Legitimate Interest Assessment - Product Analytics via APL
Last updated: May 23, 2026
Template for Vevee Customers operating analytics processing under GDPR Art. 6(1)(f) - legitimate interest. Fill in your specifics, sign off internally, and keep the completed document on file for inspection by the supervisory authority. Recommended review cadence: annually.
Download as Markdown (.md) · Data Processing Agreement · Sub-processors
Not legal advice. The structure below is a working starting point; tailor each section to your concrete processing and have a qualified DPO or counsel sign off.
Header
- Controller: [Your Company Name]
- Processor: Vevee S.r.l. (“APL”)
- Processing activity: Product analytics via APL Analytics surface in the default
hybridmode. - Date of assessment: [DATE]
- Next review: [DATE + 12 months]
- Signed off by: [Role / Name]
1. Purpose Test
What is the purpose of the processing? Analyse usage patterns of our product to identify usability issues, measure feature adoption, and optimise the user experience.
Is the purpose specific and clearly defined? Yes.
Is the purpose lawful? Yes - product improvement is a recognised legitimate business interest under Recital 47 GDPR.
Could the purpose be achieved without this processing? No. Manual user feedback alone is insufficient at scale; behavioural analytics is necessary to detect patterns invisible to individual reports.
2. Necessity Test
Is the processing necessary to achieve the purpose? Yes.
Could the same outcome be achieved with less-invasive means? Yes, in part: by running APL in hybrid mode (default), pre-login visitors are not individually tracked - only aggregate metrics are collected for unauthenticated traffic. For authenticated users, only events directly relevant to product analytics are captured; no sensitive inferences are made.
Is data minimisation applied? Yes:
- Only events directly relevant to product usage are collected.
- No fingerprinting, no cross-site tracking, no
localStorageidentifier inhybridmode. - No special category data (Art. 9) is collected or inferred.
- IP addresses are not stored: only country-level geolocation (ISO 3166-1 alpha-2) and a coarse device class (mobile/desktop/tablet) derived from headers are retained for anonymous events. The raw IP is hashed with a per-app daily salt that rotates every 24h, then discarded.
3. Balancing Test
Whose rights and freedoms are affected? Our end-users (the data subjects).
Reasonable expectations. Yes - product analytics is standard practice for SaaS applications and is disclosed in our privacy policy.
Impact on data subjects. Low. The processing does not result in decisions with significant effects, does not affect access to services, and does not influence pricing or treatment. The user experience is identical whether or not they are in the analytics dataset.
Vulnerability of data subjects. [Answer based on your user base.]
Safeguards in place.
- Right to object via in-app toggle propagating to
vevee.analytics.optOut(). - Right to deletion via
vevee.analytics.deletePerson()with worker-backed cascading erasure (target 7 days, max 30). - Right of access via
vevee.analytics.exportPerson()(24h signed download URL). - Transparent privacy policy disclosure (see privacy-policy templates).
- Pseudonymisation: only our internal user id is shared with APL - no email, name, or other directly identifying data unless explicitly set via
$setprofile properties (under our control). - Encryption in transit (TLS 1.3) and at rest.
- Limited retention (24 months rolling for identified events; 12 months for anonymous events).
- DPA in place with APL covering Art. 28 obligations.
Conclusion of balancing test. The legitimate interest in product improvement is not overridden by the rights and freedoms of data subjects, given the safeguards in place and the low-impact nature of the processing.
4. Outcome
- [ ] Processing under legitimate interest is appropriate. Proceed.
- [ ] Switch to a different legal basis.
- [ ] Do not proceed with this processing.
Signed: ____________________________
Role: ____________________________
Date: ____________________________
Notes
- This LIA covers the analytics surface only. The metering surface (
track/reserve/commit) processes usage counters under performance of contract(Art. 6(1)(b)), not legitimate interest, so it doesn't require an LIA. - If you enable the anonymous→identified merge in
hybridmode, or switch toidentifiedmode, that processing rests on consent(Art. 6(1)(a)) - not legitimate interest - and is out of this LIA's scope. You will need a cookie banner and the consent records APL writes toconsent_audit_logautomatically.