For years, cookies were the backbone of digital marketing — silently tracking users to personalize campaigns. While they used to be reliable in providing granular user data, and campaign personalization, their accuracy raised privacy concerns.

As you are about to see in this article, those concerns were addressed through legislative efforts, with the introduction of strict privacy regulations. But, users themselves are becoming more privacy-aware, and are doing their best to protect their personal data from ad networks and data brokers.

As a response to the new challenges, privacy-friendly and privacy-first software has entered the market. While they don’t offer granular analytics, they provide tracking data without the use of cookies.

This new approach allows businesses to rebuild trust, and rethink the traditional digital marketing playbook.

What Cookieless Marketing actually involves

The central concern with third-party cookies is the fact that they not only collect behavioral data on the site that stored them initially, but they keep tracking it across websites.

This cross-site tracking enables ad networks to build detailed user profiles — and monetize them by selling targeted access to advertisers. Those profiles are one of the key reasons why marketing campaigns are so precise—advertisers can personalize ads based on age, interests, hobbies, locations, content consumed, and other types of personal data.

Third-party data collection is also one of the reasons why popular website tracking services such as Google Analytics are free—they collect data and sell it to advertisers. The data isn’t available in raw form, but it is still precise enough to target individual users, making it a privacy concern.

While Google does have a few privacy initiatives, such as Google Privacy Sandbox, and the announced phasing out of third-party cookies from Chrome, their advertisment network will remain a significant source of their income.

The legal paradigm shift away from third-party cookies

Legislators have realized the importance of personal data in the modern age, and privacy regulations reshaped the way user tracking works.

Once The General Data Protection Regulation (GDPR) came into force in 2018, explicit user consent became mandatory for all personal data processing.

Practically speaking, website owners needed to introduce changes, some of which are:

• Cookie consent banners became mandatory.
• Personal data can only be processed following strict principles such as data minimization, limited storage, and purpose-based processing with guaranteed integrity and confidentiality.
• Data controllers and processors need to respond to user requests.

The effectiveness of GDPR was guaranteed with its penalty system. Some of the biggest data processors such as Google, TikTok, Meta and Amazon have already faced individual fines reaching hundreds of millions of euros.

But, it is not only the EU—other legislators have followed their example. While the US doesn’t have a federal law, an increasing number of states are introducing more stringent privacy regulations.

Why privacy-conscious users are changing the rules

While legislative changes are affecting business-making decisions, the real impact comes from a growing number of privacy-focused users.

Major data breaches such as Equifax, or privacy scandals such as Cambridge Analytica have caused major public disturbance. More people started questioning the amount of data major companies collect about their daily (web) activities.

As a result, more users are actively limiting their exposure. Besides opting out of cookie tracking, supplemental technologies such as VPN, ad blockers, private browsers and incognito modes are helping users cloak their web traffic and protect their private data.

As a result, cookie-based marketing strategies are quickly losing one of the major advantages they had—accurate granular tracking and targeting. New technologies and opt-out settings prevent cookies from accurate tracking. As a result, the collected metrics are not longer as reliable.

And if the tracking results are questionable, but cookies present an unquestionable privacy concern, the real question is: Is cookie-based marketing still worth it?

How intrusive tracking can damage your brand

Cookie-based marketing also has an effect on your business reputation and even conversions in one more distinct way—by interrupting the user experience.

Instad of browsing your blog, products, and services, users are faced with complicated consent banners that take up a significant portion of their screen. Those banners alone can be a compliance headache, if you don’t display the options the right way.

But, we are living in a world where attention is a scarce resource, and those cookie-notifications are shifting it away from the page content.

What’s more, that attention loss can negatively impact your marketing ROI and conversions. For example, if you invested a lot of time and resources into your SEO efforts, you don’t want to lose a lead now, once they are on your website, solely because you are presenting them with confusing consent banners.

But, that lost conversion can happen for a much bigger reason—privacy-oriented user who enters your website for the first time, and sees the cookie consent banners is likely to question the ethical principles behind your company. Privacy is a fundamental human right, and an increasing number of users is taking personal data protection very seriously.

That type of privacy-aware user is likely to look away and find alternative products and services that don’t needlessly track personal data. In other words, if they question the ethical standards of your brand, you might lose them to your competition.

Therefore, switching from invasive tracking towards a respectful, data-light approach will not only ensure legal complaince, but will strengthen your brand reputation.

