Privacy First
No cookies, no consent banners.
One script tag. Zero cookies.
Clickport never sets cookies or uses localStorage for tracking. Sessions are determined server-side, not from anything in the browser. The small numeric marker the tracker writes to sessionStorage auto-clears on tab close and isn't used by the server. The ePrivacy Directive explicitly exempts storage that is strictly necessary for the requested service.
No consent banner means no CMP cost, no conversion rate hit from cookie popups, and no legal grey areas. Your visitors see your content, not a wall of checkboxes.
- Zero cookies set. Not "optional cookies" or "strictly necessary cookies." Zero.
- No consent management platform needed. Save the monthly fee.
- No conversion loss from visitors declining cookies or closing banners
<script defer src="https://clickport.io/tracker.js" data-domain="your-site.com"></script>
Privacy without compromise.
Google Analytics requires cookies, consent banners, and sends data to US servers. Matomo can be configured for cookieless tracking, but it takes effort and still collects IP addresses by default.
Clickport is private from the first request. No configuration, no trade-offs, no fine print. For the broader category, see our complete guide to privacy-friendly analytics.
| Clickport | Google Analytics | Matomo | |
|---|---|---|---|
| Cookie-free by default | ✓ | ✗ | ✗ |
| No consent banner needed | ✓ | ✗ | Optional |
| EU-hosted data | ✓ | ✗ | Cloud only |
| No personal data collected | ✓ | ✗ | ✗ |
| IP addresses not stored | ✓ | ✗ | Optional |
| No cross-site tracking | ✓ | ✗ | ✓ |
| No data shared with third parties | ✓ | ✗ | ✓ |
| GDPR-compliant without config | ✓ | ✗ | Requires setup |
| No fingerprinting | ✓ | ✗ | ✓ |
| Hostname allow-list (tracker theft defense) | ✓ | ✗ | ✗ |
| Script size | 2 KB | 45 KB+ | 22 KB |
| Data retention | Unlimited | 14 months | Varies |
| Sub-processors (visitor data) | 0 | 5+ | Varies |
Your visitors' IPs never touch our database.
The IP address is used for exactly two things: a country/city lookup via a local MaxMind database (no external API call), and a one-way hash combined with a daily rotating salt to generate a visitor ID.
After those two operations, the IP is discarded. There is no IP column in the database schema. The daily rotating salt means the same visitor gets a different ID each day. After 48 hours, even we can't reproduce the ID. It is impossible to track individuals across days or reverse the hash.
No external API call
New salt every day at midnight
session_id String
user_id UInt64 -- hashed, rotates daily
country LowCardinality(String)
city String
ip_address -- does not exist
Hetzner, Germany. Your data stays in the EU.
Your analytics data is stored on a Hetzner server in Germany. It never leaves the EU. No Schrems II concerns, no Standard Contractual Clauses needed for US data transfers, no US sub-processors touching visitor data.
Sub-processors that touch customer data only: Resend for transactional email (password resets) and Paddle for payments. Neither ever sees your visitor analytics data.
Full analytics. Zero personal data.
Clickport collects everything you need for actionable analytics: page URLs, referrers, UTM parameters, country and city (from IP, then discarded), device type, browser, OS, scroll depth, time on page, clicks, and form submissions.
What we never collect: IP addresses, names, emails, phone numbers, form contents, fingerprints, or cross-site identifiers. You get the data you need to improve your site. Your visitors keep their privacy.
We collect
We never collect
Nothing to hide. Everything to prove.
Device info from User-Agent only
No canvas, WebGL, font, plugin, or audio fingerprinting. Device type, browser, and OS come from standard User-Agent parsing. Nothing that could uniquely identify a visitor.
Read the full legal details
Our privacy policy, GDPR compliance page, data processing agreement, and terms of service are all public. No legalese walls, no hidden clauses. See exactly what we do and what we don't.
Explore more features