Committed to Privacy & Security

We are fully committed to providing features that help you be compliant with GDPR by taking a privacy by design approach. As well as partnering with the best in class security providers to keep all your data safe.



Fully compliant with GDPR & CCPA privacy acts



Your data is safe, secure, and always available​


Enabled compliance

Lawful basis and transparency

As part of our compliance to GDPR, we enter into Data Processing Agreements (DPAs) with all our customers. The DPA, a binding agreement signed between the controller and the processor when the latter processes data from the controller, details the standard contractual terms required under the GDPR.

Accountability and Governance

Air360 has appointed a Data Protection Officer to monitor GDPR compliance, assess data protection risks, advise on data protection impact assessments, and cooperate with regulators.


Air360 Privacy Rights

Privacy by default

Air360 automatically disallows the capture of any sensitive or personal data that a user enters in an input field of your web store.

Right to erasure

GDPR requires you to be able to delete a given user and all its related data. Air360 offers a function that will allow you to delete a specific user and related sessions with just a single click.

Restrict specific data acquisition

Air360 enables you to go further by also hiding explicitly parts of your pages from being recorded during session replays.

Right of access & data portability

You can retrieve specific user details simply by going through our application or using our API.

Secure data handling & protection

Limit Access to your data

Air360 follows strict data security regulations to ensure that we secure and limit access to your data.


Air360 Security Measures

Monitoring of our Tracking pixel

Constantly conducted to detect any malicious modification and ensure its delivery, integrity and safety.

State-of-the-art encryption

Used in all Air360 products for data in transit and at rest.

Multi-Factor Authentication (MFA)

Required for all our users to access to Air360 application adding an extra layer of security and keeping your accounts safe.

Third-party security audits

Conducted regularly and before major releases, including penetration tests and vulnerability scans.

Security best practices

Reviewed by third party companies regularly when important updates are performed on our systems.

Customer data processed & stored in the EU

Air360 core systems are hosted on OVHcloud and Amazon Web Services (AWS) servers located in France and Ireland and leverage all the security and compliance provided by OVHcloud/AWS: ISO (9001, 27001, 27017, and 27018), SOC 1, 2, and 3, PCI DSS.


Once Air360 pixel is installed on your website when a new visitor lands on it, Air360 will generate a random unique identifier and it will be stored in a cookie. All the data collected by default is considered anonymous data as there is no information that can relate to an identified user (e.g. tracks all pages users visited, all mouse movements, clicks, scrolls.

Air360 tracks a user when they land on your site and that’s when a cookie is retrieved or created. By default, Air360 will track every single interaction your users have on your site. Then the data is processed and available in Air360 application.

We automatically track every single interaction your users may have on your site.

  • Clicks
  • Scrolling
  • Mouse over
  • Pageview

There is only one exception. We will never record what the user types in any text area of your website or app. This is for a very simple reason: We can never know how this information is.

We also collect information from users’ browsers as:

  • Browser language
  • Platform
  • Device
  • Operating system
  • IP address (*)

(*) IP address is only used to retrieve user’s geolocation, but it is not stored in our database.

Air360 tracks users using first-party analytics cookies, with an expiration of no more than six months.

Air360 does not collect any personal or sensitive data by default. The data that we collect by default can become personal data when you connect with our APIs to push user identifiers or user property data.

One of the questions we often get at Air360 is about how the Air360 pixel could possibly slow down your website. The short answer is no.

Long answer: The Air360 tracking pixel is loaded asynchronously and at the end of the closing </body> tag. That means that our script is technically unable to block your website from loading correctly. In addition to that, the Air360 tracking pixel is hosted on a CDN (Cache Delivery Network), which makes the loading latency extremely low. Thanks to our CDN, the JS usually loads under 30 ms. Air360 Javascript also has a very low memory footprint using less than 20KB (gzipped) of bandwidth. This is much smaller than most scripts. It is also much, much smaller than even a tiny low-resolution image. All these measures ensure that Air360 tracking pixel will never slow down user experience when your users navigate your website. In addition to all the measures mentioned above, we continue to monitor & optimize the performance of the Air360 pixel.


Air360 production data is hosted in OVHcloud, France. Air360 backup data is hosted in Amazon Web Services (AWS) facilities in Dublin, Ireland.