Why we went cookieless by default.
The problem with cookies.
For two decades, analytics meant dropping a cookie and following a person from page to page, day to day. It worked, but it carried baggage: consent banners, privacy law, and a script that kept getting heavier.
There is another way to answer the same questions. You can measure what pages do without recording who did them.
What changes
- No banner to maintain or explain.
- A lighter, faster page.
- Numbers you can still act on.
The best privacy feature is the data you never collect.
Under the hood, a visit is hashed with a daily rotating salt. The hash is enough to dedupe within a day and useless after it.
hash = sha256(ip + ua + site + dailySalt) // salt rotates at midnight UTC
What cookieless actually means.
It does not mean less data. It means the same counts, attributed the same way, without an identifier that follows a person around.
If you need cross-session identity, you can switch on cookie mode per site. The dashboard stays identical either way.
For most teams the default is the right call: simpler legally, lighter technically, and honest by construction.
How we count instead.
Every visit becomes an anonymous hash at the edge, deduped within the day, then dropped into a rollup so the dashboard stays fast.
The result is a chart that updates in near real time without ever storing who was behind a click.
One short email when we ship something good.
Product notes and the occasional teardown. No spam, unsubscribe in a click.