Clickport Analytics is built for privacy from the ground up. No cookies, no personal data, no consent banner needed. All data is hosted on EU servers in Germany.
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy. It aims to give individuals control over their personal data and to simplify the regulatory environment.
Clickport Analytics is designed to be fully GDPR compliant without requiring any extra effort from you. We do not collect personal data, so the most restrictive parts of the GDPR simply do not apply.
The GDPR applies to the processing of personal data. Clickport does not collect, store, or process any personal data from your website visitors. Specifically:
All data we collect is aggregate and non-personal: page URLs, referrer sources, browser type, device type, and country. None of this can be used to identify an individual visitor.
Under GDPR and the ePrivacy Directive, consent banners are required when you store information on a user's device (cookies, localStorage) or process personal data.
Clickport does neither. We do not set any cookies. We use the browser's sessionStorage, which exists only within a single tab and is automatically cleared when the tab closes. The ePrivacy Directive explicitly exempts storage that is strictly necessary for providing a service the user has requested.
This means you can use Clickport on your website without displaying a cookie consent banner, without adding Clickport to your cookie management platform, and without obtaining prior consent from your visitors.
Many analytics tools use persistent cookies or fingerprinting to identify returning visitors. Clickport takes a different approach.
We generate a daily-rotating identifier by hashing the visitor's IP address, User-Agent, and a random salt. This hash changes every day based on your site's timezone. The raw IP address is never written to disk, and the salt rotates daily, making it impossible to:
This approach gives website owners useful aggregate metrics (unique visitor counts) while preserving individual privacy.
All Clickport data is stored on servers operated by Hetzner, a German company with data centers in Germany. Your analytics data never leaves the European Union.
This eliminates concerns about international data transfers for visitor analytics data. For account-related communications, we use Resend (USA), which is certified under the EU-US Data Privacy Framework.
Our sub-processors:
We do not use Google services, advertising networks, CDNs, or any other external services that process visitor data.
If you create a Clickport account, we collect your email address and a securely hashed password. Under the GDPR, you have the following rights regarding this data:
For data subject requests, contact us at privacy@clickport.io.
Because Clickport does not collect personal data from website visitors, GDPR data subject rights (access, rectification, erasure, portability) do not apply to visitor analytics data. There is no personal data to access, correct, or delete.
If a visitor contacts you with a data subject request regarding Clickport analytics, you can confidently respond that no personal data about them is stored or processed by Clickport.
If you need a Data Processing Agreement (DPA) for your records or to satisfy your own compliance requirements, we provide one. You can review and sign our DPA at clickport.io/dpa.
While a DPA is technically not required when no personal data is processed, we provide one for customers who want an extra layer of contractual assurance.
If you have questions about GDPR compliance or our privacy practices, contact us at privacy@clickport.io.
Last updated: February 11, 2026.