ProductDrivers
Open Source
Self-Hosted

Privacy & Data Handling

How ProductDrivers processes analytics data (Open Source Software)

Last updated: November 8, 2025

This is Open Source Software

ProductDrivers is self-hosted, open-source software. This means:

  • You host it on your own infrastructure (Supabase, Vercel, etc.)
  • You control the data – All analytics data stays in YOUR database
  • You are responsible for GDPR compliance, data processing, and user privacy
  • No data sent to us – The software creators do not receive any data

Note: If you're using a hosted version provided by a third party, refer to their privacy policy instead.

1. What Data Does ProductDrivers Collect?

Analytics Events (via SDK)

When integrated into an application, ProductDrivers tracks:

  • User journey events (steps, feature usage, satisfaction scores)
  • Session identifiers (UUIDs generated by the SDK)
  • Timestamps of events
  • Custom metadata provided by the application developer

Important: The application developer chooses what to track. We recommend avoiding PII.

Optional User Identification

If the identify() method is used, user IDs and traits are stored. We strongly recommend using anonymous identifiers (e.g., hashed IDs, UUIDs) instead of emails or names.

Dashboard Users

The dashboard stores authentication data (email, encrypted passwords) managed by Supabase Auth in your own Supabase project.

2. PII Protection Features

ProductDrivers includes built-in tools to help you avoid collecting Personally Identifiable Information (PII):

1. blockPII Option (SDKs)

Enable this option in the SDK to automatically detect and block common PII patterns:

  • Email addresses
  • Phone numbers
  • Credit card numbers
  • Social security numbers
  • IP addresses (IPv4)
// JavaScript SDK
init({ 
  projectKey: 'YOUR_KEY',
  blockPII: true // Enable PII blocking
});

2. GDPR Tools (Dashboard)

The dashboard includes GDPR compliance tools:

  • Export: Export all data for a specific user
  • Anonymize: Replace user identifiers with anonymous IDs
  • Delete: Permanently delete all data for a user (Right to be Forgotten)

3. Your Responsibilities

As the self-hoster, you are responsible for:

  • 1.
    Compliance with privacy laws (GDPR, CCPA, etc.) in your jurisdiction
  • 2.
    Creating your own privacy policy for your users, explaining what data YOU collect and how YOU use it
  • 3.
    Obtaining user consent where required by law
  • 4.
    Securing your infrastructure (database, servers, API keys)
  • 5.
    Handling data subject requests (access, deletion, portability) using the provided tools
  • 6.
    Data retention policies – Define and implement your own retention rules

4. Recommended Best Practices

  • Use blockPII: true in all SDK integrations
  • Use anonymous user IDs (hashed emails, UUIDs) instead of real names/emails
  • Limit access to the dashboard – Only grant access to authorized team members
  • Enable database encryption in your Supabase/hosting provider settings
  • Implement domain restrictions (see project settings) to prevent unauthorized event submission
  • Regularly audit the data being collected via the Events tab
  • Document your data processing in your own privacy policy and Data Processing Agreement (DPA)

5. Data Security (Your Deployment)

Data security depends on your infrastructure choices:

  • Database: Supabase provides encryption at rest and in transit by default
  • API Keys: Project keys are public (write-only), but ensure your Supabase Row Level Security (RLS) policies are correctly configured
  • Dashboard: Protected by Supabase Auth with encrypted passwords
  • HTTPS: All communication should use HTTPS (enforced by Supabase/Vercel)

6. Third-Party Services (Typical Setup)

A typical ProductDrivers deployment uses:

Note: You can self-host on any infrastructure (AWS, GCP, your own servers, etc.)

7. Open Source License

ProductDrivers is licensed under the MIT License. You are free to:

  • Use the software for any purpose (commercial or non-commercial)
  • Modify and customize the code
  • Distribute modified versions

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND. The creators are not liable for how you use the software or any data breaches resulting from your deployment.

View on GitHub

8. Disclaimer & Liability

⚠️ IMPORTANT: "AS IS" WARRANTY DISCLAIMER

ProductDrivers is provided "AS IS" without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and non-infringement.

No Liability: In no event shall the authors or copyright holders be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the software or the use or other dealings in the software.

Your Responsibility: You are solely responsible for:

  • Properly configuring and securing your deployment
  • Ensuring compliance with applicable laws (GDPR, CCPA, etc.)
  • Managing user data and privacy in your jurisdiction
  • Testing the software thoroughly before production use
  • Maintaining backups and disaster recovery procedures

No Support Guarantee: While the open-source community may provide assistance, there is no guaranteed support, maintenance, or updates.

This software is licensed under the MIT License. See the LICENSE file for full terms.

9. Questions?

For questions about the software itself:

  • Issues/Bugs: Report on GitHub Issues
  • Privacy/Legal Questions: Consult your own legal counsel – We cannot provide legal advice

ProductDrivers is open-source software. This page explains what the software does, not a SaaS privacy policy.

If you're self-hosting, YOU are responsible for GDPR compliance and user privacy.