Does VeritaMetrics use cookies?

No. VeritaMetrics does not set any cookies or use local storage. Every visit is treated as ephemeral — there is no persistent ID stamped on the user's device.

Does VeritaMetrics store IP addresses?

No. IP addresses are used momentarily in memory for geo-location lookup and then immediately discarded. No IP address is ever stored in our database or logs.

Is VeritaMetrics GDPR compliant?

Yes. VeritaMetrics operates under Legitimate Interest (GDPR Article 6(1)(f)). Because data is ephemeral (24-hour expiry), salted, and cannot be used for cross-site tracking, no consent banner is required.

Can VeritaMetrics track users across multiple days?

No, by design. The Visit ID is generated using a daily-rotating salt. When the salt rotates at midnight, the same user generates a completely different hash. This privacy firewall prevents long-term profiling.

Do I need a consent banner with VeritaMetrics?

No. Because VeritaMetrics does not use cookies, does not store IP addresses, and cannot build persistent user profiles, it operates under Legitimate Interest and does not require a consent banner.

The Right to Be Left Alone

In 1890, Samuel Warren and Louis Brandeis argued that the law must recognize a distinct right to privacy. They believed that technology should never be allowed to strip away our "inviolate personality." Today, the internet has forgotten this.

In a bakery, the baker counts the sale, but they don't pin a GPS tracker to your collar to see where you go next. The internet broke this default. We are fixing it. We count the visit, not the person.

What "Privacy-First" Actually Means

Privacy is not a legal checklist. It is the moral space individuals need to think, choose, and become themselves.

For us, being privacy-first means we minimize data by default, regardless of what the law technically allows. It is a proactive, values-driven approach that treats privacy as a product virtue. We ask: "How can we give users value without collecting sensitive data?"

The Hierarchy of Privacy

Diagram of the Privacy Hierarchy: Ephemerality is the foundation, supporting Aggregation, which leads to Insight.

"We build insight on a foundation of ephemerality."

Here is exactly what happens when a visitor loads your page.

1. The Visit (Not the Visitor)

You walk into the store. We count the entry. Unlike traditional analytics, we do not set a cookie. There is no persistent ID stamped on your device. The interaction is treated as ephemeral, just like in the physical world.

2. The 24-Hour Firewall

We generate a Visit ID using a one-way cryptographic hash. This "Salt" is a random secret that auto-rotates every 24 hours.

3. The Daily Reset

When the salt rotates at midnight, the math changes. If the same user returns tomorrow, they generate a completely different hash. We cannot mathematically link the two visits. This creates a privacy firewall between days.

4. Aggregated & Safe

We store the anonymous visit context (Page URL, Browser, Country) and discard the raw IP address immediately. Because the link to the user is broken every 24 hours, this data is technically incapable of building a long-term user profile.

The Privacy Trade-Off

We killed the cookie. We must be honest about what that costs—and what it gains.

The Cost: Multi-Touch Attribution

Because we do not track users across days, we cannot tell you that someone clicked an ad on Monday and bought a product on Friday.

That said, you still get powerful attribution within each session: UTM campaign parameters, referrer sources, and full same-session journey tracking all work out of the box.

Multi-touch attribution is increasingly unreliable anyway — users switch devices, clear cookies, and use multiple browsers. We chose to give you accurate same-session data rather than a cross-day model built on shaky foundations.

The Gain: Your Missing Visitors

The current web analytics model is broken. By removing the invasive tracker, we remove the need for the banner. No more intrusive consent popups that frustrate visitors and increase bounce rates before they even see your content.

Consent Banners ~30-55% Data Loss*

Ad Blockers ~10-15% Data Loss*

VeritaMetrics 0% Data Loss

* Consent opt-in rates vary by region and industry. EU opt-in rates average 40-50% according to Cookiebot and Usercentrics research. Ad blocker adoption figures from PageFair / Blockthrough reports.

Compliance by Design

We operate on a simple legal distinction: The Store vs. The Home.

Legitimate Interest: A shopkeeper has a right to know how many people entered the store. This is our Visit ID.
Explicit Consent: A shopkeeper needs permission to follow customers home. This is the Persistent Cookie.

We stick to the store.

GDPR Analysis

Article 6(1)(f): Processing is necessary for the purposes of the legitimate interests pursued by the controller.

Balancing Test: Does this override user rights?
No. Because the data is ephemeral (24h expiry), salted, and cannot be used for cross-site tracking.

What We Never Collect

Privacy is not just about what we do — it is about what we refuse to do, by design.

Cookies or Local Storage (We do not store anything on the user's device)

IP Addresses (Used momentarily for lookup, then permanently deleted)

Cross-Site Tracking (We cannot see user activity on other websites)

Persistent User Profiles (We cannot track a user across different days)

Precise Location (No GPS or exact coordinates)

Personal Identifiers (No names, emails, or fingerprints)

Your Privacy Policy

Using VeritaMetrics simplifies your compliance. Here is a sample snippet you can include in your own privacy policy.

Analytics:
We use VeritaMetrics to collect anonymous usage data. It does not use cookies or store IP addresses. All data is aggregated and processed in the EU.

Data collected:

Page Context: The specific URL visited and the Page Title.
Traffic Source (Referrer): The URL of the page the user was on immediately before clicking a link to your site. We use this for attribution, but we do not have access to history prior to that link.
Device Context: Browser type, Operating System, and Device type (e.g., Mobile vs Desktop).
Approximate Location: Country, Region, and City derived from the IP address (which is then immediately discarded).
Ephemeral Visit ID: A temporary, salted hash that automatically expires every 24 hours. This isolates the visit in time and prevents long-term profiling.

Have specific compliance questions?

Read GDPR Statement Read Our Privacy Policy Contact Privacy Team