Privacy Policy
Last updated: May 17, 2026 | Effective: May 17, 2026
SaaSStatsHub ("we", "us", "our", or "the Site") is operated from Singapore and accessible globally. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, who we share it with, and the rights you have over it.
By using this website, you agree to the practices described below. If you do not agree, please do not use the Site.
1. Who We Are
SaaSStatsHub publishes statistics, market data, and analysis about Software-as-a-Service products. The data controller for the purposes of GDPR, the data operator under Singapore's Personal Data Protection Act 2012 (PDPA), and the business under the California Consumer Privacy Act (CCPA / CPRA) is SaaSStatsHub, contactable at [email protected].
2. Information We Collect
2.1 Information you provide directly
- Email address - when you subscribe to our newsletter. Submission is voluntary and you can unsubscribe at any time using the link in every email.
- Correspondence - any message you send to our public mailboxes (
hello@,privacy@,corrections@,partners@,editor@) is retained for as long as needed to handle the request.
2.2 Information collected automatically
- Server & CDN logs - IP address, user agent, referrer, requested URL, response status, and timestamps. Logs are retained for up to 30 days for security and abuse prevention.
- Analytics events - page views, session duration, device category, approximate country (derived from IP), referrer source. Collected via Google Analytics 4 with IP anonymization enabled.
- Search queries - text typed into the on-site search box. Searches run entirely in your browser using Pagefind and are not sent to our servers.
2.3 Information we do not collect
- We do not require user accounts or logins.
- We do not sell, rent, or trade personal information.
- We do not knowingly collect data from children under 13 (see Section 9).
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area, United Kingdom, and Switzerland, we rely on the following lawful bases under Article 6 of the GDPR:
- Consent (Art. 6(1)(a)) - newsletter subscription, optional analytics cookies.
- Legitimate interests (Art. 6(1)(f)) - server logs for security, aggregated analytics for content improvement. You may object at any time.
- Legal obligation (Art. 6(1)(c)) - responding to lawful requests from authorities.
4. How We Use Information
- To deliver the newsletter you subscribed to.
- To understand which content is useful and improve it.
- To detect, prevent, and respond to fraud, abuse, or technical issues.
- To respond to your messages and corrections.
- To comply with applicable laws.
5. Cookies and Similar Technologies
We use a minimal set of cookies and tracking technologies. A complete list, including names, providers, purposes, and expiry, is maintained in our Cookie Policy. Where required by law (EEA / UK / California), non-essential cookies are loaded only after you grant consent via the on-site banner.
6. Advertising
We may display advertisements on the Site through Google AdSense or comparable advertising networks. These third-party services may use cookies, web beacons, and device identifiers to:
- Serve ads based on your prior visits to this site or other sites;
- Measure ad performance;
- Detect ad fraud.
Google's use of advertising cookies is governed by Google's advertising policy. You may opt out of personalized advertising at Google Ads Settings or via the Digital Advertising Alliance opt-out tool.
We do not provide advertising networks with personally identifying information (such as your email address).
7. Third-Party Services We Use
We share limited data with the following service providers (sub-processors) strictly to operate the Site:
- Cloudflare, Inc. (United States) - content delivery network, DDoS protection, and edge functions. Processes your IP address and request metadata. Privacy policy.
- Google LLC (United States) - Google Analytics 4 (with IP anonymization), and, when enabled, Google AdSense advertising. Privacy policy.
- MailerLite UAB (Lithuania, EU) - newsletter list management and email delivery. Receives the email address you submit and basic engagement metadata. Privacy policy.
- WordPress (Headless CMS at
cms.saasstatshub.com) - runs on a Tencent Cloud Singapore VPS managed by us. Stores published article content; does not collect visitor personal data directly.
We do not sell or rent personal information to anyone.
8. International Data Transfers
Because we use US-based providers (Cloudflare, Google) and an EU-based provider (MailerLite), personal data may be transferred outside your country of residence. Where transfers from the EEA, UK, or Switzerland occur, they are protected by:
- The European Commission's adequacy decisions, where applicable;
- Standard Contractual Clauses (SCCs) entered into with the relevant providers; and
- Supplementary measures such as encryption in transit (TLS 1.2+) and at rest.
9. Data Retention
- Server logs: up to 30 days, then deleted.
- Analytics data: Google Analytics 4 default retention of 14 months for user-level data.
- Newsletter email: retained until you unsubscribe; we keep a suppression record after unsubscribe to honor your request indefinitely.
- Correspondence: up to 24 months after the last interaction, unless legally required to keep longer.
10. Children's Privacy
The Site is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact [email protected] and we will delete it.
11. Your Rights
11.1 Rights for everyone
- Access the personal information we hold about you;
- Correct inaccurate information;
- Request deletion;
- Withdraw consent (where processing is based on consent);
- Lodge a complaint with a competent data protection authority.
11.2 Additional rights for EEA / UK / Swiss residents (GDPR)
- Restrict processing;
- Object to processing based on legitimate interests;
- Data portability - receive your data in a machine-readable format;
- Not be subject to decisions based solely on automated processing (we do not perform any).
11.3 Additional rights for California residents (CCPA / CPRA)
- Know what categories of personal information we collect and how we use it (this policy);
- Request deletion of personal information;
- Opt out of the "sale" or "sharing" of personal information - we do not sell or share for cross-context behavioral advertising in the CCPA sense, but you may direct us not to allow it;
- Limit use of sensitive personal information - we do not collect sensitive personal information;
- Non-discrimination for exercising your rights.
11.4 Singapore PDPA
Residents of Singapore may withdraw consent and request access or correction at any time by contacting [email protected]. We will respond within 30 days.
11.5 How to exercise your rights
Email [email protected] from the email address on file (if applicable). We may ask reasonable questions to verify your identity. We will respond within 30 days for GDPR/CCPA/PDPA requests, or sooner if required.
12. Do Not Track
Most browsers send a "Do Not Track" signal. There is no industry-standard interpretation of this signal. We treat the GPC (Global Privacy Control) signal as a valid opt-out for California residents under the CCPA.
13. Security
We protect data using HTTPS with TLS 1.2 or higher, HSTS preload-eligible configuration, Content Security Policy headers, encrypted secrets in our deployment platform, and least-privilege access. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but commit to industry-standard practices.
14. Changes to this Policy
We may update this policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be announced via a banner on the Site for at least 30 days.
15. Governing Law
This policy is governed by the laws of the Republic of Singapore, without regard to conflict-of-law principles. Disputes arising in connection with this policy will be resolved in the courts of Singapore, except where local mandatory law (e.g., GDPR, CCPA, PDPA) gives you the right to use your local courts or supervisory authorities.
16. Contact
Privacy questions:
[email protected]
General inquiries:
[email protected]