GDPR and cookieless tracking
How XPmetric tracks visitors without cookies, consent banners, or cross-site identifiers on your site.
XPmetric is designed so your site's visitors don't need cookie banners for analytics. This page explains how tracking works on sites you instrument with p.js.
For XPmetric's own legal terms, see the Privacy Policy.
No cookies on your tracked site
The p.js tracking script:
- Sets no cookies on your domain
- Uses no cross-site identifiers
- Does not fingerprint across websites
Visitor identity on your site is a hashed fingerprint derived from browser signals. The hash rotates daily so XPmetric cannot build long-term individual profiles.
No raw IP storage
IP addresses are used only for country/city geolocation at ingest time and are not stored in analytics tables.
What you collect as site owner
Per pageview, XPmetric stores:
- Page URL and path
- Referrer and UTM parameters
- Device type, browser, OS
- Country and city (from geoip)
- Custom events you explicitly fire
You are the data controller for your visitors' analytics. XPmetric processes this data on your behalf as a processor — see our Privacy Policy and Terms.
GDPR rights
Your visitors can exercise rights through you as the site owner. XPmetric account holders can export or delete their own account data from Settings.
Do I need a cookie banner?
For XPmetric analytics alone — no. You may still need consent for other tools (ads, embedded widgets, other analytics). XPmetric replaces GA4 without adding consent friction for analytics.
Related
- Get started — install the tracker
- Privacy Policy — legal terms for XPmetric the service