Privacy-first analytics
How Eurolytics stays cookie-free with no personal data stored — designed for privacy compliance by default.
How It Works
Privacy by architecture, not by policy
Eurolytics never sets cookies, never fingerprints browsers, and never stores IP addresses. Instead, we use a daily-rotating HMAC hash to count unique visitors without being able to identify or track any individual across days or sites.
visitor arrives → IP: 203.0.113.47
truncate IP → 203.0.113.47 → 203.0.113.0/24
geolocate → Berlin, DE // IP discarded after this step
hash visitor → HMAC(secret + site + ip/24 + device + today)
visitor_day → a7f3e2...
// midnight: secret rotates → a7f3e2... expires → unlinkable
Data Collection
What we collect — and what we don't
✓Collected
- Page URL (path only, no query strings)
- Referrer domain (not full URL)
- Device type, browser, operating system
- Country and city (from IP geolocation)
- UTM campaign parameters
- Custom events you define
×Never collected
- IP addresses (used for geolocation, then discarded)
- Raw User-Agent strings
- Cookies or persistent identifiers
- Fingerprinting data (canvas, WebGL, fonts)
- Full referrer URLs or query strings
- Any personally identifiable information
Compliance
Designed for privacy compliance by default
Because Eurolytics stores no personal data and sets no cookies, there is — to our knowledge — no need for cookie consent banners or consent management platforms when using Eurolytics. This makes it straightforward to stay compatible with GDPR, CCPA, PECR, and other privacy regulations.
We cannot guarantee your organisation's overall compliance — that depends on your complete technology stack. But on the Eurolytics side, there is simply no personal visitor data to worry about. Our privacy page is fully transparent about exactly what we collect, so you can review it and make your own assessment.
Data Residency
Strictly EU data — no exceptions
Every server, every database, every byte of analytics data stays in the European Union. Hosted on Hetzner in Germany — no US cloud providers, no transatlantic data transfers, no third-party sub-processors outside the EU. Your visitors' data never leaves EU borders.
Ingestion nodes
EU · Hetzner · Go + SQLite WAL
Analytics database
EU · Hetzner · ClickHouse
Dashboard & accounts
EU · Hetzner · PostgreSQL
Common questions
Are cookies used at all?
No. Eurolytics is entirely cookie-free in the tracking path. We use a privacy-preserving visitor ID (HMAC-based) that resets daily and never leaves the analytics pipeline. Because no cookies are set and no personal data is stored, there is no need for cookie consent banners when using Eurolytics.
What data is collected?
We collect: page URL, referrer domain, device type, browser, operating system, country/city (from IP geolocation), and any custom events you define. We explicitly do NOT collect: full IP addresses, raw User-Agent strings, full referrer URLs, or any personally identifiable information. All raw IPs and User-Agents are parsed and discarded immediately after geolocation and device classification.
How do you geolocate visitors without storing IPs?
We use MaxMind for IP geolocation. The IP address is used solely to look up geographic location (country/city), then discarded — it is never stored or linked to individual visitors. IP truncation (IPv4 /24, IPv6 /48) is applied before any processing to further protect privacy.
Does Eurolytics help with GDPR compliance?
Eurolytics stores no personal data in the tracking path — no cookies, no fingerprinting, no persistent identifiers. Visitor IDs rotate daily, and IP addresses are never stored. To our knowledge, this removes the need for cookie consent banners and makes Eurolytics compatible with GDPR, CCPA, and PECR by design. That said, we cannot guarantee your organisation's overall compliance — that depends on your complete technology stack. Our privacy page is fully transparent about exactly what data we collect, so you can verify for yourself and make your own assessment.
Can I use Eurolytics internationally?
Yes. Our servers are EU-based and the cookie-free, no-personal-data design means Eurolytics can be used internationally. Because no personal data is stored on the Eurolytics side, there is nothing that requires a consent management platform. Each organisation should review their own full stack to confirm compliance with local privacy laws.
