracking Prevention, Brave Shields, Firefox Enhanced Tracking Protection)
Emailing privacy@d-edge.me to request permanent suppression

9. Children

Our service is intended for B2B audiences. We do not knowingly collect data from children under 16. If we become aware that we have inadvertently received such data, we delete it.

10. Changes to this policy

We may update this policy from time to time. Material changes will be reflected in the "Last updated" date below. Continued use of partner sites with our pixel deployed after the effective date constitutes acceptance of the revised policy.

11. Contact & data controller

Data controller: d-edge.me
Privacy enquiries: privacy@d-edge.me
Domain: d-edge.me (and subdomains)
Service: B2B visitor identification infrastructure
Last updated: 2026-06-04