plainstats.eu
GDPR and ePrivacy

GDPR-compliant web analytics, by design

PlainStats is built to minimise personal data from the start: no cookies, no consent banner, and aggregate counts only. That is a much shorter path to GDPR and ePrivacy alignment than bolting consent onto a tool that tracks individuals.

Why the data model is the compliance story

Most of the GDPR burden in analytics comes from collecting personal data in the first place: identifiers, IP addresses, cross-site profiles. Once you hold that, you inherit consent, retention, access, erasure, and transfer obligations. PlainStats is designed to avoid that load by not collecting the data. There is no per-visitor record, so there is structurally nothing to export, rectify, or erase.

  • No cookies and no device storage, so no ePrivacy Article 5(3) consent trigger from PlainStats.
  • No raw IP stored and no fingerprint, so no persistent identifier to defend.
  • Aggregate counts by day and country, built toward zero retained personal data.
  • Processed and stored on EU infrastructure.

What this means for your consent banner

Because using PlainStats does not set a cookie or read from the device, it does not, on its own, require consent under ePrivacy. It can reduce the consent-banner friction your visitors see. If PlainStats is the only thing you would have needed a banner for, you may not need one at all. Other tools on your site can still require consent. See do I need a cookie banner for analytics.

Designed for the obligations, not just the marketing

  • Data minimisation (Art. 5). Collect the least that still answers "how is my site doing".
  • Right of access and erasure (Art. 15, 17). No per-visitor data means nothing personal to produce or delete.
  • EU processing. Your analytics stay on EU infrastructure. See EU web analytics.
  • Transparency. A plain, readable privacy and cookie policy in the legal centre.

An honest limit

"GDPR-compliant" is never a property of a single tool in isolation. Compliance depends on your whole site, your other vendors, your policies, and your jurisdiction. PlainStats is designed to make the analytics part as low-risk as possible and to give you less to worry about, not to be a certificate. Compare the approach against a cookie-based setup on the cookieless analytics page, or read is Google Analytics GDPR-compliant.

This page is general information, not legal advice. For your specific situation, check with a data protection officer or qualified counsel in your jurisdiction.

Founder pricing, locked for life

Analytics your visitors never have to think about.

Clear numbers, honest geography, zero personal data. Join the waitlist and lock a price that never goes up.

Join the waitlist