Privacy and data protection are essential in today’s digital world. At Edgee, we take user privacy seriously, and have built strong safeguards to respect users’ consent and protect their data, while enabling our customers to fortify their legal position.

For users who have not provided consent, we use two key privacy protection methods:

  1. Data Anonymization

    • All user data is thoroughly anonymized before being sent to any external services
    • This ensures personal information remains private and secure

  2. User Identification Options

    • We offer multiple ways to identify users while respecting privacy
    • Our methods comply with major data protection regulations worldwide, including GDPR (EU), CCPA (California), LGPD (Brazil), PIPEDA (Canada), and more.
    • You can choose the approach that best fits your privacy requirements

For more detailed information about our privacy practices, you can read our Privacy Policy, Data Processing Agreement (DPA), or visit our Trust Center to learn about our security and operational guarantees.

To learn more about how Edgee handles user consent and integrates with Consent Management Platforms (CMPs), visit our Consent Management documentation.

Privacy protection safeguards

When a user has not given consent, Edgee ensures that no personally identifiable information (PII) is transmitted to any external services. This approach centers on two key aspects: Data anonymization and User Identification management.

Data Anonymization

The fundamental privacy issue with client-side technologies is the direct contact, via HTTPS connection, between the user’s device and third party servers.

These connections typically expose:

  • The user’s IP address
  • Device and browser characteristics
  • All cookies and other local storage data stored by the device
  • Other potentially identifying metadata

This information are accesssible to client-side technologies, whether or not the user has given consent. It can be used to re-identify users and track their browsing patterns across all sites using the same analytics tool.

Edgee’s Architecture: Network-Level Privacy

Edgee operates as a proxy at the edge, effectively breaking the direct connection between end users and third-party solutions. This architecture provides several key privacy benefits when a user hasn’t given consent:

  • IP Anonymization: The last byte of every user IP is truncated.
  • User data isolation: No direct connection is made between user devices and third-party services.
  • Referrer/UTM Filtering: Potentially identifying parameters are stripped from URLs.

User Identification Options

Edgee provides two distinct approaches for user identification, each designed to meet different privacy and compliance requirements:

1. Cookieless Identification

When no consent has been given, Edgee generates a temporary cookieless hash, avoiding any reliance on browser storage.

Go to your project > Settings > Cookieless

How It Works:

  • Hash derived from non-unique values: IP, user-agent, language, device traits, hostname.
  • Stored only in Edgee’s edge cache.
  • Valid for 24 hours.
  • Resets daily to prevent long-term tracking.

Why It’s Not Fingerprinting:

  • Not persistent or unique enough for reidentification
  • Limited validity
  • Does not build user profiles across sites

✅ Best for strict consent regimes (GDPR, German Datenschutzkonferenz (DSK)) and organizations prioritizing user anonymity.

Edgee provides a first-party cookie method that does not require user consent when used strictly for audience measurement. This follows guidance from the strictest data protection authorities:

  • GDPR, CNIL (France)
  • ICO (UK)
  • PIPEDA (Canada)
  • CCPA (California)
  • and more…

Cookie Characteristics:

  • Encrypted and readable only by Edgee
  • Contains: anonymous user ID, session info, basic device context
  • Automatically regenerated on each request

Privacy Assurances:

  • No cross-site tracking
  • No raw data shared with third parties
  • Data processed only within Edgee edge nodes
  • Outputs anonymized statistical data only

🧠 This solution is backed by a legal opinion from a prestigous law firm, confirming its alignment with GDPR and ePrivacy rules. Feel free to contact us to get a copy of the opinion.

Edgee’s encrypted first-party cookie may qualify for consent exemption under certain data protection frameworks, including the CNIL’s audience measurement exemption (France), the ICO’s “strictly necessary” cookie category (UK), and the service provider limitations under CCPA/CPRA (California), when all of the following conditions are met:

  • The cookie is used exclusively for first-party analytics
  • It does not enable any cross-site or cross-device tracking
  • It produces only aggregated, anonymized statistical outputs
  • It is never accessible to third parties outside the analytics function
  • It is fully controlled by Edgee, with no browser-side exposure

However, legal interpretations, enforcement practices, and regulatory thresholds may vary across jurisdictions and industries. We strongly encourage each customer to assess their specific legal obligations and risk posture, and to select the user identification mode, cookieless or cookie-based, that best aligns with their compliance strategy and consent requirements.