NuraStats collects no personal data, places no cookies, and never tracks your visitors across devices or websites. Full privacy compliance — built in, not bolted on.
Google Analytics is the most widely used analytics tool on the web — but that popularity comes at a significant privacy and compliance cost.
Google Analytics was not built with privacy in mind. It was built to power the world's largest advertising business. When you use it, you are not just measuring your website traffic — you are sharing your visitors' behaviour with Google, contributing to cross-site tracking profiles, and taking on substantial legal risk under GDPR, CCPA, and PECR.
GA4 relies on first-party cookies to track users across sessions. Under GDPR and PECR, this requires a cookie consent banner with a genuine opt-out option — adding friction to every page, reducing data accuracy, and creating an ongoing legal obligation to maintain your consent management platform.
Google Analytics collects IP addresses, device fingerprints, and persistent identifiers. Under GDPR, IP addresses are personal data. Even with IP anonymisation enabled, Google has still been ruled unlawful to use in several EU countries (Austria, France, Italy, Denmark, Finland) because data is transferred to US servers without adequate protection.
Data collected via Google Analytics flows into Google's broader advertising infrastructure. Your visitors' behaviour on your website contributes to the profiles used to target them with ads across the entire Google network — Search, YouTube, Gmail, and millions of third-party sites.
Google links visitor behaviour across all websites that use Google Analytics, not just yours. This is what powers Google's cross-device and remarketing capabilities — but it is also the root of the privacy harm that has led regulators across Europe to take enforcement action against GA users.
Your analytics data lives in Google's infrastructure under Google's terms. Google can change, restrict, or discontinue the service — as they did when they sunset Universal Analytics in 2023, deleting years of historical data. Your insights are rented, not owned.
These are not settings to configure or policies to read. They are architectural decisions baked into how NuraStats works.
NuraStats never collects, stores, or processes any information that can identify an individual visitor. We do not record IP addresses, user agents in full, or any persistent identifiers.
Your analytics data belongs to you — not to us, not to Google, not to any advertiser. We are the processor; you are the controller. Your data is never shared, sold, or used for any purpose beyond showing you your own stats.
NuraStats has no mechanism to link visits from a visitor's phone to their laptop, or their home network to their office. Each session is counted anonymously and independently — there is no cross-device identity graph.
NuraStats is fully isolated to your website. We do not link your visitors' behaviour on your site to their activity anywhere else on the web. There is no shared tracking network, no pixel syndication, and no retargeting infrastructure.
Privacy is not a setting you toggle — it is the result of deliberate technical choices made at every layer of the system.
The NuraStats tracking script never writes or reads any cookies — first-party or third-party. Because cookies are never set, there is legally nothing to consent to under PECR and the EU Cookie Directive. No consent banner is required, period.
To count unique visitors without cookies, NuraStats generates an anonymous hash each day using a combination of non-personal signals (a daily salt, the site domain, and a generalised browser signature). This hash resets every 24 hours and cannot be reversed to identify a person.
Raw IP addresses are never written to disk or stored in our database. An IP address may be used transiently during processing to derive a generalised country or region — and is immediately discarded. The IP address never appears in any log, record, or export.
Everything you see in your NuraStats dashboard is aggregated — pageview counts, visitor totals, referrer summaries. There is no individual session log, no user journey trace, and no per-visitor drill-down. The underlying data model does not support individual identification.
Your website analytics data is processed and stored within the European Union, ensuring compliance with GDPR's data transfer requirements without the need for Standard Contractual Clauses or adequacy decisions that apply to US-based services like Google Analytics.
Because NuraStats processes no personal data on your behalf, many legal experts agree that no Data Processing Agreement (DPA) is needed for standard use. We still provide one for customers who prefer it — available on request.
Three major privacy frameworks — and NuraStats is designed to satisfy all of them without any extra configuration on your part.
The EU's landmark privacy law applies to any website with visitors from the European Union. It requires a legal basis for processing personal data and mandates stringent protections for identifiable individuals. Because NuraStats collects no personal data, the regulation's most burdensome requirements simply do not apply to your use of NuraStats.
The CCPA gives California residents the right to know what personal information is collected about them, the right to delete it, and the right to opt out of its sale. NuraStats collects no personal information about visitors and sells nothing — so CCPA obligations are satisfied by the nature of the tool itself.
The UK's PECR specifically governs the use of cookies and similar tracking technologies. It requires informed consent before storing anything on a user's device. NuraStats stores nothing on the visitor's device — no cookies, no localStorage, no IndexedDB — so PECR consent requirements are entirely bypassed.
No consent banners. No cookie notices. No legal risk. Just clean, accurate data — and peace of mind.