Statalog collects no personal data, places no cookies, and never tracks your visitors across devices or sites. Full privacy compliance — built in, not bolted on.
Four principles that shape every design decision.
We do not read or write any cookies. Visitors are identified by an ephemeral hash derived from IP + user-agent + a daily-rotating salt. The hash is not reversible and resets every 24 hours.
Raw IPs are never saved to disk. We store country, region and (optionally) city — derived once and discarded. No names, no emails, no device IDs.
Each site is an isolated namespace. A visitor on site A is not recognised on site B — even on the same Statalog instance. No advertising network involvement.
Whether self-hosted or cloud, your analytics data is not combined with anyone else's, not used to train models, and not sold. Export it any time.
Whether you serve users in the EU, UK, California or elsewhere — Statalog is compliant by default.
The EU's General Data Protection Regulation. Because we process no personal data, Statalog sits outside the regulation's scope — no lawful basis required.
No sale of personal information, no data sharing with third-party advertisers, no targeted ads. Your California users are covered.
The UK's Privacy and Electronic Communications Regulations require explicit consent for non-essential cookies. We use none.
Ship your site without a consent banner. Your visitors get a faster, cleaner experience — you get accurate analytics.