Privacy policy

The privacy of your data — and it is your data, not ours! — is a big deal to us. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights to your data. We promise we never sell your data: never have, never will.

What we collect and why

Our guiding principle is to collect only what we need. Here’s what that means in practice:

Identity & access

When you sign up for No Cookie Analytics, we typically ask for identifying information such as your email address. That’s just so you can personalize your new account, and we can send you invoices, updates, or other essential information. We’ll never sell your personal info to third parties, and we won’t use your name or company in marketing statements without your permission either.


We do not store any Personally Identifiable Information (PII) about any of the tracking data collected from your visitors except for the bare minimum to provide service and prevent abuse. We store a fingerprint matching each tracked user based on their IP address and User-Agent, in combination with a per-domain salt that is recycled every 24 hours. This means that any tracking data cannot be cross-referenced with any of our other customers or websites we service.

Billing information

We never store or have access to your payment information. Payments always go through our payment processor Stripe.

Cookies and Do Not Track

We do not use cookies.

At this time, our sites and applications do not respond to Do Not Track beacons sent by browser plugins.

Voluntary correspondence

When you write to us with a question or to ask for help, we keep that correspondence, including the email address, so that we have a history of past correspondences to reference if you reach out in the future.

Information we do not collect

We don’t collect any characteristics of protected classifications including age, race, gender, religion, sexual orientation, gender identity, gender expression, or physical and mental abilities or disabilities. You may provide these data voluntarily, such as if you include a pronoun preference in your email signature when writing to us.

Business relationships

Our only business relationship is with you. We have no relationship with any big tech platforms like Facebook or Google.

When we access or share your information

As a principle, we never share your information with third parties. We do use some third-party services to run our applications, specifically the hosting provider, DigitalOcean.

We are a Dutch company, operating under Dutch law. Consequently, Dutch law applies to the use of our service. We will only be forced to share data if there’s a necessary warrant, criminal subpoena, or court order requiring we share data. And we’ll always notify you if that happens.

If we are audited by a tax authority, we may be required to share billing-related information. If that happens, we only share the bare minimum needed such as billing addresses and tax exemption information.

How we secure your data

All data is encrypted via SSL/TLS when transmitted from our servers to your browser or vice-versa.

What happens when you delete data in your product accounts

After you delete your account, we permanently delete your data. We also have some backups of our application databases, which are kept around for 30 days. Retrieving data for a single account from a backup is cost-prohibitive and unduly burdensome so if you change your mind you’ll need to do so before your data are deleted from our active servers

Location of site and data

Our product is operated in the Netherlands, with servers hosted in the Netherlands.


Have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information? Please get in touch by emailing us at and we’ll be happy to answer them!

This policy is open source, licensed under CC BY 4.0. Adapted from the Basecamp open-source policies / CC BY 4.0.