How data flows through our system, what we collect, how we process it, and the steps we've taken to protect your visitors' privacy.
Last updated September 6, 2025
We believe in radical transparency about how your data flows through our system. Unlike many analytics providers, we're going to walk you through exactly what happens when someone visits your website, from the moment our script loads to where that data ends up.
We've designed our system from the ground up to be privacy-first. We don't use cookies, we don't track people across websites, and we can't identify individual visitors. Here's how it all works.
When someone visits your website, our lightweight script (delivered via Cloudflare's global CDN) springs into action. It automatically sends us a pageview event with basic information about the visit.
The browser naturally sends us the visitor's IP address and User-Agent string (which tells us their browser and operating system). We also send the page URL they visited, where they came from (referrer), and your project token to know which website this visit belongs to.
By default, our script doesn't set cookies and sends anonymous pageview and event data. However, if you enable persist mode or use the identify function, the script will set cookies.
If a visitor has Global Privacy Control or Do Not Track enabled in their browser, our script won't send analytics events.
You can choose to send personal data through the identify function or custom event properties. Please read our GDPR policy for more information about when consent is required.
Beyond basic pageviews, our script can track these types of interactions:
| Event type | Description |
|---|---|
| Pageview | Automatically tracked when someone visits a page. |
| Identify | Identify events are sent typically when a user logs in and website owners want to connect their anonymous signature to a profile. |
| Outgoing | Outgoing events are tracked when someone clicks a link or button that leads to another website. |
| Custom | Custom events can be anything, for example button clicks or form submissions. |
| Heartbeat | Heartbeat events are periodically sent to help track page durations and session continuity. |
| Performance | Core Web Vitals (LCP, CLS, INP, FCP, TTFB) collected to help you understand your website's performance. |
Before we process any visitor data, every request goes through our security checks. We automatically detect and filter out bot traffic using industry-standard bot detection. This keeps your analytics clean and accurate.
We also implement rate limiting to prevent abuse. If an IP address makes too many requests in a short period, we temporarily block it. This is the only time we store IP addresses. These records automatically expire and are never used for anything beyond that.
Once a request passes these security checks, we process the visitor data.
To count unique visitors without cookies or persistent tracking, we create what we call an "anonymous signature" for each visitor.
Here's exactly how it works. We take the visitor's IP address, their User-Agent string, your project token, and each project's unique daily salt that rotates at midnight. We combine these into a string and run it through SHA-256 hashing, creating a completely anonymous identifier that looks something like "a7b2c9d4e5f6..."
Unless you have trillions of dollars, this hash is practically impossible to reverse back to the original IP address. Even if someone had our database, they couldn't figure out who visited your site. And because the salt changes daily, each anonymous visitor gets a completely different signature each day.
What happens to the IP address? We use it for one last thing. We look up the visitor's approximate location. Once we get the location data, we immediately discard the IP address. It's never stored anywhere.
Instead of storing precise coordinates like other analytics providers, we only store the city, region, country and geoname ID. When we do need coordinates, we derive the city center coordinates from this ID. This means two people on opposite sides of New York for example will both show up at the exact same coordinates. They both appear at the center of New York.
This provides an additional layer of privacy for your visitors.
After processing, your analytics data is stored in ClickHouse, a super-fast database designed for analytics.
We organize your data into four main buckets:
| Data type | What's stored |
|---|---|
| Events | Every pageview, click, and custom event with the anonymous signature, browser info, location data, and page details. Think of this as the raw activity log. |
| Sessions | Aggregated data about visitor sessions. This includes how long they stayed, how many pages they viewed, bounce rates, and other session metrics. This is computed from the events data. |
| Profiles | Anonymous visitor profiles that can optionally include personal information (name, email), if you happen to use our identify feature. |
| Performance | Core Web Vitals metrics (LCP, CLS, INP, FCP, TTFB) for each visitor's page visit. |
Most data is retained indefinitely while your account is active, except for performance metrics which are automatically deleted after one year.
Long-term retention is part of the product so you can understand how your website and business change over years. You can delete your project or account at any time to remove your analytics data from our servers.
Events aren't stored immediately. Instead, they're queued for background processing, which allows us to batch operations efficiently and apply additional privacy protections before anything hits the database.
We work with a small number of carefully chosen partners to deliver our service. Here's exactly who has access to what.
| Partner | What they do for us |
|---|---|
| Hetzner | European hosting company that provides the physical servers where your analytics data lives. They host our databases in Germany but never see or access your data. |
| Cloudflare | Delivers our tracking script via their global CDN, hosts our website and dashboard, and protects our API. Raw analytics data is sent directly to our EU servers and never passes through Cloudflare. |
| Resend | Sends you emails about your account, billing, and product updates. They don't have access to your analytics data. |
| Stripe | Handles payment processing and revenue tracking features. They only see payment-related data, not your website analytics. |
| Mapbox | Powers the maps in your realtime dashboard. They provide map tiles but don't see individual visitor data. |
We believe transparency builds trust. That's why we've walked you through exactly how your data flows through our system, what we collect, and how we protect your visitors' privacy.
Unlike many analytics providers, we don't have hidden data collection, we don't sell your data to third parties, and we don't use your website data for our own business purposes. Your data belongs to you.
We're committed to maintaining this level of transparency. If you have questions about how we handle data or want clarification on any part of this policy, we're here to help.