How it's private

Most analytics tools need a consent banner because they set a cookie or store a persistent identifier — that's personal data, and in the EU personal data needs consent. Satsu doesn't do either. This page explains exactly why "no cookie banner" is true, not a marketing line.

No cookies, no stored IDs

Satsu never writes a cookie, never uses localStorage for identity, and never assigns a persistent visitor ID. There is nothing on the visitor's device and nothing in our database that points back to a person.

Sessions are derived, not stored

To group a visit's pageviews together — to know that three pageviews came from the same session — Satsu derives a short-lived fingerprint on the server:

session = sha256(site · ip · user-agent · day · salt)

The components are hashed together (NUL-separated) into a single opaque value:

sha256("site_id" | "203.0.113.7" | "Mozilla/5.0 …" | "2026-07-14" | secret_salt)
→ 9f2c... (a one-way hash)

A few things make this safe:

  • It's one-way. SHA-256 can't be reversed. The stored value can't be turned back into an IP or user-agent.
  • The raw IP and user-agent are never stored. They exist only for the moment the hash is computed, then they're gone.
  • It includes the day. Because day (YYYY-MM-DD, UTC) is part of the input, the fingerprint changes at midnight. Tomorrow the same visitor produces a completely different hash — there's no way to connect the two.

Why the daily rotation matters

The daily rotation is the core design decision. It means Satsu cannot build a profile that follows someone across days or sites. No retention cohorts, no cross-day journeys, no "returning visitor" tracking spanning weeks. That's a deliberate limit, and it's exactly what removes the need for consent: there's no durable identifier, so there's no personal data to consent to.

Heartbeats are presence-only

The live visitor count comes from lightweight heartbeats held in memory for about a minute. They're never written to the analytics store and never counted against your plan — they exist only to power the real-time "who's here now" number.

What this means for compliance

Because Satsu processes no personal data in the tracking path:

  • GDPR — no cookie consent needed; there's no personal data being collected under the definition that triggers consent.
  • ePrivacy / "cookie law" — no cookies or device storage means the consent requirement doesn't apply.
  • CCPA — nothing personal is sold or shared; there's nothing personal to begin with.

We're happy to provide a Data Processing Agreement (DPA) for business customers — email hello@satsu.pro.

The honest caveats

We'd rather tell you the edges than oversell:

  • The daily salt is currently a fixed secret. Rotating the salt itself every day (so yesterday's fingerprints become uncomputable even to us) is a planned hardening step.
  • Country is derived from IP at the country level and the IP is discarded — but the derivation does briefly see the IP in memory, like any server that receives a request does.

None of this changes the core promise: no cookies, no persistent IDs, nothing that identifies a person, no banner required.

See also: What we track for the full field-by-field list.