What we track

Satsu is built to answer "how is my site doing?" without answering "who is this person?". This page is the exact list of what's collected, what's derived, and what we refuse to touch. It doubles as the source for our privacy documentation.

Collected by the tracker (client-side)

The tracker ships only raw signals; all intelligence lives server-side. It sends:

  • Pageviews — the path, the referrer, and your screen width. The query string is stripped before storage; UTM parameters are extracted server-side.
  • Custom events — the name and flat props you pass to window.satsu(). Props must never contain personal data.
  • Presence heartbeats — a lightweight "still here" ping while the tab is visible. Used only for the live count. Never stored, never billed.
  • UTM parametersutm_source, utm_medium, utm_campaign, parsed from the URL server-side.
  • Ad click-id presence — the name of a click-id parameter (e.g. gclid, fbclid) if present. The value is never stored — only that one was there.
  • SPA route changes — automatic pageviews on client-side navigation.
  • Outbound link clicks — the destination URL, with query and hash stripped.
  • File downloads — clicks on common file types or download links.
  • Scroll depth — how far down a page a visit reached (25 / 50 / 75 / 100 %), once per pageview.

Derived server-side

From those raw signals, Satsu derives — at processing or query time, never stored as an identity:

  • Country — from IP, at country level only. The IP itself is not stored.
  • Browser, OS and device class — from the user-agent string.
  • Bot filtering — obvious bots are dropped.
  • Session metrics — bounce rate, visit duration, pages per visit — computed from the daily-rotating fingerprint.
  • Channel — Direct, Organic Search, Social, Referral, Paid, Email or AI — classified at query time, not stored.
  • Goal conversions — matched at query time against your goals.

The session key that ties a visit together is a daily-rotating fingerprint, not a cookie or stored ID. See How it's private for exactly how it works.

Deliberately not tracked

The following are refused by design — not a roadmap gap, a decision:

  • Session recordings, mouse movement, or individual heatmaps.
  • Persistent identifiers of any kind — no cookies, no localStorage IDs, no cross-day fingerprints.
  • Personal data in custom event props — actively rejected.
  • Reverse-IP company lookup ("which company visited").
  • Anything that would require a consent banner.

By design: what Satsu can't tell you

Because the fingerprint rotates every day, Satsu cannot track a returning visitor across days, build a retention cohort, or follow one person's journey over time. That limit is the point — it's what makes the "no consent needed" promise true. Geography is country-level only, for the same reason.

Next: How it's private →