Data Transparency
BackNova PII-0 Architecture — What we collect, what we don't, and how to verify.
Zero Personally Identifiable Information
BackNova is designed from the ground up to make decisions without ever seeing, storing, or processing personal data. All identifying information is hashed client-side before transmission.
What We Collect
BackNova collects 35 behavioral and technical signals to evaluate lead quality. None of these are personally identifiable.
Behavioral Signals (15)
| Signal | Description | PII? |
|---|---|---|
time_on_site_sec | Seconds spent on page | ✓ No |
scroll_depth_pct | How far user scrolled (%) | ✓ No |
page_views | Number of pages viewed | ✓ No |
mouse_distance | Total mouse movement (px) | ✓ No |
clicks | Number of clicks | ✓ No |
rage_clicks | Frustration click patterns | ✓ No |
form_completion_sec | Time to fill form | ✓ No |
form_changes_count | Form field edits | ✓ No |
engaged | User engagement flag | ✓ No |
returning_visitor | Has visited before | ✓ No |
fast_scroll | Bot-like scroll pattern | ✓ No |
keystrokes | Keyboard activity count | ✓ No |
paste_events | Copy-paste usage | ✓ No |
tab_switches | Tab focus changes | ✓ No |
touch_events | Mobile touch count | ✓ No |
Technical Signals (10)
| Signal | Description | PII? |
|---|---|---|
user_agent | Browser identification string | ✓ No |
browser | Browser name (Chrome, Firefox) | ✓ No |
device_type | desktop / mobile / tablet | ✓ No |
screen_resolution | Screen size (1920x1080) | ✓ No |
viewport_size | Browser window size | ✓ No |
language | Browser language (en-US) | ✓ No |
timezone | Timezone (Europe/London) | ✓ No |
platform | OS (Windows, macOS) | ✓ No |
cookies_enabled | Cookie support flag | ✓ No |
do_not_track | DNT header status | ✓ No |
Traffic Source Signals (7)
| Signal | Description | PII? |
|---|---|---|
utm_source | Traffic source (google, facebook) | ✓ No |
utm_medium | Traffic medium (cpc, email) | ✓ No |
utm_campaign | Campaign name | ✓ No |
utm_term | Search keyword | ✓ No |
utm_content | Ad content variant | ✓ No |
referrer | Previous page URL | ✓ No |
url | Current page URL | ✓ No |
Hashed Identifiers (3)
| Signal | Description | PII? |
|---|---|---|
session_id | Random session identifier | ✓ No |
browser_fingerprint | SHA-256 hash of browser config | ✓ No |
fingerprint_email | SHA-256 hash of email | ✓ No* |
* Email is hashed client-side using SHA-256 before transmission. The plain text email never leaves the browser.
What We NEVER Collect
| ✗ Plain text email addresses |
| ✗ Plain text phone numbers |
| ✗ Names (first, last, full) |
| ✗ Physical addresses |
| ✗ Credit card or payment information |
| ✗ Social security numbers |
| ✗ Government IDs |
| ✗ Passwords or credentials |
| ✗ Any other personally identifiable information |
How We Protect Data
1. Client-Side Hashing
When an email or phone is provided, it's hashed using SHA-256 in the browser before being sent to our servers. We never see the original value.
2. Built-in PII Validator
Our SDK includes a PII-0 validator that scans all data before transmission. If any potential PII is detected, it's automatically blocked.
3. Open Source SDK
Our SDK source code is publicly available. You can inspect exactly what data is collected and how it's processed.
View SDK Source Code →Verify Yourself
Open your browser's Developer Tools (F12) → Network tab → Filter by "backnova" or "decision" to see exactly what data is being sent.
Real-time Data Inspector
If you have BackNova SDK installed, run this in your browser console:
This will show you exactly what data is collected and confirm PII-0 compliance.
Compliance
- GDPR: No personal data processing — no consent required for analytics
- CCPA: No sale of personal information — behavioral data only
- ePrivacy: Essential for service operation — legitimate interest basis
Third-Party Audits
We welcome independent security audits of our SDK and infrastructure. Contact us on Telegram @backnova for audit requests.