Furthermore, choosing cookieless marketing solutions can even become a part of your marketing efforts. You’ll be able to present how user privacy is one of the key company values and how you will never compromise ethics to make a profit, separating yourself from the competition.

Cookieless tracking: Accurate metrics, without surveillance

The pressure coming from both legislators and users caused companies to rethink their approach. Accurate data and metrics are still essential—without them digital marketing is a shot in the dark.

Businesses still need to monitor their website traffic and its sources, as it is a clear indication of their marketing efforts. They still need to identify funnel bottlenecks and drop offs, which will help them make appropriate optimizations.

However, the conventional way of tracking vast amounts of personal data via cookies is no longer universally suitable for the cookieless world, which lead to the development of new types of privacy-oriented marketing software that works without cookies.

Privacy-friendly analytics

While third-party cookies cause privacy concerns, focusing only on them is not solving the problem. Cookies are only a tool used to collect personal data. If you eliminate them, but still collect personal data through other methods, you will still need user consent.

That is the approach of so-called privacy-friendly software. Yes, they are not using third-party cookies that are tracking users across websites. But, many tools utilize different types of ID tracking, such as:

• IP hashing
• Fingerprinting
• Precise location tracking
• Collecting detailed device information

Even though privacy-friendly tools rely on first-party data that isn’t classified as personally identifiable information, this data can often be linked back to individual users — which still qualifies as personal data processing under laws like the GDPR.

As a result, using privacy-friendly analytics often still requires consent banners. That means businesses may continue to face compliance challenges, disruptions to the user experience, and ongoing ethical considerations — even without deploying third-party cookies.

Privacy-first analytics

Unlike privacy-friendly tools, true privacy-first analytics don’t process any personal data whatsoever. That means no cookies, but also no hashing, fingerprinting or other methods of personal data collection.

As a result, privacy-first analytics don’t require consent banners, and your website’s user experience will reamain uninterupted.

But, it also means there will be no compliance or ethical dilemmas, which will minimize legal risks and strengthen brand reputation.

mandera — Reliable website analytics for the cookieless marketing era

mandera analytics is a private-by-design software that provides accurate website traffic analytics without infringing privacy. Here’s how it can help your business:

No consent banners needed

mandera tracking identifies a unique visit without processing personal data. Instead of hashing, fingerprinting, IP address processing, or assigning unique identifiers, we use non-invasive tracking methods such as:

• Removing the IP addresses from every requests
• Referrer domain tracking
• Time zone tracking
• Timestamps
• OS type and basic device information
• UTM parameters

When combined, that information is not sufficient to identify unique users, which is why it isn’t considered personal data.

However, the data collected based on our parameters does allow us to distinguish individual visits, and show you accurate metrics, without relying on personal data collection.

As a result, mandera doesn’t require consent banners, and your UX will remain uninterrupted, allowing users to focus on the website content.

Accurate analytics with user flow predictions

Because mandera doesn’t track personal data, the analytics will remain unaffected by ad blockers, VPNs, and private browser settings, which are all a problem for cookie-based tools.

You will get accurate insights of total traffic, the most popular pages, device types, and similar information useful for campaign monitoring.

As a result, you will have a win-win scenario—accurate website metrics without personal data processing.

But, mandera also allows you to optimize your pages based on user flow predictions through which you’ll have insights into where users go once they enter your website.

You’ll also be able to create custom user flows, which is a good option for testing different scenarios and making optimizations.

However, mandera doesn’t provide granular personalization—our user flows are predictions-based.

Our conclusion

Even though third-party cookies have been the go-to way of user tracking for a long time, cookieless marketing software shows that marketers don’t need excessive amounts of personal information. With the right approach, it’s possible to understand user behavior without ever compromising privacy.

Privacy-first tools like mandera demonstrate that cookieless marketing isn’t a limitation, but rather an opportunity to restore digital trust — all without compromising data-driven decision-making. By delivering reliable insights and maintaining strict privacy standards, mandera paves a balanced path into the cookieless future.

So don’t wait, try mandera now, completely free, and enjoy the best of both worlds—accurate metrics that fully respect user privacy.

Tracking cookies used to be the go-to digital marketing solution for many businesses. They proved helpful for many marketing activities, including traffic analytics, direct advertising campaigns, funnel analytics, segmentation and much more. 

