Data Policy
Last Updated December 22, 2024
TL;DR — We don't use cookies, we don't track people across websites, and we can't identify individual visitors. Privacy-first by design.
We believe in radical transparency about how your data flows through our system. Here's exactly what happens when someone visits your website.
Privacy-First Design
We've designed our system from the ground up to be privacy-first. Unlike many analytics providers, we're going to walk you through exactly what happens from the moment our script loads to where that data ends up.
Our Tracking Script
When someone visits your website, our lightweight script (delivered via Bunny.net's global CDN) springs into action. It automatically sends us a pageview event with basic information about the visit.
The browser naturally sends us the visitor's IP address and User-Agent string (which tells us their browser and operating system). We also send the page URL they visited, where they came from (referrer), and your project token to know which website this visit belongs to.
Our script doesn't set cookies and sends only anonymous pageview and event data. We never collect personal information or identify individual users.
Privacy Respect: If a visitor has Global Privacy Control or Do Not Track enabled in their browser, our script won't send analytics events.
Since we don't collect personal data, no consent is required. For more information, see our GDPR compliance guide.
Event Types
Beyond basic pageviews, our script can track these types of interactions:
| Event Type | Description |
|---|---|
| Pageview | Automatically tracked when someone visits a page. |
| Outgoing | Tracked when someone clicks a link or button that leads to another website. |
| Custom | Custom events can be anything, for example button clicks or form submissions. |
| Heartbeat | Periodically sent to help track page durations and session continuity. |
| Error | JavaScript errors and unhandled promise rejections tracked to help identify and fix technical issues. |
| Performance | Core Web Vitals (LCP, CLS, INP, FCP, TTFB) collected to help you understand your website's performance. |
Security and Protection
Before we process any visitor data, every request goes through our security checks. We automatically detect and filter out bot traffic using industry-standard bot detection. This keeps your analytics clean and accurate.
We also implement rate limiting to prevent abuse. If an IP address makes too many requests in a short period, we temporarily block it. This is the only time we store IP addresses. These records automatically expire and are never used for anything beyond that.
Note: Once a request passes these security checks, we process the visitor data.
What We Collect
To count unique visitors without cookies or persistent tracking, we create what we call an "anonymous signature" for each visitor.
How Anonymous Signatures Work
Here's exactly how it works. We take the visitor's IP address, their User-Agent string, your project token, and each project's unique daily salt that rotates at midnight. We combine these into a string and run it through SHA-256 hashing, creating a completely anonymous identifier that looks something like a7b2c9d4e5f6...
Unless you have trillions of dollars, this hash is practically impossible to reverse back to the original IP address. Even if someone had our database, they couldn't figure out who visited your site. And because the salt changes daily, each anonymous visitor gets a completely different signature each day.
IP Address Handling
What happens to the IP address? We use it for one last thing. We look up the visitor's approximate location. Once we get the location data, we immediately discard the IP address. It's never stored anywhere.
Instead of storing precise coordinates like other analytics providers, we only store the city, region, country, and geoname ID. When we do need coordinates, we derive the city center coordinates from this ID. This means two people on opposite sides of New York for example will both show up at the exact same coordinates. They both appear at the center of New York.
Privacy Layer: This provides an additional layer of privacy for your visitors.
Storage and Retention
After processing, your analytics data is stored in ClickHouse, a super-fast database designed for analytics.
Data Organization
We organize your data into four main buckets:
| Data Type | What's Stored |
|---|---|
| Events | Every pageview, click, and custom event with the anonymous signature, browser info, location data, and page details. Think of this as the raw activity log. |
| Sessions | Aggregated data about visitor sessions. This includes how long they stayed, how many pages they viewed, bounce rates, and other session metrics. This is computed from the events data. |
| Profiles | Anonymous visitor profiles built from aggregated events. These profiles contain only anonymous session data and never include personal information like names or emails. |
| Performance | Core Web Vitals metrics (LCP, CLS, INP, FCP, TTFB) for each visitor's page visit. |
Data Retention
Most data is retained indefinitely while your account is active, except for performance metrics which are automatically deleted after one year.
Long-term retention is part of the product so you can understand how your website and business change over years. You can delete your project or account at any time to remove your analytics data from our servers.
Background Processing: Events aren't stored immediately. Instead, they're queued for background processing, which allows us to batch operations efficiently and apply additional privacy protections before anything hits the database.
Subprocessors
We work with a small number of carefully chosen partners to deliver our service. Here's exactly who has access to what.
| Partner | What They Do for Us |
|---|---|
| Hetzner | European hosting company that provides the physical servers where your analytics data lives. They host our databases in Germany but never see or access your data. |
| Railway | Provides infrastructure for our API and backend services. They host our application servers but don't have access to raw analytics data. |
| Vercel | Hosts our dashboard application. They serve the frontend but analytics data is fetched directly from our EU servers. |
| Bunny.net | Delivers our tracking script via their global CDN. Raw analytics data is sent directly to our EU servers and never passes through their network. |
| Resend | Sends you emails about your account, billing, and product updates. They don't have access to your analytics data. |
| Stripe | Handles payment processing. They only see payment-related data, not your website analytics. |
Why You Can Trust Us
We believe transparency builds trust. That's why we've walked you through exactly how your data flows through our system, what we collect, and how we protect your visitors' privacy.
Unlike many analytics providers, we don't have hidden data collection, we don't sell your data to third parties, and we don't use your website data for our own business purposes. Your data belongs to you.
We're committed to maintaining this level of transparency. If you have questions about how we handle data or want clarification on any part of this policy, we're here to help.
Questions?
If you have any questions about this Data Policy or how we handle your data, please reach out:
We typically respond to inquiries within 24 hours.