telemtrie

Privacy

telemtrie is built privacy-first. Here's exactly what it collects — and, more to the point, what it never touches.

What telemtrie does NOT do

No cookies. The script sets no cookies and writes nothing to your visitors' browsers.
No personal data. No names, emails, accounts, or anything that identifies a person.
No cross-site tracking and no browser fingerprinting.
No third-party scripts. The collector loads nothing else — no ad networks, no trackers.
No data selling or sharing. It's self-hosted; the data lives in the site operator's own database.

What it collects

Page path — e.g. /products/widget. Query strings are stripped (except utm_* campaign tags).
Referrer host — the domain a visit came from (e.g. google.com), never the full URL.
Country — country-level only, derived from the network. No city or precise location.
Device type — a coarse bucket: mobile, tablet, or desktop.
Browser & OS — names only (e.g. "Chrome", "iOS").
Web Vitals — anonymous page-performance numbers (LCP, INP, CLS, FCP, TTFB).
Custom events — only the ones a site chooses to send (e.g. cart_add), with non-personal properties.

How your IP address is handled

Your raw IP is never stored. It's used for a moment to (1) count unique visitors via a one-way daily hash, (2) look up your country, and (3) rate-limit abuse — then it's discarded. The visitor hash is SHA-256 of your IP combined with a secret and the current date, so it rotates every day and can't be reversed or linked back to you across days.

User agents & bots

The browser's user-agent string is read on the server to derive the browser/OS names, then thrown away — the raw string is never stored. Traffic identified as bots is dropped entirely and never recorded.

No personal data in custom events

If a site sends custom events, property keys that look like personal data — email, phone, name, address, password, token, ssn, credit, card — are rejected automatically, and values are kept short and flat. telemtrie is designed to make it hard to accidentally collect PII.

Data retention

Only what's needed to power the dashboard is kept, and it's deliberately minimal. Stored stats are anonymous — there are no IPs, no user-agents, and no identifiers that point back to a person. Raw event data is automatically deleted after 30 days; after that only anonymous daily totals remain — aggregate counts (e.g. "120 pageviews from Germany on this day") with no IPs, no user-agents, and nothing that identifies a visitor.

Opting out

Visitors are not tracked if their browser sends Do Not Track, or if they set localStorage.setItem('telemtrie_optout','1'). In either case the collector quietly does nothing.

This page describes how telemtrie works technically; it isn't legal advice. Questions? hello@telemtrie.com · Read the FAQ