However, as we will discuss in this article, regulatory changes in the privacy field and rising user awareness have shifted the perspective on tracking cookies. As a result, cookie-based marketing is raising ethical and compliance dilemmas and is no longer as effective as it used to be. Due to that shift, businesses seek alternatives to traditional tracking methods.

What are tracking cookies, and why do businesses care about them?

Tracking cookies are small text files with pieces of data stored on users’ browsers when they visit a website. There are two main categories of cookies:

• First-party tracking cookies: set by the visited website directly, this type of cookie is used to improve the user experience and display information as the user interacts with the web pages. For example, first-party cookies are used to remember language choices, session browsing history, or items added to the cart. First-party cookies track data only on the website itself.
  
  
• Third-party tracking cookies: set by ad networks, third party cookies allow cross-site tracking. The information is collected persistently and is primarily used for marketing purposes, such as profiling and personalized advertising, and making granular sales funnel optimizations.

While many users click the “accept all” button on cookie banners without reviewing the details, this form of consent still allows extensive tracking and has significant privacy implications.

How cookies work

Cookies track user data, which allows website owners to analyze behavior and optimize the user journey.

For example, if a person visits a sneaker store, cookies will track how users behave while interacting with the website and gather information such as:

• Products viewed
• The order of visited pages
• Time spent per page
• Items added to the cart

However, cookies will also collect technical information about the device and browser used, traffic source, user location, and IP address. That information is beneficial for digital marketing activities.

The sneaker store from our example can use the stored information and retarget users with ads on third-party websites. That might re-engage users by reminding them of previously viewed products, leading to a potential purchase.

Data aggregation and privacy challenges

The data collected by third-party cookies isn’t available only to the sneaker store in this case—anyone in the same ad network can utilize it to target users with ads.

Data brokerage is a large industry, and millions of internet users’ personal data are sold to businesses and ad networks daily. Personal data is so valuable that it is often called “the new oil.”

While it may be helpful for businesses to gain access to personal data about users who have not previously interacted with their brand, the amount of information collected and exchanged causes privacy concerns.

The legal paradigm shift

Personal data protection is a part of the right to privacy, one of the core human rights in the Universal Declaration of Human Rights. However, the digital era required a more modern and direct approach to consider the latest technical developments and address the rising privacy concerns.

How the EU GDPR changed the privacy landscape

The real change came with the introduction of The General Data Protection Regulation (GDPR). After it came into full force in 2018, explicit consent is required for all personal data processing activities. It changed how cookies work, too, and cookie consent banners became mandatory.

However, explicit consent isn’t the only way GDPR affects third-party cookies. It also introduced several other data processing principles, including:

• Purpose limitation: Data can only be used for the specific purpose for which it was collected, which has to be clearly stated in the cookie policy.
• Data minimization: Only the necessary amount of data can be processed in line with the purpose.
• Storage limitation: Data can only be kept for as long as necessary for the initial purpose.
• Integrity and confidentiality: Personal data has to be processed in such a way that maintains its integrity and ensures confidentiality.

The GDPR also defined personal data as any information that can lead to the identification of an individual, whether on its own or in combination with other data. IP addresses are personal data, but profiling users and assigning unique identifiers, even without the classic personally identifiable information, is also considered personal data processing. That created more compliance issues for cookie-based tracking.

As you can see, offering data to third-party ad networks and brokers is hardly in line with the GDPR standards. As a result, we have seen substantive non-compliance fines exceeding billions of euros.

Other major legislators followed the GDPR’s approach, one of the most prominent being the California Consumer Privacy Act (CCPA). While the US doesn’t have a federal law, many states follow California’s example.

Large markets like Brazil also introduced privacy laws, showcasing a significant worldwide shift towards a more privacy-focused and consumer-first digital ecosystem.

Are tracking cookies still worth the risk?

Although legislative changes create compliance headaches, they are only a part of the concerns businesses relying on cookie-based advertising face:

Data accuracy concerns

Tracking cookies allowed accurate, granular segmentation and targeting, which was very useful for advertising purposes. Advertisers could identify funnel issues and A/B test changes, seeing how users behaved every step of the way. 

However, many users feel uncomfortable when targeted ads “follow” them around the internet, which is why they are doing their best to protect their privacy. Privacy-aware users will not only click the “reject all cookies” button but will use tools such as VPNs, ad blockers, DoNotTrack settings, incognito modes, and private browsers to protect their data and block tracking cookies.

As a result, it is becoming increasingly complex for cookie-based analytics to show reliable data.

