How We Count Unique Visitors Without Cookies
Counting unique visitors is one of the most important functions of any analytics tool. But how do you do it without cookies, fingerprinting, or storing personal data?
The Traditional Approach
Traditional analytics tools use persistent cookies or device fingerprinting to identify returning visitors. While effective, this approach stores personal data and requires consent under GDPR.
Our Privacy-First Approach
We use a daily-rotating hash that combines several data points into an anonymous identifier:
- The visitor's IP address (immediately discarded after hashing)
- The User-Agent string
- A daily-rotating salt derived from the application key
- The current date
The resulting SHA-256 hash is:
- Not reversible to the original data
- Only valid for the current day
- Not linkable across different websites
- Not personal data under GDPR
Accuracy Considerations
This approach has some trade-offs compared to cookie-based tracking:
- Visitors using VPNs or shared IPs may be under-counted
- Multiple people on the same network may be counted as one
- Returning visitors after midnight are counted as new
In practice, our testing shows this method is within 5-10% accuracy of cookie-based approaches for most websites, which is more than sufficient for making data-driven decisions.
Why This Matters
By not storing any personal data, we eliminate the need for consent banners, simplify GDPR compliance, and ensure that 100% of visitors are tracked, rather than only those who accept cookies.
Enjoyed this article?
Try ClearAnalytics for free and get privacy-first analytics for your website.
