Site Logo

Privacy Policy

Last updated: March 05, 2026

This Privacy Policy explains how Key Arg B.V. ("we", "us", "our") collects, uses, and processes information when:

  • you visit our website located at https://usd.org (the "Website");
  • you create an account or use our analytics services (the "Services") as a customer ("Customer"); or
  • our analytics script is deployed on a third-party website that you visit.

We are committed to providing a privacy-focused analytics service and to minimizing the collection and processing of personal data.

1. Scope Of This Privacy Policy

This Privacy Policy applies to three different situations:

  • Visitors of our Website.
  • Customers who create an account and use our Services.
  • Visitors of websites that use our analytics script.

Different types of information may be processed depending on how you interact with us.

2. Privacy-First Design

Our analytics system is designed to minimize personal data collection and to prevent identification of individual website visitors.

Our analytics system does not use cookies, browser storage (such as localStorage or sessionStorage) or device fingerprinting techniques to identify visitors.

We do not attempt to uniquely identify individual devices or users across websites, browsers or time periods, and we do not track individuals across multiple websites, services or applications.

Our analytics system is designed so that visitor identifiers are unique to each website and cannot be correlated across different websites using our Services.

Key principles include:

  • The analytics script does not use cookies.
  • Raw IP addresses are never stored.
  • A temporary pseudonymous identifier is generated and rotated daily.
  • Cross-site tracking is not performed.
  • Visitor identifiers cannot be linked across different websites.
  • Personal data fields may be filtered or discarded automatically if detected in URLs or custom parameters.

Our goal is to provide website analytics while significantly reducing privacy risks for website visitors.

3. Information Collected When You Visit Our Website

When you visit our Website without creating an account, we do not set tracking cookies or collect personal data for analytics or advertising.

However, limited technical information may be processed automatically for security and operational purposes through standard server logs and infrastructure services.

This may include:

  • IP address (processed transiently by infrastructure providers but not stored by us),
  • browser type,
  • operating system,
  • request timestamps,
  • error logs.

This information is used solely for security monitoring, preventing abuse or attacks and maintaining the availability of the Website.

4. Information Collected When You Create An Account

To use our Services, you must create an account.

During registration we may collect:

  • email address,
  • authentication provider identifier (if you sign in through Google).

Authentication is performed through one-time verification codes sent to your email address, rather than passwords.

We store:

  • your email address,
  • account metadata,
  • authentication events.

5. Third-Party Authentication Providers

Users may also create an account or sign in using third-party authentication providers such as Google.

When you choose this option, the authentication provider may share certain information with us, including:

  • your email address,
  • a unique authentication identifier.

We use this information solely to create and manage your account and to authenticate your access to the Services.

We do not receive access to your Google password or other information from your Google account.

Your use of third-party authentication services is subject to the privacy policies of those providers.

Google's Privacy Policy is available at https://policies.google.com/privacy.

6. Authentication Cookies

To keep you logged in to your account, we use authentication cookies.

These cookies are strictly necessary for the functioning of the Service.

We use two authentication tokens:

  • Access token: is stored in a cookie, valid for approximately 15 minutes.
  • Refresh token: is stored in a cookie, valid for approximately 7 days.

These cookies are used only for authentication. They are not used for tracking or advertising and are not shared with third parties.

7. Payment Information

Payments for the Services are processed by Stripe. When you purchase a subscription, payment information is submitted directly to Stripe.

We do not store full payment card details. Stripe may provide us with limited information necessary to manage subscriptions, including:

  • billing email address,
  • payment status,
  • subscription status,
  • transaction identifiers.

Stripe processes payment data according to its own privacy policy.

8. Data Retention

Analytics data is retained while the Customer's subscription remains active.

If a subscription expires or is cancelled:

  • the account may be retained for 30 days; and
  • after this period, associated analytics data may be permanently deleted.

Operational and security logs may be retained for a limited period where necessary.

9. Analytics Data Collected Through Customer Websites

When our analytics script is deployed on a Customer's website, it collects limited, non-identifying data about page visits and interactions.

This data may include:

  • page URL (with personal data fields filtered),
  • referrer URL,
  • browser type,
  • operating system,
  • device type,
  • screen size,
  • language preference,
  • country (derived from IP, which is not stored),
  • page view timestamps,
  • session duration,
  • custom events (if configured by the Customer).

A temporary pseudonymous visitor identifier is generated using a hash of the visitor's IP address, the website domain, and a rotating daily salt. The raw IP address is never stored.

This identifier is unique per website and cannot be used to track visitors across different websites.

10. Infrastructure And Hosting

Our Services are hosted on servers located in the EU.

We implement reasonable technical and organizational measures to protect the Services.

We use Cloudflare as a content delivery network and proxy. Cloudflare may process network traffic information including:

  • IP addresses,
  • request headers,
  • routing data.

Cloudflare's privacy policy is available at https://www.cloudflare.com/privacypolicy/.

11. Security Monitoring

We maintain security logs, including:

  • server access logs,
  • error logs,
  • abuse monitoring logs.

These logs are used only for security and operational purposes.

