Privacy Overview

Clickport is designed so that privacy is built into the architecture, not bolted on as a configuration option. This page explains exactly how Clickport handles visitor data, what is collected, what is not, and how the system works without cookies or personal identifiers.

Cookie-free tracking

Clickport never sets cookies. Not "optional" cookies. Not "strictly necessary" cookies. Zero cookies, period. The tracker also never writes to localStorage for tracking purposes.

Sessions use sessionStorage to store only the session ID for the current browser tab. This value is automatically cleared when the tab closes. Under the ePrivacy Directive, storage that is strictly necessary for the service the user requested is explicitly exempt from consent requirements.

The practical result: no consent banner needed. No cookie management platform. No conversion loss from visitors declining consent or closing popups. Your visitors see your content immediately.

How visitor identification works

Clickport identifies visitors without cookies, fingerprinting, or any persistent identifier. Instead, it generates a user_id using a one-way hash of four inputs combined into a single string:

1. IP address (used only for this hash, then discarded)
2. User-Agent string (standard browser header)
3. Today's date (in the visitor's timezone)
4. A server-side salt (environment variable, never sent to the browser)

These four values are concatenated and hashed into a numeric ID. The daily date component means this hash produces a completely different ID for the same visitor every day. There is no way to link Monday's visitor to Tuesday's visitor, even with full access to the database.

Session lifetime

A session starts when a visitor opens a page and ends when they close the tab. There is no 30-minute inactivity timeout like Google Analytics. The session ID is stored in sessionStorage, which is scoped to a single browser tab and cleared on close. Each new tab starts a new session.

IP address handling

The visitor's IP address is used for exactly two purposes, then immediately discarded:

1. Geographic lookup: A local database (DB-IP) on the server maps the IP to a country, region, and city. No external API call is made. The lookup happens entirely in memory on the same server that received the request.
2. Hash generation: The IP is combined with the User-Agent, today's date, and a server-side salt to produce the daily rotating user_id described above.

After these two operations, the IP is gone. There is no ip_address column in the ClickHouse database schema. The stored user_id is a numeric hash that cannot be reversed to recover the original IP.

What Clickport collects

Clickport collects the data you need for meaningful analytics without ever touching personal information. Here is the full list of what is and is not stored.

Referrer privacy

Referrer URLs are stripped of all query parameters before storage. If a visitor arrives from https://google.com/search?q=my+health+condition, only https://google.com/search is stored. The search query is never recorded.

Tracking parameter stripping

Clickport automatically strips tracking parameters from page URLs before storing them. This includes UTM parameters (extracted separately for campaign attribution), Facebook Click IDs (fbclid), Google Click IDs (gclid), Microsoft Click IDs (msclkid), and other ad-tracking identifiers. The campaign data is preserved in dedicated UTM fields, but the raw click IDs that could be used for cross-site tracking are discarded.

No fingerprinting

Clickport never uses browser fingerprinting techniques. Device type, browser name, and operating system are determined solely from the standard User-Agent header that every browser sends with every request. There is no canvas rendering, WebGL probing, font enumeration, plugin detection, AudioContext analysis, or any other fingerprinting technique.

No personal data in the database

The ClickHouse database stores only aggregate-friendly data points. Here is what a session record looks like:

• session_id / user_id: randomly generated or daily-rotating numeric hashes. Not linked to any real person.
• hostname / entry_page / exit_page: your site's URLs.
• country_code / city_name: geographic location derived from IP at ingestion time. The IP itself is not stored.
• browser / operating_system / screen_size: parsed from the User-Agent string. Not unique enough to identify anyone.
• referrer / referrer_source / channel: where the visitor came from. Query params stripped.
• utm_source / utm_medium / utm_campaign: your marketing attribution tags.
• pageviews / duration / max_scroll_depth: behavioral metrics. Completely anonymous.

No field in the database can identify a specific person. You could publish the entire dataset and no visitor's identity would be compromised.

Privacy controls in the dashboard

Beyond the architectural privacy guarantees, Clickport provides several controls for site owners who want additional protection.

IP exclusion

You can exclude specific IP addresses from tracking in your site settings. This is typically used to filter out your own visits or your team's traffic. The excluded IP check happens at ingestion time, before any data is written to the database.

Self-exclusion via localStorage

The tracker checks for a clickport_ignore key in localStorage. If it is set to 'true', the tracker exits immediately without sending any data. This is useful for developers and site owners who want to exclude themselves without adding their IP.

Session deletion

Individual sessions can be viewed, flagged as bots, or deleted entirely from the Sessions panel in the dashboard. Deleting a session removes all associated events from the ClickHouse database.

Data storage and hosting

All visitor analytics data is stored on a Hetzner server in Germany. It never leaves the European Union. The database engine is ClickHouse, running on the same server as the API.

• Location: Hetzner, Germany (EU)
• Data retention: Unlimited. Your data is kept for as long as your account is active.
• Sub-processors that touch visitor data: None. Hetzner provides the server infrastructure, but no third-party service processes or accesses your visitor analytics data.
• Sub-processors for account management: Resend handles transactional email (password resets). Paddle handles payments. Neither service ever sees visitor analytics data.

How Clickport compares

Traditional analytics tools were built in an era before privacy regulations. Their architecture assumes cookies, persistent identifiers, and cross-site tracking. Retrofitting privacy onto these systems requires configuration, consent management, and legal documentation.

Clickport takes the opposite approach. Privacy constraints are baked into the data model itself. There is no configuration that could make Clickport collect personal data, because the system has no mechanism to do so.

Bot detection and privacy

Clickport uses multi-layered bot detection to prevent automated traffic from polluting your analytics. All detection methods are privacy-preserving:

• User-Agent pattern matching: Checks the UA string against 50+ known bot patterns (crawlers, SEO tools, AI bots, monitoring services). No personal data involved.
• Datacenter IP detection: Compares the visitor's IP against known datacenter IP ranges (AWS, GCP, Azure, etc.). The IP is used only for this check and the geo/hash operations described above. It is never stored.
• Spam referrer filtering: Matches referrer domains against a known spam domain list. Protects your analytics without examining personal data.
• Header analysis: Checks for missing browser headers that real browsers always send (Accept-Language, Sec-Fetch headers). No fingerprinting involved.

Blocked bot events are counted in aggregate statistics (the Bot Management panel) but no personal data about the blocked request is retained.

The tracker script

The Clickport tracker is approximately 2 KB in size (gzipped). It is open and readable. Here is what it does and does not do:

• Does: Send the current page URL, referrer, screen width, timezone, UTM parameters, and a session ID (from sessionStorage) to the Clickport API.
• Does: Track scroll depth and time-on-page using visibility-aware timers.
• Does: Detect outbound link clicks, form submissions, 404 pages, and text copying.
• Does not: Set any cookies.
• Does not: Write to localStorage (it only reads the clickport_ignore flag).
• Does not: Access canvas, WebGL, fonts, plugins, or any fingerprinting API.
• Does not: Send any personally identifiable information.
• Does not: Communicate with any third-party server. All data goes to your Clickport API endpoint.

Legal documentation

Clickport provides complete legal documentation for your compliance needs:

• Privacy Policy
• GDPR Compliance
• Data Processing Agreement (DPA)
• Terms of Service

For a detailed technical analysis of GDPR compliance, including the legal basis for processing, data subject rights, and the specific GDPR articles that apply, see the GDPR Compliance documentation page.