GDPR and cookieless tracking

How XPmetric tracks visitors without cookies, consent banners, or cross-site identifiers on your site.

XPmetric is designed so your site's visitors don't need cookie banners for analytics. This page explains how tracking works on sites you instrument with p.js.

For XPmetric's own legal terms, see the Privacy Policy.

No cookies on your tracked site

The p.js tracking script:

  • Sets no cookies on your domain
  • Uses no cross-site identifiers
  • Does not fingerprint across websites

Visitor identity on your site is a hashed fingerprint derived from browser signals. The hash rotates daily so XPmetric cannot build long-term individual profiles.

No raw IP storage

IP addresses are used only for country/city geolocation at ingest time and are not stored in analytics tables.

What you collect as site owner

Per pageview, XPmetric stores:

  • Page URL and path
  • Referrer and UTM parameters
  • Device type, browser, OS
  • Country and city (from geoip)
  • Custom events you explicitly fire

You are the data controller for your visitors' analytics. XPmetric processes this data on your behalf as a processor — see our Privacy Policy and Terms.

GDPR rights

Your visitors can exercise rights through you as the site owner. XPmetric account holders can export or delete their own account data from Settings.

For XPmetric analytics alone — no. You may still need consent for other tools (ads, embedded widgets, other analytics). XPmetric replaces GA4 without adding consent friction for analytics.