More legislators are expected to introduce stricter privacy regulations while users increasingly take conscious steps to protect their personal information. That will make compliance even harder while reducing the effectiveness of cookie-based tracking, making it not worth the risk.

User experience (UX) friction

To avoid non-compliance fines, cookie consent banners must allow users to refuse cookies just as easily as they accept them. That can be especially problematic for mobile phones due to the screen size.

However, cookie notifications and prompts take the attention away from your website content, creating friction and interrupting the user experience.

As a result, businesses are faced with a challenging dilemma—if they don’t show the full consent banners, they may risk hefty GDPR fines; if they do show them, they take the user’s attention away from their content.

Erosion of trust

Cookie consent banners are a cause of concern for privacy-aware users. Even if you present them with easy and compliant opt-outs, the fact that their data will be available to third-party brokers may lead to ethical and trust concerns.

Considering that more and more users are privacy-conscious, this erosion of trust may weaken brand reputation in the long run. Users will look for alternative products and services that do not infringe on their privacy, which might lead them to your competition.

Strategic risk

While erosion is a strategic risk of its own, it happens gradually. However, cookie-based marketing carries a more significant strategic risk from all the aforementioned factors combined.

In cases of non-compliance, high fines are usually not the central issue—the following reputational damage can severely harm a business. Losing customer trust is hardly reversible, particularly in highly competitive markets.

However, non-compliance isn’t the only risk. If you process personal data on your servers, you are also at risk of hacks and data leaks. Even if you prove that you did all you could to prevent the data leak, the affected users will hardly continue to use your services and products after the incident.

A move towards a cookieless future

The reputational risks, compliance issues, and privacy concerns are gradually reshaping the world of user tracking.

Even tech giants are implementing measures to address tracking—Google has announced the end of support for third-party cookies in Google Chrome, while Apple’s Safari blocks third-party cookies by default.

However, businesses still need accurate data, which creates space for analytics software that respects user privacy.

Privacy-friendly analytics

So-called privacy-friendly analytics tools have emerged as a response to increasing concerns around user tracking and data protection. These solutions aim to reduce the amount of personal data collected — and unlike traditional analytics tools, they often don’t use tracking cookies or persistent identifiers.

Instead, they rely on alternative tracking methods like IP hashing, anonymized session identifiers, or limited browser data to deliver website insights. While this approach reduces some privacy risks, many of these methods still count as personal data processing under laws like the GDPR — particularly when technical re-identification is possible.

Some privacy-friendly tools also use trackers like fingerprinting techniques, which involve combining device- or browser-specific attributes to distinguish users. Even without names or email addresses, this type of tracking is still subject to consent requirements in most jurisdictions.

In short: privacy-friendly analytics offer a more privacy-conscious alternative to traditional tools that use tracking cookies and cross-site trackers, but they don’t eliminate all compliance or UX challenges — especially when personal data is still processed in the background.

Privacy-first analytics

Privacy-first analytics go a step further than privacy-friendly software by eliminating personal data processing altogether. They are built without cookies, identifiers, IP hashing, or fingerprinting. This means that no consent banners are required, and there are no compliance risks or ethical concerns typically associated with traditional tracking.

Unlike cookie-based tools, which can be blocked or distorted by ad blockers, VPNs, or private web browsers, privacy-first solutions remain unaffected by these technologies. They deliver accurate, reliable website metrics without relying on invasive technologies.

By avoiding tools that use cookies and personal identifiers entirely, privacy-first analytics provide a cleaner, compliant, and user-friendly alternative for businesses that want to respect privacy without sacrificing insights.

mandera: Accurate privacy-first analytics without tracking cookies

mandera for instance is a private-by-design website analytics solution showing reliable website insights without processing any personal data. Here’s how:

Built for privacy

Instead of processing personal data, mandera combines several non-invasive tracking parameters to distinguish individual visits:

• Referrer domain
• Time zone
• Timestamps
• Anonymized user agents
• Viewport and screen size

However, mandera doesn’t process IP addresses—they are automatically removed from every request.

As a result, we can accurately track user visits without being able to identify individual users, making mandera 100 % GDPR and CCPA compliant.

Accurate metrics with user flow predictions

Ad blockers, VPNs, private browsers, and incognito windows won’t interfere with mandera’s results, allowing us to show you accurate metrics.

You will have simple-to-understand yet actionable website use insights, allowing you to see which pages are the most popular, as well as traffic sources.

