🔒 No cookies. No tracking.

Privacy-friendly analytics that just works.

Track pageviews and events without setting a single cookie, fingerprinting visitors, or storing personal data. GDPR and CCPA compliant out of the box.

Free forever for 10k events / month. No card.

Why most analytics tools aren’t actually private

Google Analytics, Mixpanel, Heap, and most other major analytics tools work by setting a persistent cookie on every visitor’s browser. That cookie identifies the same person across pages, sessions, and sites. It’s how they compute things like “returning users” or “30-day retention.”

The downside is everything privacy regulators care about: persistent identifiers, cross-site tracking, IP addresses stored alongside behavioral data, and a real obligation to show a cookie consent banner on every page. Plus the cookie banners themselves cost you 5–15% of your traffic in users who decline or bounce.

There’s a second, quieter cost: with free tools, you’re not the customer. GA4’s data feeds Google’s advertising models — your visitors pay with their profiles, and you pay in complexity, sampled reports, and a dashboard built for media buyers. Privacy focused analytics inverts the deal: you pay (or stay inside a free tier), the data stays yours, and the product is the product.

What actually makes analytics privacy-friendly

“Privacy friendly analytics” isn’t a regulated term — anyone can print it on a landing page. Before trusting the label, check the tool against five concrete criteria:

  • No cookies or device storage. Nothing written to the visitor’s browser — no cookies, no localStorage, no IndexedDB. The moment a tool stores an identifier on the device, the ePrivacy Directive applies and a consent banner comes with it.
  • No fingerprinting. Some “cookieless” tools quietly rebuild a persistent ID from canvas, fonts, and screen dimensions. Regulators treat that exactly like a cookie — and it’s worse for visitors, who can’t clear it.
  • No personal data stored. Raw IP addresses and full User-Agents should be discarded at the point of collection. If either lands in the database next to behavioral data, you’re storing personal data under GDPR whether you meant to or not.
  • No cross-site tracking. A visitor to your site should be invisible to every other site the tool measures. Google Analytics is free precisely because your visitors’ behavior feeds a cross-site advertising machine.
  • Your data stays yours. Aggregated stats about your traffic belong to you — exportable, deletable, never resold, never used to train ad models.

Gizmo passes all five. So do the honest tools in the comparison below. GA4 passes none of them — which is the whole reason this category exists.

How Gizmo does it instead

Our tracker doesn’t set cookies. It doesn’t use localStorage. It doesn’t fingerprint canvas, fonts, or hardware. We never store the visitor’s IP address.

To count distinct visitors for a single day’s metrics, we generate a per-day identifier by hashing the visitor’s IP address, User-Agent, the site domain, and a daily-rotating salt. Only 16 hex characters of that hash survive — never the IP, never the User-Agent. The salt rotates at midnight UTC, so the same visitor on Monday and Tuesday looks like two different visitors. Counting works. Tracking doesn’t.

🛠️ Under the hood
Visitor ID formula
visitor_id = sha256(daily_salt + utc_date + workspace_id + ip + user_agent).slice(0, 16)

Same approach as Plausible, Fathom, and Simple Analytics. Compliant with GDPR’s anonymization standards. Does not require a cookie banner under the EU ePrivacy Directive.

What you get

📊
Real metrics

Visitors, pageviews, bounce rate, average visit duration, top pages, top referrers, geo and device breakdowns. The numbers analytics products are supposed to give you.

🤖
AI-readable

Built-in MCP server. Connect Claude, Cursor, Codex, or any MCP-compatible assistant — your AI can install tracking, query stats, and tag sites for you.

🌐
Unlimited sites

Track 1 site or 100. We don’t charge per project, and no plan caps the number of sites.

🪄
Zero setup

Drop one script. Sites auto-create from the first event — no project IDs, no setup wizards.

Built on ClickHouse

Event storage runs on ClickHouse — the same column-oriented database powering analytics at Cloudflare, Uber, and eBay. Queries that take seconds elsewhere return in milliseconds.

How the privacy-first analytics field compares

Privacy focused analytics is a healthy, genuinely competitive category, and most of the tools in it are good. Here’s the fair one-liner on each — including the ones we compete with:

  • PlausibleOpen source, EU-hosted, from €9/month. The category leader on polish and docs; no free tier past the 30-day trial.
  • FathomHosted in Canada with EU isolation, from $15/month. Strong on simplicity and email reports; no self-hosting option, no free tier.
  • Simple AnalyticsDutch, EU-hosted, from €10/month. The strictest interpretation in the field — it can run without storing any visitor identifier at all.
  • UmamiOpen source and free if you self-host, meaning you run the server, database, updates, and backups yourself. The managed cloud version is paid.
  • MatomoThe veteran, self-hosted or cloud. Deep feature set, but it uses cookies by default — you have to configure cookieless mode yourself — and the interface shows its age.
  • GizmoCookieless like Plausible and Fathom, with two real differences: a free-forever tier (10k events/month, unlimited sites) and a built-in MCP server, so AI agents — Claude, Cursor, Codex — can install tracking, query stats, and manage goals for you.

Every tool on this list is a defensible pick. Roughly: self-hosters take Umami, strict-EU teams take Plausible or Simple Analytics, and anyone who works with AI coding agents — or wants a real free tier — takes Gizmo.

A note on pricing models, since “free” means two different things in this category. Self-hosted free (Umami, Matomo) costs you a server plus the time to maintain it. Hosted free (Gizmo) costs the vendor — which is why most hosted tools don’t offer it. Ours works because small sites are cheap to serve on ClickHouse, and some of them grow into paid plans.

