OrgDrift runs no remarketing pixels and no advertising trackers. We use Microsoft Clarity for session replay on our marketing pages only — never on a page that can display your data — and authenticated app surfaces use a session cookie to keep you logged in. The full breakdown is below.
Last updated: May 9, 2026
OrgDrift does not run Google Analytics, Segment, Mixpanel, Amplitude, Heap, FullStory, HubSpot, or Intercom on the marketing site. We do not use remarketing pixels from Google Ads, LinkedIn, Meta, Twitter, or any ad network. We do not sell or share visitor data with advertising networks.
We do load Microsoft Clarity on marketing pages — see “Microsoft Clarity (session replay)” below for what it captures and how to opt out. We also load Vercel Analytics and Speed Insights, which count page views and measure page-load performance in aggregate. Neither is loaded on the scan workspace or any other page that can display your data.
Vercel (our hosting provider) collects standard HTTP request logs as part of normal infrastructure operation. This is request metadata only — IP address, user agent, page path, timestamp — and does not involve cookies set on your browser.
When you sign in, OrgDrift sets a single session cookie so that your authenticated session persists between page loads. This cookie is essential to the operation of the application: without it, you would have to sign in on every navigation. It is not used for tracking, profiling, or advertising.
The cookie is HTTP-only, secure, and same-site. It expires when your session ends or after a defined idle period.
No session-replay script and no analytics script is loaded on the authenticated app. The Content-Security-Policy header served on these routes permits no third-party connections at all.
On our marketing pages we use Microsoft Clarity to record clicks, scrolls, and a reconstructed view of the rendered page so that we can fix UX defects we'd otherwise miss. Clarity sets first-party and third-party cookies on the clarity.ms domain to identify a session and stitch its events together.
Clarity is never loaded on a page that can display your data — not the scan workspace, not verification, findings, remediation, or governance. Not a masked version; none at all. Those routes are additionally wrapped in data-clarity-mask as a second line of defense, and their CSP forbids any connection to clarity.ms. View source on any of them and search for clarity: you will find nothing. CSV file contents are never transmitted to Microsoft.
Opt out. Block clarity.ms in any standard tracker-blocking extension (uBlock Origin, Privacy Badger, Ghostery, Brave shields), or email ken.lannon@orgdrift.com to be excluded from session replay. Clarity is also subject to Microsoft's Privacy Statement.
Stripe (used for paid checkout) sets cookies on its own domain when you interact with a Stripe-hosted checkout flow. These cookies are governed by Stripe's cookie policy and are not under OrgDrift's control.
Beyond Stripe and Clarity, no other third-party services that set cookies are integrated into OrgDrift today. If that changes, this page will be updated and the “Last updated” date at the top will reflect the change.
OrgDrift is a privacy-aware verification platform. Tracking visitors across the web isn't aligned with that posture, so we don't. The full data-handling standard lives on the Data Processing & Privacy page.
Questions? Email ken.lannon@orgdrift.com.