Furthermore, our advanced predictions and custom user flows will help you to map how users enter and move through your website, allowing you to make optimizations.

Uninterrupted UX

Because mandera doesn’t process personal data, you don’t have to show consent banners. 

As a result, the entire user experience will remain uninterrupted, and visitors can focus on your content, leading to improved user satisfaction and potentially more conversions.

Improved brand reputation

The rising number of privacy-aware users will appreciate your efforts to protect their personal data.

Your decision to use privacy-first software such as mandera won’t go unnoticed and will strengthen your brand reputation. It will prove that your company lives up to its ethical standards and puts them into practice.  

That demonstrates a commitment beyond mere compliance and shows you are unwilling to compromise with personal data. As a result, embracing privacy-first tools can strategically differentiate your brand from your competition, giving you an advantage.

Our conclusion

While the use of cookies allowed businesses to optimize their marketing efforts, the privacy concerns they raised resulted in a chain reaction of significant shifts in legislation and user behavior.

As a result, cookie-based tracking is becoming less popular. Businesses seeking reliable analytics solutions that won’t create user friction or compliance issues are now exploring alternatives.

As a privacy-first solution, mandera displays accurate website traffic metrics without processing personal data. You will get actionable user insights and predictions without interrupting the UX with cookie banners or worrying about potential compliance issues.

Explore mandera today, 100 % free, and embrace the cookie-free website analytics for the privacy-first era.

Funnel analytics give businesses insights into important user behavior metrics that help optimize the customer journey and improve conversions.

While traditional funnel analytics do provide granular targeting and precise optimizations, as we will discuss in this article, they aren’t always in accordance with privacy and compliance standards.

While many tracking tools are labeled privacy-friendly, they still process personal data — falling short of true privacy and ethical standards.

Why businesses (should) care about funnel analytics?

Funnel analytics is a process of mapping and tracking the steps the users/leads take, from the point where they enter the funnel, to successful conversion or drop-off.

Businesses use funnel analysis to visualize and track the user journey through a predefined conversion path. They can identify weak points in the conversion funnel and bottlenecks where users drop off.

Identifying weak points, testing, and optimizing allow businesses to improve the ROI (Return on Investment) of their marketing and sales efforts and increase conversion rates. That is especially important for large websites and eCommerce stores, where even the slightest change in the number of users going through each funnel step can result in significant revenue changes.

Unfortunately, most granular analytics tools rely on tracking methods that raise privacy concerns.

Privacy issues with traditional funnel analytics

Most traditional funnel analytics software relies on tracking methods such as third-party cookies and precise user profiling.

Cookies are small pieces of code quietly stored on web browsers after a user visits a web page for the first time. Cookies not only track user behavior on that website, they remain active in the background and keep tracking across websites.

While this tracking may seem justified in the context of marketing strategies—leads usually don’t convert after the first visit—the amount of gathered information about user preferences and behavior is a cause of privacy concerns.

Moreover, traditional cookie-based analytics tools like Google Analytics indirectly offer that data to advertisers via Google Ads. Personal data is one of the main reasons such services are free.

How personal data become a highly sought commodity

Even though advertisers don’t get access to personally identifiable information such as names, social security numbers, and similar, data about user preferences, purchasing habits, and detailed behavioral breakdowns can be combined to create user profiles. Based on that information, platforms offer advertisers ways to target the end user with precise ads.

Cookies and user profiling contribute to concerns regarding persistent, targeted advertising. However, even without intrusive ads, the sheer volume of information collected about individuals presents privacy risks. We had some notorious cases of major brands misusing private information solely based on purchasing habits.

Due to the rising number of concerns, regulators realized they needed to intervene, as the existing legal framework proved insufficient to protect user privacy online.

Significant privacy-related legislative changes

While legislators addressed the issue through regulations like the ePrivacy directive, another EU law reshaped the privacy sector globally.

The General Data Protection Regulation (GDPR) was (and still is) the groundbreaking framework that changed how businesses collect and process personal data, especially in the digital sphere.

After the GDPR, explicit user consent is required before cookies are stored on web browsers. As a result, if businesses wanted to use cookie-based funnel analytics, they needed to present users with cookie consent banners.

The GDPR applies even to non-EU companies as long as they process the personal data of EU citizens. The EU is a major market, which is why many companies complied with the GDPR to maintain access to it.

GDPR fines

But, the GDPR is also effective due to its fines. Failing to comply with the GDPR standards can lead to fines of as much as 4% of the company’s global annual turnover in the previous year.

