bearing

Privacy Policy

Last updated · June 2026

Bearing is a privacy-first web analytics tool operated by Sidecar (“we”, “us”). This policy explains what data we handle, both for people who hold a Bearing account and for visitors to websites that have installed the Bearing tracking script.

The short version

  • No cookies and no cross-site tracking for analytics.
  • We never store visitors’ IP addresses.
  • We don’t collect personal data about visitors, build advertising profiles, or sell data to anyone.
  • Analytics are aggregate and designed to comply with GDPR, ePrivacy, PECR, and CCPA without a cookie banner.

Visitors to sites that use Bearing

When you visit a website that uses Bearing, the script sends a small event to our servers. We use that to produce aggregate statistics for the website owner. For each event we may record:

  • The page URL and path, and the referring URL or source.
  • Browser, operating system, and device type (from the user agent).
  • Country, derived from your network connection at the edge.
  • UTM campaign parameters present in the URL, and screen width.
  • Any custom event properties the site owner chooses to send (the site owner is responsible for not sending personal data here).

To count unique visitors without cookies, we generate a one-way hash from a daily-rotating secret, the website domain, your IP address, and your user agent. The IP address is used only to compute this hash and is never written to storage. Because the secret rotates every day, the hash cannot be used to follow a visitor across days or across different websites.

Bearing account holders

  • Account details you provide: email address, a securely hashed password, and an optional name.
  • The websites you add and the aggregate analytics collected for them.
  • Billing details are handled by Stripe. We store your Stripe customer ID and subscription status only — never your card number.

Cookies

The Bearing tracking script sets no cookies and uses no other persistent browser storage to identify visitors. The Bearing app itself uses a single essential cookie to keep you signed in. We use no advertising or third-party tracking cookies.

Service providers

We share data only with the providers needed to run the service: Vercel (hosting and edge network), Neon (database), Stripe (payments), and Resend (transactional and report email). Each processes data on our behalf under their own terms.

Data retention

Aggregate analytics are retained while the associated site is active, subject to your plan. Account data is kept while your account is open. When you delete a site or close your account, the associated data is removed.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your data, and to object to certain processing. Because we do not store identifying information about site visitors, we usually cannot link analytics back to an individual. To exercise any right, contact us at the address below.

International transfers & children

Our providers process data in the United States and other regions. Bearing is not directed to children under 16, and we do not knowingly collect their data.

Changes

We may update this policy as the product evolves. Material changes will be reflected by the “last updated” date above.

Contact

Questions about privacy? Email [email protected].