ClearView

Security & Privacy

How ClearView protects your data and respects visitor privacy

ClearView is built with security and privacy at its core. This page explains how we collect, process, store, and protect data — both yours and your website visitors'.

What ClearView Collects

ClearView collects data through two mechanisms, each with different privacy characteristics:

Tracking Script (Direct Collection)

The JavaScript snippet on your website collects behavioral data about page visits. This data is collected directly from the visitor's browser.

  • Page URL and referrer
  • Timestamp of each visit
  • First-party session and visitor cookies
  • Browser user agent and screen size
  • Geographic location (city-level, from IP)
  • UTM campaign parameters

The script does not collect form inputs, keystrokes, mouse movements, scroll depth, or any data from third-party cookies.

Identity Resolution (Indirect)

ClearView resolves visitor identity by matching IP addresses and hashed signals against licensed professional databases and identity graphs.

  • Company name, domain, and firmographics (via IP mapping)
  • Contact name, email, phone, job title (via identity graph)
  • LinkedIn URL and work history
  • Seniority and department

This data comes from licensed, opt-in professional data sources — not from intercepting visitor activity on your website.

Infrastructure & Encryption

Encryption in transit

All data transmitted between your website, the ClearView dashboard, and our API is encrypted using TLS 1.2+ (HTTPS). The tracking script, API endpoints, and dashboard are all served over HTTPS with no fallback to HTTP.

Encryption at rest

All data stored in ClearView's databases is encrypted at rest using AES-256. This includes company records, contact data, visitor activity, API keys, and webhook secrets.

Cloud infrastructure

ClearView is hosted on industry-standard cloud infrastructure with automated backups, redundant storage, and DDoS protection. Database backups are encrypted and retained for 30 days.

API key security

API keys are hashed before storage — we cannot retrieve your full key after creation. Keys can be rotated or revoked instantly from the dashboard. Each key is scoped to a specific permission level (read or write).

Webhook signatures

All outgoing webhooks are signed with HMAC-SHA256 using your unique signing secret. This allows you to verify that webhook payloads originated from ClearView and were not tampered with in transit.

Privacy Practices

First-party cookies only

The ClearView tracking script uses only first-party cookies set on your domain. No third-party cookies, no cross-site tracking, and no browser fingerprinting. This makes ClearView compatible with browsers that block third-party cookies (Safari, Firefox, Brave).

Visitor opt-out

ClearView provides a built-in opt-out mechanism. When a visitor opts out (via your consent banner or the window.clearview('optout') API), all tracking stops immediately and no further data is collected for that visitor. See the Tracking Script docs for implementation details.

Do Not Track support

You can configure the tracking script to respect the browser's Do Not Track (DNT) setting by adding the data-respect-dnt="true" attribute. When enabled, visitors with DNT active will not be tracked.

IP address handling

Visitor IP addresses are used during the identification process to resolve company identity. Raw IP addresses are not stored long-term in your account data. After resolution, only the resulting company and location data are retained.

Data minimization

ClearView collects only the data necessary for visitor identification and engagement scoring. We do not collect or process data beyond what is described in this document.

Data Retention & Deletion

Data TypeRetention PeriodDeletion
Page view events12 months from event dateAutomatically purged after retention period
Company recordsActive as long as account is activeDeleted 30 days after account cancellation
Contact recordsActive as long as account is activeIndividual contacts can be deleted at any time from the dashboard
Export files24 hours after generationAutomatically deleted after expiration
Account data after cancellation30 days after cancellationPermanently deleted after 30-day grace period

To request deletion of specific contact records, navigate to the contact in your dashboard and click the delete button. To request full account data deletion before the 30-day grace period, contact privacy@democlearview.com.

Compliance

GDPR

ClearView processes data in accordance with GDPR requirements. Company identification via IP mapping is conducted under the legitimate interest legal basis. Person-level identification uses data from licensed sources that have obtained appropriate consent. You can delete individual contact records at any time to honor data subject access requests (DSARs).

CCPA

ClearView supports California Consumer Privacy Act requirements. Contact records include an opt-out flag, and opted-out contacts are excluded from exports when the excludeOptedOut filter is enabled. Consumers can request data deletion through your organization, which can be fulfilled by deleting the contact record in ClearView.

CAN-SPAM

Outreach emails sent through ClearView include automatic unsubscribe links and honor opt-out requests immediately. Contact records that have opted out are flagged and excluded from future outreach drafts.

Security Questions?

If you have security questions or need to complete a vendor security questionnaire, contact our team at security@democlearview.com. We are happy to provide additional details about our security practices and infrastructure.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@democlearview.com. We take all reports seriously and will respond within 48 hours.