We cared about data privacy before it was required by EU law

When you use our service, you’re trusting us with your personal information. This isn’t news. That’s why data privacy and security have been built into SpeedCurve products and services long before now. This page is designed to give you visibility into how we collect, use, store, and delete data – not just for EU users, but for everyone.


The GDPR (General Data Protection Regulation) is a piece of legislation that’s designed to strengthen and unify data protection laws for all individuals within the European Union. It adds new requirements for how companies should protect personal data that they process. It also raises the stakes for compliance by increasing enforcement and imposing greater fines for breach. The GDPR will be enforceable starting on 25 May 2018. 

We like the GDPR. That’s because we’re not just a SAAS company – we’re also a group of people who use the Internet every day. Like you, we want to know that the sites we visit have good reasons for collecting information about us, and we want to be confident that they’re safely storing our data and deleting it when it’s no longer necessary for them to have it.

SpeedCurve is committed to GDPR compliance across all our products and services. We are also committed to helping our customers with their GDPR compliance journey by providing robust privacy and security protections built into our services and contracts.

What types of data are collected by LUX?

SpeedCurve LUX, our real user monitoring solution, collects data from real user traffic. LUX does not gather any personally identifiable information (PII) such as IP addresses, names, emails, or other metrics that could identify a user. You can see all the LUX metrics we collect here.

LUX also doesn't do any ongoing user tracking. It tracks individual sessions, but if a user returns to the site later, that is a new, unique session.

Does SpeedCurve offer a Data Processing Agreement (DPA)?

We offer a Data Processing Addendum (DPA) to our customers operating in the EU. Our DPA offers contractual terms that meet GDPR requirements and reflect our data privacy and security commitments.

To ensure that no inconsistent or additional terms are imposed on us beyond those reflected in our DPA, we cannot agree to sign DPAs provided by our customers. As a small business without a staffed legal team, it is prohibitively expensive for us to review other DPAs or make customizations to our own.

If you are an EU-based customer of SpeedCurve and you are interested in establishing a DPA, please contact us at support@speedcurve.com with your company information and we will follow up in a timely manner.

Where can you learn more about SpeedCurve’s security and privacy efforts?

The legal terms and policies that apply to our website and customer services are available at https://speedcurve.com/terms/

More information

If you have concerns or questions about GDPR compliance, feel free to contact us at support@speedcurve.com

Did this answer your question?