Not collecting any information would be silly and unrealistic for an analytics tool. We do collect information that is necessary to show you simple analytics, but unlike other analytics tools, we don’t collect more than absolutely necessary. Here is a list of what we do and don’t collect from your users.
We do NOT collect or store IP addresses
We drop the IP address from every single request. Period. We don’t save or collect them. We don’t hash them with cryptography.
Update: Nov 21, 2019. Just to be completely transparent: we found IPs in our logs when requests on our server were failing. We fixed this by filtering all log messages and replacing IPs with zeros using mmanon. From now on, all IPs (like
2606:4700:4700::1111) will become
0:0:0:0:0:0:0:0before they enter our logs.
We do collect and store whether visits are unique
We detect a unique visit based on the hostname of the referrer of the page. When a user comes from one domain to another, their browser shares the previous domain with the next. If the current page’s domain is the same as the one in the referrer, we know it’s a non-unique visit.
Read more on how we register unique page views.
We do collect and store timestamps
We use timestamps to generate the graphs you see on your dashboard, which allows you to analyze changes in your website’s performance over various lengths of time.
We do collect and store user agents for a maximum of 90 days
We detect and exclude bots and spiders based on the visitor’s User Agent. We don’t use User Agents for fingerprinting, only for counting operating systems, device sizes, and browsers in your dashboard. We don’t believe this data is useful for any other function, but we keep it in our logs (not database) for a maximum of 90 days. When an incoming request fails for some reason, we store the request body in our logs, which includes a User Agent. After 90 days, these logs are deleted.
Update: Jan 14, 2019. Previously, we didn't store the User Agents, but now we save failed requests to our logs, so we added this as a clarification to the paragraph above.
We partially collect and partially store URLs
Too much information in the URL can be confusing and can make your stats messy. We only collect and store the first part of the URL. If an URL looks like this
https://example.com/index.html?search=keyword#top we will only store
https://example.com/index.html, also known as the protocol (
https), hostname (
example.com), and pathname (
We do collect and partially store referrers
Referrers answer the question “Where did this visitor come from?”. We have two ways of checking the source of a user visiting your website.
- In most cases, browsers send the URL of the previous website as a referrer. We store the referrer the same as URLs (see above). You can find a list of the most popular referrers in your analytics dashboard.
- Website owners can add a URL parameter to links to their website, like
utm_source=.... This overrides the referrer sent from the user’s browser. Read more on using URL parameters.
We do collect and store device dimensions
Collecting the dimensions of a user’s browser window (
window.innerWidth) allows us to show you the most popular screen sizes. This is useful for making sure your website works great on all screens: phones, tablets, desktops, etc.
Do Not Track
By default we do NOT collect or store any data if a visitor has Do Not Track enabled
The Do Not Track browser setting asks a web application to disable either its own tracking or third-party tracking of an individual user. We never track your users anyway, but by default we also ignore visits with Do Not Track enabled and do not add them to your dashboard. Read more on how to disable this behavior.