GDPR Compliance

Analytics is designed to be GDPR-compliant by default. The default tracking mode needs no cookie banner.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union that came into effect on May 25, 2018. It gives individuals control over their personal data and imposes strict requirements on organizations that process personal data.

How Analytics is GDPR Compliant

✓ No Personal Data Collection

Analytics does not collect any personally identifiable information (PII). We don't collect names, email addresses, IP addresses (only hashed) or any other personal data from your website visitors.

✓ Cookieless Tracking

The default tracking mode is cookieless. We use a privacy-friendly visitor identification method based on daily-rotated hashes of IP addresses and user agents. Optional cross-domain stitching can be enabled per site and uses only listed first-party domains.

✓ No Cross-Site Tracking

We never track users across unrelated websites. Each PureStats site is isolated, and optional cross-domain stitching only works for domains explicitly listed on the same site.

✓ IP Address Anonymization

IP addresses are never stored in raw form. We create a SHA-256 hash of IP + User Agent + Date with a daily-rotating salt. This makes it technically impossible to identify individual users.

✓ EU Data Storage

All data is stored on secure servers within the European Union, ensuring compliance with GDPR data transfer requirements.

✓ Data Ownership

You own 100% of your data. We never sell, share or use your analytics data for any purpose other than providing the service to you.

✓ Easy Data Export & Deletion

You can export or delete your data at any time from your dashboard, complying with GDPR's "right to access" and "right to erasure" requirements.

Legal Basis for Processing

Under GDPR Article 6, the legal basis for processing analytics data is:

Legitimate Interest (Article 6(1)(f))

Website owners have a legitimate interest in understanding their website traffic to improve their services. Since Analytics doesn't collect personal data and uses privacy-friendly methods, the processing is proportionate and doesn't override visitors' rights.

This means you can use Analytics without obtaining explicit consent from your website visitors, as long as you inform them about the analytics in your privacy policy.

Do You Need a Cookie Banner?

🎉

No Cookie Banner Required by Default!

Since the default Analytics tracking mode doesn't use cookies, you don't need a cookie consent banner for basic analytics tracking.

Under the ePrivacy Directive (Cookie Law), websites must obtain consent before storing or accessing information on a user's device. The default Analytics mode is cookieless, so this requirement usually doesn't apply to basic tracking.

However, you should still mention the use of Analytics in your privacy policy. If you enable optional cross-domain stitching, review your local consent requirements because it stores a short-lived first-party ID and may use a temporary linker parameter between your listed domains.

Data Subject Rights

GDPR gives individuals several rights regarding their personal data. Since Analytics doesn't collect personal data from website visitors, most of these rights don't apply:

ℹ️

Right to Access

Not applicable - we don't store personal data that could be linked to individual visitors.

ℹ️

Right to Rectification

Not applicable - no personal data is stored.

ℹ️

Right to Erasure

Not applicable - since visitor hashes rotate daily and can't be traced back to individuals, there's no personal data to erase.

ℹ️

Right to Object

Visitors can block our tracking script using browser extensions or privacy settings if they wish.

For website owners: You have full control over your analytics data and can exercise all GDPR rights from your dashboard.

Privacy Policy Template

We recommend adding this section to your website's privacy policy:

Analytics

We use Analytics, a privacy-friendly web analytics service, to understand how visitors use our website. Analytics is cookieless by default and does not collect personal data for basic traffic reporting.

The data collected includes:

Pages visited
Anonymized location data (country/city)
Device type and browser (anonymized)
Referrer source

All data is anonymized and cannot be used to identify individual visitors. For more information, see PureStats' GDPR Compliance.

Data Protection Officer

If you have questions about GDPR compliance or data protection, you can contact our Data Protection Officer:

Email:
Address: PureStats Data Protection Officer, Berlin, Germany

GDPR Compliance Comparison

Feature	PureStats	Google Analytics	Traditional Analytics
No Cookies by Default	Yes	No	No
No Personal Data	Yes	No	Varies
No Consent Required	Yes	No	No
EU Data Storage	Yes	No (US)	Varies
Data Ownership	You Own It	Google Owns It	Varies
IP Anonymization	Default	Optional	Varies

Start Using GDPR-Compliant Analytics

No cookie banners. No consent required. Just simple, privacy-friendly analytics.

Join Open Beta - FREE