Data Protection & GDPR

We cared about data privacy before it was required by EU law

When you use our service, you’re trusting us with your personal information. This isn’t news. That’s why data privacy and security have been built into SpeedCurve products and services long before now. This page is designed to give you visibility into how we collect, use, store, and delete data – not just for EU users, but for everyone.


The GDPR (General Data Protection Regulation) is a piece of legislation that’s designed to strengthen and unify data protection laws for all individuals within the European Union. It adds new requirements for how companies should protect personal data that they process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breach. The GDPR will be enforceable starting on 25 May 2018. 

We like the GDPR. That’s because we’re not just a SAAS company – we’re also a group of people who use the Internet every day. Like you, we want to know that the sites we visit have good reasons for collecting information about us, and we want to be confident that they’re safely storing our data and deleting it when it’s no longer necessary for them to have it.

SpeedCurve is committed to GDPR compliance across all our products and services. We are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and contracts.

What types of data are collected by RUM?

SpeedCurve RUM, our real user monitoring solution, collects data from real user traffic. RUM does not gather any personally identifiable information (PII) such as IP addresses, names, emails, or other metrics that could identify a user.


You can see all the RUM metrics we collect here.

RUM also doesn't do any ongoing user tracking. It tracks individual sessions, but if a user returns to the site later, that is a new, unique session.

Does SpeedCurve offer a Data Processing Agreement (DPA)?

We offer a Data Processing Addendum (DPA) to our customers operating in the EU. Our DPA offers contractual terms that meet GDPR requirements and reflect our data privacy and security commitments.

To ensure that no inconsistent or additional terms are imposed on us beyond those reflected in our DPA, we cannot agree to sign DPAs provided by our customers. As a small business without a staffed legal team, it is prohibitively expensive for us to review other DPAs or make customizations to our own.

If you are an EU-based customer of SpeedCurve and you are interested in establishing a DPA, please contact us at [email protected] with your company information and we will follow up in a timely manner.

Where can you learn more about SpeedCurve’s security and privacy efforts?

The legal terms and policies that apply to our website and customer services are available at