Security and Privacy — Jourvex Docs

What Jourvex collects

Jourvex captures behavioral signals from visitors on your site. Everything collected is focused on understanding evaluation behavior, not identifying individuals.

Page URLs and navigation paths

The pages a visitor views and the order they navigate through your site across each session.

Session timing and engagement signals

How long a visitor spends on your site, how many times they click and scroll, and the duration of each session.

Browser and device signals

General device characteristics used to support session-level continuity across visits. No specific hardware identifiers are stored.

Pseudonymous session tokens

Anonymous identifiers generated per visitor that allow Jourvex to group activity across sessions without creating a direct identity. These tokens are not linked to any name, email, or personal account by default.

Attribution signals

UTM parameters and referrer information that indicate how a visitor arrived at your site.

What Jourvex does not collect

Names, emails, or passwords

Jourvex does not capture form inputs or any user-entered content by default. If your visitors fill out a form, that data stays in your own systems.

Sensitive personal information

Jourvex does not collect financial information, health data, or any other sensitive personal data.

Cross-site tracking

Jourvex only tracks visitor behavior on the site it is installed on. It does not follow visitors across unrelated websites.

Real-world identity by default

No linkage between session activity and a real person is created unless your team explicitly provides that connection through your own systems.

Where data goes

Sent over HTTPS

All data collected by Jourvex is transmitted securely over HTTPS. No data is sent over unencrypted connections.

Processed in the United States

Jourvex infrastructure is hosted in the United States. If your visitors are in regions with data residency requirements, contact us to discuss your options.

Isolated per customer

Your visitor data is scoped to your account and site key. No data from your site is accessible to other Jourvex customers.

Never sold or shared with ad networks

Jourvex does not sell visitor data or share it with advertising networks. Data collected on your site is used solely to power your Jourvex dashboard and APIs.

Consent and regional controls

Jourvex includes built-in consent awareness for regions where analytics consent is required.

EU and UK visitors

Jourvex detects whether a visitor is located in the EU or UK and waits for consent before collecting any data. If consent is not given, no events are sent and no data is stored.

CMP compatibility

Jourvex works with IAB TCF-compatible consent platforms, Cookiebot, and OneTrust. If your site uses one of these, Jourvex will respect the consent signal automatically.

Your responsibility

You are responsible for implementing any required consent disclosures on your site and configuring your consent platform correctly. Jourvex respects the consent signals your platform provides.

Data retention and deletion

Retained only as long as needed

Jourvex retains visitor data only as long as necessary to operate the service and provide accurate journey intelligence to your team.

Deletion requests

You can request deletion of your data at any time by contacting hello@jourvex.com. We will process your request promptly.

Security practices

Encrypted in transit

All communication between the Jourvex script and our backend is encrypted over HTTPS. No data is transmitted in plain text.

API key authentication

Access to the Journey API requires an API key scoped to your account. Keys are hashed before storage. Your raw key is shown only once and cannot be retrieved after generation.

Customer data isolation

Every query against your data is scoped to your site key. It is not possible for one customer to access another customer's visitor data.

SOC 2 readiness

Jourvex is working toward SOC 2 compliance. If your team has specific security requirements or needs a security review, contact us at hello@jourvex.com.

Questions

If you have questions about how Jourvex handles data, need documentation for a security review, or want to discuss specific compliance requirements, reach out at hello@jourvex.com. We are happy to help.