Privacy & data model
What we collect — and what we never do
VisitorsToday is built privacy-first: first-party only, no third-party cookies, no cross-site or cross-device tracking, no personal data. Here is exactly how it works — no fine print.
What we collect
What we never collect
- ✓No third-party cookies.
- ✓No cross-site or cross-device tracking — your visit id is scoped to one site.
- ✓No raw IP storage — it is used transiently at the edge for coarse geo, then discarded.
- ✓No personal data (names, emails, accounts). Custom event properties are size-capped and you control what you send.
- ✓No selling, sharing, or ad-network enrichment of any data.
The data model
Events flow from the tracker to an append-only event stream, then into a durable store plus daily roll-ups that power your dashboard. You can export everything as CSV or JSON at any time, and delete a site to remove its data.
Data retention — kept for the life of your account
Your analytics history is yours to keep. Events land in a durable store, not a rolling window — no 6-day cap, no automatic deletion. See your first day's data years from now, and pull any of it out via the export at any time. When you delete a site, its data is removed.
Compliance posture
The data practices above are designed to align with the principles of GDPR and CCPA — data minimisation, no personal data, no third-party sharing. Note: VisitorsToday currently uses a first-party browser identifier (localStorage); depending on your jurisdiction and how you use the product, you should evaluate your own consent obligations. This page describes what the product does so you can make that assessment — it is documentation, not legal advice.