What's new

You can now import your full analytics history into GhostlyX. If you are migrating from another platform or just want your historical data in one place, the Data Import feature lets you bring years of pageview data with you. Supported sources include Google Analytics 4, Universal Analytics (GA3), Plausible, Fathom, Matomo, Simple Analytics, and any generic CSV file with date and path columns. Imports are additive, so your existing data is never overwritten. Every import is automatically processed through our privacy sanitisation pipeline before anything is written to your dashboard. Query strings are stripped from page paths (UTM parameters are preserved), referrer query strings are removed, and known PII-carrying parameters such as email, user_id, token, and session are filtered out. The raw CSV file is permanently deleted from our storage as soon as the import job completes. Data Import is available on the Scale plan. Site owners and admins can access it from the toolbar on any site dashboard. Progress is tracked live so you can watch rows being imported in real time.

Business and Scale plan users can now fully white-label their shared dashboards. Upload your own logo and set a custom brand name to replace GhostlyX branding on any dashboard you share with clients or teammates. You can also hide the "Powered by GhostlyX" badge entirely for a completely unbranded experience. On top of visual branding, you can now serve shared dashboards from your own subdomain. Add a CNAME record pointing to origin.ghostlyx.com, enter the domain in your White-label settings, and click Verify. GhostlyX registers the domain with our network automatically and provisions SSL through Cloudflare, so your clients only ever see your domain in the address bar. All white-label settings are available under Settings, then White-label.

We have opened a community Discord server for GhostlyX users. The server is a place to ask questions, share feedback, report issues, and talk to other developers and teams who care about privacy-first analytics. We will also use it to share early previews of features before they land in the changelog. Customers on a paid plan automatically receive the Support role, which gives access to a private channel where you can chat directly with the GhostlyX team. Join at https://discord.gg/ghostlyx. We look forward to seeing you there.

Several areas of the dashboard now update in real time without requiring a page refresh. Import progress is now streamed live as your data is processed, so you can see row counts and status change as the job runs rather than waiting for a full reload. The heartbeat page now reflects uptime status changes the moment a monitor transitions, giving you an accurate picture without relying on the 60-second polling interval. Session recordings appear in the list as soon as they are assembled from incoming event chunks, so you no longer need to refresh to see new replays. Experiment conversion counts update automatically when a new conversion is attributed to a variant, keeping results current while a test is running.

We have launched a formal bug bounty program. If you find a security vulnerability in GhostlyX, we want to hear about it, and we want to make it worth your while. Rewards are tiered by severity. Critical and high-severity vulnerabilities that qualify earn a lifetime GhostlyX Scale plan, completely free, with no expiry. That is full access to session replay, heatmaps, unlimited sites, and every feature we ship in the future. On top of that, you will receive exclusive GhostlyX swag and a personal thank-you from the team. Medium-severity findings earn GhostlyX branded merchandise and a limited-edition sticker pack. Low-severity and informational reports earn a place in the GhostlyX security hall of fame and public acknowledgement. The program covers the GhostlyX web application, the public REST API, the JavaScript tracking script, and our authentication systems. Out of scope includes social engineering, denial of service, and raw automated scanner output without a demonstrated exploitable impact. To report a vulnerability, email [email protected] with the subject line "Bug Bounty Report". Include a description of the issue, reproduction steps, and any proof-of-concept material. We aim to acknowledge all reports within 48 hours and will keep you updated throughout the process. Full program details, scope, severity definitions, rules of engagement, and the security hall of fame are all on the bug bounty page. A security.txt file is also available at /.well-known/security.txt. We are grateful to every researcher who takes the time to report responsibly. Security is not an afterthought at GhostlyX, and this program is our commitment to making that concrete.