How it's private
Most analytics tools need a consent banner because they set a cookie or store a persistent identifier — that's personal data, and in the EU personal data needs consent. Satsu doesn't do either. This page explains exactly why "no cookie banner" is true, not a marketing line.
No cookies, no stored IDs
Satsu never writes a cookie, never uses localStorage for identity, and never
assigns a persistent visitor ID. There is nothing on the visitor's device and
nothing in our database that points back to a person.
Sessions are derived, not stored
To group a visit's pageviews together — to know that three pageviews came from the same session — Satsu derives a short-lived fingerprint on the server:
session = sha256(site · ip · user-agent · day · salt)
The components are hashed together (NUL-separated) into a single opaque value:
sha256("site_id" | "203.0.113.7" | "Mozilla/5.0 …" | "2026-07-14" | secret_salt)
→ 9f2c... (a one-way hash)
A few things make this safe:
- It's one-way. SHA-256 can't be reversed. The stored value can't be turned back into an IP or user-agent.
- The raw IP and user-agent are never stored. They exist only for the moment the hash is computed, then they're gone.
- It includes the day. Because
day(YYYY-MM-DD, UTC) is part of the input, the fingerprint changes at midnight. Tomorrow the same visitor produces a completely different hash — there's no way to connect the two.
Why the daily rotation matters
The daily rotation is the core design decision. It means Satsu cannot build a profile that follows someone across days or sites. No retention cohorts, no cross-day journeys, no "returning visitor" tracking spanning weeks. That's a deliberate limit, and it's exactly what removes the need for consent: there's no durable identifier, so there's no personal data to consent to.
Heartbeats are presence-only
The live visitor count comes from lightweight heartbeats held in memory for about a minute. They're never written to the analytics store and never counted against your plan — they exist only to power the real-time "who's here now" number.
What this means for compliance
Because Satsu processes no personal data in the tracking path:
- GDPR — no cookie consent needed; there's no personal data being collected under the definition that triggers consent.
- ePrivacy / "cookie law" — no cookies or device storage means the consent requirement doesn't apply.
- CCPA — nothing personal is sold or shared; there's nothing personal to begin with.
We're happy to provide a Data Processing Agreement (DPA) for business customers — email hello@satsu.pro.
The honest caveats
We'd rather tell you the edges than oversell:
- The daily salt is currently a fixed secret. Rotating the salt itself every day (so yesterday's fingerprints become uncomputable even to us) is a planned hardening step.
- Country is derived from IP at the country level and the IP is discarded — but the derivation does briefly see the IP in memory, like any server that receives a request does.
None of this changes the core promise: no cookies, no persistent IDs, nothing that identifies a person, no banner required.
See also: What we track for the full field-by-field list.