What about regulatory compliance?

GDPR (EU)

No cookies, no PII, no cross-site identifiers. Anonymized visitor IDs that rotate daily satisfy GDPR’s data-minimization requirements. No cookie banner needed under the ePrivacy Directive.

CCPA (California)

We don’t sell personal information and we don’t collect anything CCPA classifies as personal. Visitors to customer sites have no opt-out to exercise because there’s nothing to opt out of.

UK DPA / PECR

Same as GDPR. Cookieless tracking is exempt from consent-banner requirements under Section 6 of PECR.

CNIL (France)

Cookieless analytics with anonymized identifiers fall under the “exempt” category in CNIL’s guidance. No banner required.

The pattern behind all four: consent banners aren’t triggered by doing analytics — they’re triggered by storing identifiers on the visitor’s device (ePrivacy) or processing personal data (GDPR). A tool that does neither has nothing to ask consent for. That’s not a loophole; it’s the design regulators have explicitly endorsed for audience measurement.

The honest caveat: this is engineering, not legal advice. If you handle sensitive data categories or operate in a heavily regulated industry, have counsel review your specific setup.

For specifics, see our privacy policy. For everything else, our contact form.

Who shouldn’t use privacy-first analytics

Privacy first analytics trades individual-level tracking for zero consent overhead. For most operators that’s a clear win. For some workflows it isn’t, and you should know before you switch:

  • Heavy paid acquisition with multi-touch attribution. If you spend real money on ads and need to credit a conversion to a click from three weeks ago on another device, you need persistent cross-session identity. Keep GA4 — with its consent banner — or a dedicated attribution platform for that job.
  • Remarketing and lookalike audiences. Retargeting lists require cross-site identifiers by definition. No privacy friendly analytics tool can feed Google Ads audiences, ours included.
  • Per-user product analytics. Tying events to authenticated user IDs — cohorts, retention curves, feature adoption per account — is PostHog or Mixpanel territory, not web analytics.
  • Session replay and heatmaps. Watching recordings of individual visits is person-level tracking by definition — no anonymous tool can offer it honestly. Hotjar or Microsoft Clarity, with a consent flow, is the route there.

Plenty of teams run both: a cookieless tool as the always-on, banner-free site analytics, plus GA4 scoped to paid campaigns where attribution genuinely pays for the consent friction.

What switching actually looks like

Less dramatic than you’d expect. Add the one-line script, watch data arrive in real time, and run it alongside GA4 for a week or two if you want to compare numbers. Expect the privacy friendly tool to report more visitors, not fewer — it counts the people who declined consent and the ones behind ad-blockers, both invisible to GA4.

When you trust the numbers, remove the GA4 tag — and, if analytics was the only thing requiring it, remove the cookie banner too. That last step is the visible payoff: a faster page, a cleaner first impression, and the 5–15% of visitors who used to bounce off a consent wall now actually seeing your site.

🎁 Free forever

Try privacy-friendly analytics
in two minutes.

10,000 events/month free, forever. Unlimited sites. Full MCP access. No card required.

FAQ

What is privacy friendly analytics?
Web analytics that measures traffic without identifying people. In practice that means no cookies or device storage, no fingerprinting, no personal data in the database, and no data shared with ad networks. You still get the numbers that matter — visitors, sources, top pages, conversions — but no individual can be picked out of the data, which is why no consent banner is required.
Do I still need a cookie consent banner?
Not for the analytics, if the tool is genuinely cookieless. Consent requirements under the ePrivacy Directive attach to storing identifiers on the visitor’s device — no cookie, no localStorage, nothing to consent to. France’s CNIL and the EDPB have both confirmed anonymized, cookieless measurement is consent-exempt. You may still need a banner for other things your site loads (ad pixels, embedded videos), but analytics stops being the reason.
Is privacy-friendly analytics less accurate than Google Analytics?
Usually more accurate, not less. GA4 only records visitors who click “accept” on the consent banner — often 60–70% of EU traffic — and loses more to ad-blockers, which target Google’s domains aggressively. A cookieless tool counts everyone. The trade-off is different: cookieless tools over-count returning visitors across days (Monday-you and Tuesday-you are two visitors), so “unique visitors” means unique-per-day rather than unique-per-month.
What’s the difference between privacy friendly analytics and GA4?
GA4 builds a persistent profile of each visitor with a cookie and follows them across sessions and devices — it’s built for ad attribution and requires consent in the EU. Privacy first analytics counts traffic anonymously: the same dashboard-level answers (how many people, from where, reading what), but no profiles and no consent needed. If your job is understanding your site, you lose nothing; if your job is optimizing ad spend across multi-week windows, GA4’s model is the point.
Which privacy focused analytics tool should I pick?
Any of the honest ones — Plausible, Fathom, Simple Analytics, Umami, Gizmo — beats consent-gated GA4 for site analytics. Choose by constraint: self-hosting → Umami; strictest EU data residency → Plausible or Simple Analytics; free tier plus AI-agent access via MCP → Gizmo. Avoid anything that claims “cookieless” but fingerprints the browser underneath — that’s the same tracking with worse optics.
Can I track conversions and campaigns without cookies?
Yes. Goals, custom events, conversion funnels, and UTM campaign attribution all work within a session, no cookie required. What doesn’t work is multi-touch attribution across weeks — crediting today’s purchase to an ad clicked three weeks ago needs a persistent identifier.
Is Gizmo really free?
Yes — 10,000 events per month, unlimited sites, full dashboard and MCP access, no card required, no trial cliff. That covers most small and mid-traffic sites. Paid plans exist only for higher event volume.

Keep reading