When we act as a data controller, we process personal data on the basis of the legal grounds permitted under applicable data protection laws, including performance of a contract, legitimate interests, and compliance with legal obligations.

Performance of a Contract

We rely on the performance of a contract to:

  • provide the Services to Customers;
  • create and manage user accounts;
  • authenticate users when logging into the Services;
  • assist with the resolution of technical or other issues related to the Services;
  • manage our relationship with you and communicate with you, including:
    • operational and transactional communications related to ordering and using the Services;
    • notifications about changes to our Services, new features, or security updates;
    • responses to support requests and other communications necessary for the provision of the Services;
  • provide information that you have requested from us or that we are required to send to you in connection with the Services;
  • exercise our rights and perform our obligations under our agreements with you.

Legitimate Interests

We rely on our legitimate interests, provided that these interests are not overridden by your rights and freedoms, to:

  • improve and develop our products and services;
  • conduct research, testing, and analysis of our products and features;
  • monitor and analyze usage of our Services and Websites;
  • promote and increase engagement with our products;
  • send marketing communications, including information about new services, newsletters, product offers, and promotions that may be relevant to you.

You may opt out of marketing communications at any time by:

  • using the unsubscribe link in our emails;
  • updating your communication preferences in your account settings; or
  • contacting us at [email protected].

We may also rely on legitimate interests to disclose information in connection with a corporate transaction, such as a restructuring, merger, acquisition, financing, or sale of assets.

Legal Obligations

We process personal data when necessary to comply with legal obligations, including to:

  • prevent, detect, and report unlawful or fraudulent activities;
  • ensure network and information security;
  • protect our users, our Services, and our infrastructure;
  • comply with applicable laws, regulations, legal processes, or governmental requests.

13. Disclosure Of Information

We may disclose information described in this Privacy Policy to:

  • Third-party service providers and partners that assist us in operating the Services and Websites, including those described in this Policy.
  • Regulators, courts, law enforcement agencies, government authorities, fraud prevention agencies, or other third parties where we believe disclosure is necessary to comply with applicable law or legal process, enforce our legal rights, protect our users or the public.
  • Actual or potential buyers and their advisers in connection with a merger, acquisition, restructuring, financing, or sale of all or part of our business.

14. International Data Transfers

When we process information, it may be transferred to and processed in countries other than the country in which you reside.

Where personal data is transferred outside the European Economic Area (EEA), we implement appropriate safeguards to ensure that your personal data remains protected.

Such safeguards may include:

  • entering into Standard Contractual Clauses approved by the European Commission with the recipient of the data, or
  • relying on other legally recognized transfer mechanisms available under applicable data protection laws.

These measures are intended to ensure that personal data receives a level of protection equivalent to that required under applicable data protection legislation.

15. Data Subject Rights

Depending on applicable data protection laws and subject to certain limitations, you may have the following rights with respect to personal data that we process as a data controller:

  • You have the right to request access to your personal data and to obtain a copy of it.
  • You have the right to request correction of inaccurate or incomplete personal data.
  • You may request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
  • You may request restriction of processing in certain situations, for example while we verify an objection you have raised.
  • Where applicable, you may request that your personal data be provided in a structured, commonly used, and machine-readable format and transmitted to another controller.
  • You may object to the processing of your personal data in certain circumstances, including where personal data is used for direct marketing purposes.
  • If you believe that your personal data is being processed in violation of applicable data protection laws, you have the right to lodge a complaint with your local data protection authority.

Exercising Your Rights

You may exercise your rights by contacting us at [email protected].

We may request information necessary to verify your identity before responding to your request.

Please note that we can assist you with exercising your rights only where we act as the data controller of your personal data (for example, when we process your email address for account management or marketing communications).

If you interact with a website that uses our analytics Services, the website owner acts as the data controller for analytics data collected through that website. Any requests relating to such analytics data should be directed to the relevant website owner.

Where applicable, we will assist our Customers in responding to requests relating to analytics data in accordance with applicable data protection laws.

16. Children's Privacy

Our Services are not intended for individuals under 18 years of age.

17. Changes To This Policy

We reserve the right, at our sole discretion, to put into effect, modify or revise this Policy at any time by posting this Policy or revised Policy on this page. The Policy or any changes will become effective upon posting of the revised Policy. Depending on the significance of the changes to this Policy we will use reasonable efforts to inform you by posting a notice on the Website or by using other ways to notify you about the changes.

18. U.S. Privacy Rights Notice

Certain U.S. state privacy laws provide residents of those states with specific rights regarding their personal data.

At present, we process personal data only from a limited number of individuals in connection with the creation and administration of user accounts. Based on the scale and nature of our data processing activities, we currently do not meet the applicability thresholds established by all U.S. state privacy laws.

As a result, the rights and obligations provided under such laws may not apply to our processing activities at this time. Nevertheless, we aim to handle personal data in a manner consistent with widely recognized privacy and data protection principles.

If our business practices change in the future such that these laws become applicable, we will update this Privacy Policy accordingly.

19. Contact Information

If you have any questions about this Privacy Policy, please contact us:

  • Email: [email protected]
  • Address: Key Arg B.V., Hoge Bothofstraat 49, 7511 ZA Enschede, Overijssel, the Netherlands