Privacy & compliance

Analytics without compromising visitor privacy.

No consent required

Glyphex is designed to be privacy-first. Because we don't use cookies or collect personal data, you can use Glyphex without:

  • Cookie consent banners
  • Privacy policy consent forms
  • GDPR cookie consent popups
  • Any user consent mechanism

Remove your cookie banner and still get accurate analytics.

GDPR compliance

The General Data Protection Regulation (GDPR) applies to personal data. Glyphex is compliant because:

  • No cookies - We don't set any cookies
  • No personal data - We don't collect names, emails, or identifiers
  • No IP storage - IP addresses are used only for geo-lookup, then discarded
  • No cross-site tracking - Visitors can't be tracked across websites
  • No fingerprinting - We use privacy-safe, daily-rotating identifiers

CCPA compliance

The California Consumer Privacy Act (CCPA) gives California residents rights over their personal information. Since Glyphex doesn't collect personal information:

  • No "Do Not Sell My Personal Information" link needed
  • No data deletion requests to handle
  • No personal information inventory required

PECR compliance

The Privacy and Electronic Communications Regulations (PECR) in the UK requires consent for cookies and similar technologies. Glyphex is exempt because:

  • No cookies or local storage used for tracking
  • Analytics are "strictly necessary" for website operation
  • No third-party data sharing

How we identify visitors

To count unique visitors without personal data, we use a privacy-safe approach:

  1. Combine the visitor's IP address with their User-Agent string
  2. Add a daily-rotating salt (random value that changes every 24 hours)
  3. Hash the combination using SHA-256 (one-way, irreversible)
  4. Use the hash as a temporary visitor ID

This means:

  • We can count unique visitors today
  • We can't link today's visitor to tomorrow's visitor
  • We can't identify who the visitor is
  • No personal data is ever stored

Data location

All data is stored on servers in the European Union. We use:

  • Supabase (EU region) for database storage
  • Vercel (EU edge) for application hosting
  • No data transfers to non-EU countries

User opt-out

Although not required, you can offer visitors the ability to opt out:

// Add this to your site for opt-out functionality
localStorage.setItem('glyphex_ignore', 'true');

When this flag is set, the tracking script will not send any data.

Comparison with Google Analytics

FeatureGlyphexGoogle Analytics
Uses cookiesNoYes
Consent requiredNoYes
Stores IP addressesNoYes (even anonymized)
Cross-site trackingNoYes
Data shared with third partiesNoYes (Google)