Privacy by design
Cookieless analytics.
No banner required.
GhostlyX is a privacy-first analytics tool built without cookies, fingerprinting, or personal data storage. GDPR, UK GDPR, CCPA, and PECR compliance is not a configuration option. It is the default behaviour of the product.
Get started freeHow a pageview is processed
Visitor
A person loads a page on your site. Their browser sends a request.
Data received
IP truncated at edgeThe tracking script captures only what is needed. The IP last octet is stripped immediately on receipt, before any processing begins.
Processed in memory
GhostlyX processes the raw data in memory. Nothing is written to disk yet.
Stored in database
Only anonymous, aggregate-ready values are written to disk. No personal data.
No cookies set
Zero first-party or third-party cookies are written to the visitor's browser at any point.
No personal data stored
The last octet of every IP is stripped on arrival. The full IP address never exists anywhere in our system, not even briefly.
No fingerprinting
Canvas, fonts, screen size, WebGL, and all other fingerprinting vectors are never queried or stored.
A simplified view of how GhostlyX processes a single pageview. Personal data never reaches the database.
How GhostlyX delivers privacy-first analytics
Privacy by design means privacy is built into the system architecture, not added as a setting after the fact. GhostlyX never identifies returning visitors through cookies or device fingerprints. Instead, visitor uniqueness is determined using a daily-rotating, one-way hash derived from the IP address, user-agent string, and site identifier. This hash resets every 24 hours and cannot be reversed to identify any individual.
Raw IP addresses are used only to derive country-level geo data at the point of collection and are discarded immediately. Nothing is written to disk that could constitute personal data under GDPR or equivalent regulations. There is nothing to delete, nothing to export, and no data subject requests to fulfil for analytics data.
No cookies set
GhostlyX sets zero cookies on your visitors' browsers, first-party or third-party.
No fingerprinting
Canvas data, font lists, screen characteristics, WebGL output, and all other fingerprinting vectors are never collected.
No raw IP storage
IP addresses are used only to derive geo data at the point of collection and are never written to the database.
No cross-site tracking
Each site in GhostlyX is isolated. Visitor data from one site is never used to enrich another.
Daily-rotating uniqueness hash
The method used to count unique visitors resets every 24 hours and cannot be reversed to identify an individual.
GPC and DNT honoured
The Global Privacy Control and Do Not Track browser signals are read and respected. Visitors who set them are not tracked.
No cookie consent banner required
Because no personal data is collected and no cookies are set, GDPR and PECR do not require a consent banner for GhostlyX analytics.
Compliance coverage out of the box
GhostlyX satisfies the requirements of all major privacy regulations by default. No configuration, no legal review of analytics practices, and no consent management platform required.
GDPR
EU General Data Protection Regulation
No personal data is collected or stored. Analytics do not require a legal basis under Article 6 and no data processing agreement is needed.
UK GDPR
UK General Data Protection Regulation
The same cookieless, no-personal-data architecture satisfies UK GDPR requirements as they stand post-Brexit.
CCPA
California Consumer Privacy Act
GhostlyX does not sell or share personal information. GPC and DNT signals are honoured automatically at the tracking layer.
PECR
Privacy and Electronic Communications Regulations
No cookies are set and no device information is stored, so PECR consent requirements do not apply to GhostlyX analytics.
Frequently asked questions
Do I still need a cookie banner if I use GhostlyX?
No. GhostlyX sets no cookies and collects no personal data, so GDPR, UK GDPR, and PECR do not require a cookie consent banner for analytics. You may still need one for other tools on your site, but GhostlyX adds no such requirement.
How does GhostlyX identify unique visitors without cookies?
GhostlyX uses a daily-rotating, one-way hash derived from the IP address, user-agent string, and site identifier. This hash resets every 24 hours and cannot be reversed to identify an individual. Raw IP addresses are never stored.
Is GhostlyX GDPR compliant?
Yes. GhostlyX does not collect or store personal data, so analytics activity does not require a legal basis under GDPR Article 6. No data processing agreement is needed for the analytics data itself.
Does GhostlyX use device fingerprinting?
No. GhostlyX does not collect canvas data, font lists, screen characteristics, WebGL output, or any other fingerprinting vector. Visitor uniqueness is determined using a short-lived, non-reversible hash that resets daily.
How does GhostlyX handle the Global Privacy Control signal?
The GhostlyX tracking script reads the GPC browser header. If it is set, no analytics data is collected for that visitor. The Do Not Track header is honoured in the same way.
Can I use GhostlyX on a site visited by EU or UK users?
Yes. GhostlyX is cookieless and collects no personal data, which means it is suitable for sites with European audiences under both GDPR and UK GDPR without requiring any consent mechanism for analytics.
Analytics with nothing to hide
Start measuring your site with full confidence that your visitors' privacy is protected by default, not by configuration.