VeveeLegal · LIA template
Legal · LIA template

Legitimate Interest Assessment - Product Analytics via APL

Last updated: May 23, 2026

Template for Vevee Customers operating analytics processing under GDPR Art. 6(1)(f) - legitimate interest. Fill in your specifics, sign off internally, and keep the completed document on file for inspection by the supervisory authority. Recommended review cadence: annually.

Download as Markdown (.md) · Data Processing Agreement · Sub-processors

Not legal advice. The structure below is a working starting point; tailor each section to your concrete processing and have a qualified DPO or counsel sign off.

Header

  • Controller: [Your Company Name]
  • Processor: Vevee S.r.l. (“APL”)
  • Processing activity: Product analytics via APL Analytics surface in the default hybrid mode.
  • Date of assessment: [DATE]
  • Next review: [DATE + 12 months]
  • Signed off by: [Role / Name]

1. Purpose Test

What is the purpose of the processing? Analyse usage patterns of our product to identify usability issues, measure feature adoption, and optimise the user experience.

Is the purpose specific and clearly defined? Yes.

Is the purpose lawful? Yes - product improvement is a recognised legitimate business interest under Recital 47 GDPR.

Could the purpose be achieved without this processing? No. Manual user feedback alone is insufficient at scale; behavioural analytics is necessary to detect patterns invisible to individual reports.

2. Necessity Test

Is the processing necessary to achieve the purpose? Yes.

Could the same outcome be achieved with less-invasive means? Yes, in part: by running APL in hybrid mode (default), pre-login visitors are not individually tracked - only aggregate metrics are collected for unauthenticated traffic. For authenticated users, only events directly relevant to product analytics are captured; no sensitive inferences are made.

Is data minimisation applied? Yes:

  • Only events directly relevant to product usage are collected.
  • No fingerprinting, no cross-site tracking, no localStorage identifier in hybrid mode.
  • No special category data (Art. 9) is collected or inferred.
  • IP addresses are not stored: only country-level geolocation (ISO 3166-1 alpha-2) and a coarse device class (mobile/desktop/tablet) derived from headers are retained for anonymous events. The raw IP is hashed with a per-app daily salt that rotates every 24h, then discarded.

3. Balancing Test

Whose rights and freedoms are affected? Our end-users (the data subjects).

Reasonable expectations. Yes - product analytics is standard practice for SaaS applications and is disclosed in our privacy policy.

Impact on data subjects. Low. The processing does not result in decisions with significant effects, does not affect access to services, and does not influence pricing or treatment. The user experience is identical whether or not they are in the analytics dataset.

Vulnerability of data subjects. [Answer based on your user base.]

Safeguards in place.

  • Right to object via in-app toggle propagating to vevee.analytics.optOut().
  • Right to deletion via vevee.analytics.deletePerson() with worker-backed cascading erasure (target 7 days, max 30).
  • Right of access via vevee.analytics.exportPerson() (24h signed download URL).
  • Transparent privacy policy disclosure (see privacy-policy templates).
  • Pseudonymisation: only our internal user id is shared with APL - no email, name, or other directly identifying data unless explicitly set via $set profile properties (under our control).
  • Encryption in transit (TLS 1.3) and at rest.
  • Limited retention (24 months rolling for identified events; 12 months for anonymous events).
  • DPA in place with APL covering Art. 28 obligations.

Conclusion of balancing test. The legitimate interest in product improvement is not overridden by the rights and freedoms of data subjects, given the safeguards in place and the low-impact nature of the processing.

4. Outcome

  • [ ] Processing under legitimate interest is appropriate. Proceed.
  • [ ] Switch to a different legal basis.
  • [ ] Do not proceed with this processing.

Signed: ____________________________

Role: ____________________________

Date: ____________________________

Notes

  • This LIA covers the analytics surface only. The metering surface (track / reserve /commit) processes usage counters under performance of contract(Art. 6(1)(b)), not legitimate interest, so it doesn't require an LIA.
  • If you enable the anonymous→identified merge in hybrid mode, or switch to identified mode, that processing rests on consent(Art. 6(1)(a)) - not legitimate interest - and is out of this LIA's scope. You will need a cookie banner and the consent records APL writes to consent_audit_log automatically.