Privacy Overview
Clickport is designed so that privacy is built into the architecture, not bolted on as a configuration option. This page explains exactly how Clickport handles visitor data, what is collected, what is not, and how the system works without cookies or personal identifiers.
Cookie-free tracking
Clickport never sets cookies. Not "optional" cookies. Not "strictly necessary" cookies. Zero cookies, period. The tracker also never writes to localStorage for tracking purposes.
Sessions use sessionStorage to store only the session ID for the current browser tab. This value is automatically cleared when the tab closes. Under the ePrivacy Directive, storage that is strictly necessary for the service the user requested is explicitly exempt from consent requirements.
The practical result: no consent banner needed. No cookie management platform. No conversion loss from visitors declining consent or closing popups. Your visitors see your content immediately.
sessionStorage under the key cp_sid. This ID is generated server-side on the first pageview and links subsequent events to the same session within the same tab. It cannot be used to track visitors across tabs, across sites, or across sessions.
How visitor identification works
Clickport identifies visitors without cookies, fingerprinting, or any persistent identifier. Instead, it generates a user_id using a one-way hash of four inputs combined into a single string:
- IP address (used only for this hash, then discarded)
- User-Agent string (standard browser header)
- Today's date (in the visitor's timezone)
- A server-side salt (environment variable, never sent to the browser)
These four values are concatenated and hashed into a numeric ID. The daily date component means this hash produces a completely different ID for the same visitor every day. There is no way to link Monday's visitor to Tuesday's visitor, even with full access to the database.
Session lifetime
A session starts when a visitor opens a page and ends when they close the tab. There is no 30-minute inactivity timeout like Google Analytics. The session ID is stored in sessionStorage, which is scoped to a single browser tab and cleared on close. Each new tab starts a new session.
IP address handling
The visitor's IP address is used for exactly two purposes, then immediately discarded:
- Geographic lookup: A local database (DB-IP) on the server maps the IP to a country, region, and city. No external API call is made. The lookup happens entirely in memory on the same server that received the request.
- Hash generation: The IP is combined with the User-Agent, today's date, and a server-side salt to produce the daily rotating
user_iddescribed above.
After these two operations, the IP is gone. There is no ip_address column in the ClickHouse database schema. The stored user_id is a numeric hash that cannot be reversed to recover the original IP.
In-memory, no external API call
New hash output every calendar day
session_id UInt64
user_id UInt64 -- hashed, rotates daily
country_code LowCardinality(String)
city_name LowCardinality(String)
ip_address -- this column does not exist
What Clickport collects
Clickport collects the data you need for meaningful analytics without ever touching personal information. Here is the full list of what is and is not stored.
Collected
Never collected
Referrer privacy
Referrer URLs are stripped of all query parameters before storage. If a visitor arrives from https://google.com/search?q=my+health+condition, only https://google.com/search is stored. The search query is never recorded.
Tracking parameter stripping
Clickport automatically strips tracking parameters from page URLs before storing them. This includes UTM parameters (extracted separately for campaign attribution), Facebook Click IDs (fbclid), Google Click IDs (gclid), Microsoft Click IDs (msclkid), and other ad-tracking identifiers. The campaign data is preserved in dedicated UTM fields, but the raw click IDs that could be used for cross-site tracking are discarded.
No fingerprinting
Clickport never uses browser fingerprinting techniques. Device type, browser name, and operating system are determined solely from the standard User-Agent header that every browser sends with every request. There is no canvas rendering, WebGL probing, font enumeration, plugin detection, AudioContext analysis, or any other fingerprinting technique.
No personal data in the database
The ClickHouse database stores only aggregate-friendly data points. Here is what a session record looks like:
- session_id / user_id: randomly generated or daily-rotating numeric hashes. Not linked to any real person.
- hostname / entry_page / exit_page: your site's URLs.
- country_code / city_name: geographic location derived from IP at ingestion time. The IP itself is not stored.
- browser / operating_system / screen_size: parsed from the User-Agent string. Not unique enough to identify anyone.
- referrer / referrer_source / channel: where the visitor came from. Query params stripped.
- utm_source / utm_medium / utm_campaign: your marketing attribution tags.
- pageviews / duration / max_scroll_depth: behavioral metrics. Completely anonymous.
