Privacy policy.

Last updated: May 2026

The short version.

Wiley is built to be privacy-first. We don't use cookies. We don't collect personal data. We don't track visitors across sites. We don't sell data. The tracking script does the minimum necessary to coach website owners — nothing more.

What the tracking script collects.

When a visitor loads a page with the Wiley script, we record:

  • The page URL and referrer
  • UTM parameters if present
  • Scroll depth and time on page
  • Outbound link clicks
  • Goal events you've tagged
  • Viewport size (mobile/tablet/desktop)
  • Country (derived from IP address — IP is not stored)
  • A daily anonymous fingerprint (see below)

We do not collect: names, email addresses, IP addresses (beyond country derivation), device identifiers, or any other personally identifiable information.

The anonymous fingerprint.

To distinguish unique visitors without cookies or personal data, Wiley generates a daily fingerprint — a hashed combination of signals like browser type and screen size, salted with the current date. This fingerprint resets every 24 hours and cannot be reversed to identify an individual. It's used only to count unique visitors within a day.

No cookies.

The Wiley tracking script sets no cookies — first-party or third-party. This means no cookie consent banner is required for Wiley's tracking under GDPR, ePrivacy Directive, or CCPA for most use cases. You should still consult your own legal counsel about your specific situation.

Data storage.

All event data is stored in Cloudflare's infrastructure. Data is associated with a site ID, never with a visitor identity. Wiley account holders can delete their site data at any time from the dashboard.

Public crawl data.

Wiley periodically crawls the public pages of sites enrolled in the service. This crawl behaves like any standard web crawler — it only accesses pages that are publicly available and respects robots.txt. No authentication is used and no private data is accessed.

Do Not Track.

The Wiley script respects the Do Not Track browser setting. If a visitor has DNT enabled, no events are recorded for that visitor.

Account data.

When you create a Wiley account, we store your email address, your site domain, and your stated goal. We use your email to send the daily Nudge and transactional emails (password reset, etc.). We don't send marketing email. We don't share your email with third parties.

You may also provide additional context — notes about your site, goals, or feedback on nudges. This is stored and used to improve the relevance of your nudges.

Content you create.

If you use Just Me (Wiley's page and blog publishing feature), we store the content you write — page blocks, blog posts, and layout settings. This content is associated with your account and stored in Cloudflare's infrastructure. You can delete it at any time. We do not collect data about readers of your published pages.

Google Analytics import (Pro).

Wiley Pro users can optionally upload a Google Analytics export to give Wiley historical context when generating nudges. Uploaded data is aggregated page-level traffic data — no individual visitor information is included in or extracted from these imports. The data is stored in your account, used only to inform your nudges, and can be deleted at any time from the Data page in your dashboard.

Third-party services.

Wiley uses the following third-party services:

  • Cloudflare — infrastructure, Workers, and D1 database
  • Resend — transactional email delivery
  • Stripe — payment processing (we never see or store card details)
  • Anthropic (Claude) — AI-powered nudge generation. Anonymized, aggregated site data is sent to generate nudges — this includes traffic metrics, crawl data, context notes you've provided, and imported analytics summaries. No personally identifiable visitor information is sent.

Contact.

Questions about privacy? wiley@fromwiley.com