Privacy Policy

Simplytics is built so that we know as little as possible about the people who visit the websites we track. This page explains exactly what we collect and what happens to it.

Visitors of websites that use Simplytics

• No cookies. Our tracking script sets no cookies and stores nothing in your browser.
• What is sent: the page you viewed, the referring site, and a timestamp.
• Coarse location and device stats: at the network edge we read a two-letter country code provided by Cloudflare and derive a device class (desktop, mobile, tablet) and browser family from the user-agent. Only daily aggregate counts are stored — the user-agent and IP address themselves are never saved.
• How visitors are counted: we compute an anonymous hash from a truncated IP address (last part removed), the browser's user-agent, and the website's domain, salted with a value that changes every day. The same person cannot be recognised across days, across websites, or identified at all.
• Raw data is deleted nightly. Individual visit records are only needed to count unique visitors within a day. They are deleted automatically every night after aggregation — only anonymous daily totals (views, visitors, sessions) are kept. Page-journey records used for funnels keep no visitor identifier after the day ends and are deleted after 90 days.

Simplytics account holders

• Account data: your email address (via Google or GitHub sign-in) and your subscription status.
• Login cookie: simplytics.dev itself uses one HttpOnly session cookie so you can stay signed in. This is the only cookie we use, and only on our own site.
• Payments are processed by Dodo Payments. We never see or store card details.
• Deletion: you can delete your account and every byte of its data yourself at any time from the Account page. This also cancels any subscription.

Where data is stored

All analytics data lives in a Cloudflare D1 database whose primary storage is located in the European Union (Warsaw, Poland). Pages are delivered through Cloudflare's global network.

GDPR

For visitor data, the website owner using Simplytics is the data controller and Simplytics acts as a processor. Because no personal data is stored — identifiers are anonymised, rotated daily, and raw records deleted nightly — no consent banner is required on tracked websites. For account data, Simplytics is the controller.

Contact

Questions about privacy or data requests: nikhil@simplytics.dev