No field in the database can identify a specific person. You could publish the entire dataset and no visitor's identity would be compromised.
Privacy controls in the dashboard
Beyond the architectural privacy guarantees, Clickport provides several controls for site owners who want additional protection.
Exclude my visits
The "Exclude my visits" toggle in your dashboard settings opens your site in a new tab and flips a local flag on that device. The Clickport tracker on your site checks this flag on every page load and exits before sending any event if it is set. The flag survives IP changes, so mobile networks and VPN switching do not re-enable tracking. Flip the toggle once per device and per site. See Exclude Your Visits.
Session deletion
Individual sessions can be viewed, flagged as bots, or deleted entirely from the Sessions panel in the dashboard. Deleting a session removes all associated events from the ClickHouse database.
Data storage and hosting
All visitor analytics data is stored on a Hetzner server in Germany. It never leaves the European Union. The database engine is ClickHouse, running on the same server as the API.
- Location: Hetzner, Germany (EU)
- Data retention: Unlimited. Your data is kept for as long as your account is active.
- Sub-processors that touch visitor data: None. Hetzner provides the server infrastructure, but no third-party service processes or accesses your visitor analytics data.
- Sub-processors for account management: Resend handles transactional email (password resets). Paddle handles payments. Neither service ever sees visitor analytics data.
How Clickport compares
Traditional analytics tools were built in an era before privacy regulations. Their architecture assumes cookies, persistent identifiers, and cross-site tracking. Retrofitting privacy onto these systems requires configuration, consent management, and legal documentation.
Clickport takes the opposite approach. Privacy constraints are baked into the data model itself. There is no configuration that could make Clickport collect personal data, because the system has no mechanism to do so.
| Clickport | Google Analytics | Matomo Cloud | |
|---|---|---|---|
| Cookie-free by default | ✓ | ✗ | ✗ |
| No consent banner needed | ✓ | ✗ | Optional |
| IP addresses never stored | ✓ | ✗ | Optional |
| No browser fingerprinting | ✓ | ✗ | ✓ |
| No cross-site tracking | ✓ | ✗ | ✓ |
| EU-hosted data | ✓ | ✗ | EU option |
| No data shared with third parties | ✓ | ✗ | ✓ |
| GDPR-compliant without configuration | ✓ | ✗ | Requires setup |
| Visitor data sub-processors | 0 | 5+ | Varies |
Bot detection and privacy
Clickport uses multi-layered bot detection to prevent automated traffic from polluting your analytics. All detection methods are privacy-preserving:
- User-Agent pattern matching: Checks the UA string against 50+ known bot patterns (crawlers, SEO tools, AI bots, monitoring services). No personal data involved.
- Datacenter IP detection: Compares the visitor's IP against known datacenter IP ranges (AWS, GCP, Azure, etc.). The IP is used only for this check and the geo/hash operations described above. It is never stored.
- Spam referrer filtering: Matches referrer domains against a known spam domain list. Protects your analytics without examining personal data.
- Header analysis: Checks for missing browser headers that real browsers always send (Accept-Language, Sec-Fetch headers). No fingerprinting involved.
Blocked bot events are counted in aggregate statistics (the Bot Management panel) but no personal data about the blocked request is retained.
The tracker script
The Clickport tracker is approximately 2 KB in size (gzipped). It is open and readable. Here is what it does and does not do:
- Does: Send the current page URL, referrer, screen width, timezone, UTM parameters, and a session ID (from sessionStorage) to the Clickport API.
- Does: Track scroll depth and time-on-page using visibility-aware timers.
- Does: Detect outbound link clicks, form submissions, 404 pages, and text copying.
- Does not: Set any cookies.
- Does not: Write to
localStorage(it only reads theclickport_ignoreflag). - Does not: Access canvas, WebGL, fonts, plugins, or any fingerprinting API.
- Does not: Send any personally identifiable information.
- Does not: Communicate with any third-party server. All data goes to your Clickport API endpoint.
https://clickport.io/tracker.js at any time. There are no external dependencies, no bundled third-party scripts, and no obfuscation.
Legal documentation
Clickport provides complete legal documentation for your compliance needs:
For a detailed technical analysis of GDPR compliance, including the legal basis for processing, data subject rights, and the specific GDPR articles that apply, see the GDPR Compliance documentation page.