Privacy & Compliance

LiteStats is designed from the ground up to be privacy-first. Here's how we help you stay compliant.

No cookies = no consent banners

LiteStats does not set any cookies. Because there are no cookies, you do not need to show a cookie consent banner to comply with the EU ePrivacy Directive (commonly called the "cookie law") or PECR (UK). This simplifies your compliance obligations and improves user experience.

GDPR (EU/EEA)

The General Data Protection Regulation applies when you process personal data of EU residents. LiteStats minimises data collection so that no personal data is processed:

• No IP addresses stored — IP is used transiently for country geolocation, then discarded
• No user identifiers — session IDs are random UUIDs that reset on tab close
• No cross-site tracking — each site has isolated data
• No fingerprinting — the user agent is parsed server-side for browser/OS/device only

Because LiteStats does not process personal data under the GDPR definition, most implementations do not require consent for analytics. However, we recommend mentioning your use of analytics in your privacy policy for full transparency.

PECR (UK)

The Privacy and Electronic Communications Regulations require consent for storing information on a user's device. Since LiteStats uses sessionStorage (which is not a cookie and is considered essential for the service to function), and collects no personal data, PECR consent requirements do not apply.

CCPA (California)

The California Consumer Privacy Act gives residents the right to know what data is collected and request its deletion. Since LiteStats does not collect personal information as defined by the CCPA, there is no personal data to disclose, opt out of, or delete.

ePrivacy Directive (EU)

The ePrivacy Directive requires consent for non-essential cookies and similar technologies. LiteStats's sessionStorage usage falls under the "strictly necessary" exemption as it only stores a temporary random identifier needed for the analytics service to function.

Data Processing Agreement

If you need a Data Processing Agreement (DPA) for your records, you can find ours at litestats.io/dpa. This outlines how LiteStats processes data on your behalf as a data processor.

Data residency

LiteStats data is stored on Supabase infrastructure. All analytics data is encrypted at rest and in transit.

What to include in your privacy policy

Even though LiteStats doesn't require consent, we recommend adding a section to your privacy policy for transparency. Here's a template:

We use LiteStats for website analytics. LiteStats is a privacy-first analytics service that does not use cookies, does not collect personal data, and does not track users across websites. It collects aggregate, anonymised data about page views, referrers, browsers, and device types to help us understand how our website is used. No consent is required as no personal data is processed. For more information, visit litestats.io/privacy.

You can also use our Privacy Policy Generator to create a complete privacy policy that includes a LiteStats-specific section.

Summary