It’s important to note that the GDPR applies globally — not just within the EU — and fines are based on total turnover, not net profit. Authorities have already issued penalties reaching hundreds of millions, even exceeding a billion euros.

GDPR global reach

The GDPR influenced not only global companies but also legislators. Even though the US doesn’t have a federal data protection regulation, more states are regulating the field.

The most significant example is the California Consumer Privacy Act (CCPA), as California is a large tech market home to many big companies residing in Silicon Valley.

Users are becoming more privacy-aware

The legislators weren’t the only ones to address the privacy concerns raised, nor were they the first. Due to whistleblowers like Edward Snowden, people started taking better care of their (online) privacy.

As a result, besides rejecting unnecessary cookies, privacy-aware users are relying on tools such as ad and cookie blockers, DoNotTrack settings, VPNs, private browsers, and incognito modes to cloak their traffic. That has two main effects:

• Reducing the accuracy of cookie-based analytics, which rely on granular profiling;
• Increasing user concerns about data consent requests and privacy ethics.

So not only is using cookie-based funnel analytics less accurate than it used to be, but it also raises privacy concerns amongst users who don’t want their personal data processed for marketing purposes, affecting brand reputation and ethical standards.

Why many cookieless solutions are not truly privacy-preserving

With the rise of privacy concerns and compliance headaches surrounding them, some businesses began seeking alternatives to cookie-based analytics.

As a result, many privacy-friendly analytics platforms started emerging on the market, promising compliance by not relying on third-party cookies for data collection.

Cookies aren’t the issue—unnecessary personal data processing is

Third-party cookies, on their own, are just a method for collecting personal data. Although cross-site tracking and data brokering are intrusive, removing them is a step in the right direction, but only doing that isn’t enough.

Therefore, removing cookies but tracking personal data differently, even when the same purpose can be achieved without personal data tracking, opposes one of the key privacy principles highlighted in the GDPR—data minimization.

So, even though privacy-friendly analytics tools don’t rely on third-party cookies, they still process personal data in other ways.

Hidden tracking methods

Instead of cookies, privacy-friendly analytics tools implement several different methods to gather data.

One example is IP hashing—a method of encoding an IP address for privacy. Even though the result is privacy-friendly, the act of hashing is still personal data processing, as the IP address is considered personal data.

Therefore, personal data processing still requires consent even if no cookies are used. Regardless of the claims of privacy-friendly cookieless tracking solutions, you will still be required to show consent banners.

The same goes for user profiling, session storage, local storage, and different types of fingerprinting. Even if the website visitor tracking software doesn’t rely on raw personally identifiable information, the combined data they use can be traced back to individual users, which makes it personal data processing.

What a truly cookieless and GDPR-compliant funnel analytics solution looks like

A truly cookieless and GDPR-compliant funnel analytics solution should be private by design. Only privacy-first software that processes no personal data will not require consent banners while still being GDPR-compliant.

Here’s how mandera, a private-by-design analytics platform, gives you actionable website traffic insights without infringing privacy:

No cookies, no IP tracking, no fingerprinting.

mandera doesn’t process any personal data. So, if no personal data is collected, no consent is required.

IP addresses are removed from every request, and no user profiling exists. We only rely on aggregated data that can’t be traced back to individual users:

• Time zones
• Referrer domain and UTM tracking
• Time stamps
• Basic device information

Combined, that data is sufficient to identify a unique visit, allowing us to show accurate metrics without infringing privacy.

Anonymous visitor flows

mandera will show you automatic visitor flow analytics based on aggregated data. You will see predictions of how users move from one page to another after they enter your website without tracking individual behavior.

You can also create custom user flow predictions to help determine whether visitors are moving in the desired direction.

That will allow you to make funnel improvements while remaining GDPR & CCPA compliant.

Private but accurate tracking

Because mandera doesn’t process personal data, analytics won’t be affected by VPNs, ad blockers, private browsers, and incognito modes.

You will get accurate website traffic data you can actually understand and use, displayed in a clean and intuitive dashboard.

Clean UX, impeccable brand reputation

Because personal data is not processed, visitors can focus on your content without having their UX interrupted by consent banners.

Moreover, the fact that you care about visitor privacy by implementing privacy-first solutions will strengthen your brand reputation, as privacy-aware visitors respect businesses that maintain high ethical standards.

The limitations of privacy-first analytics

While privacy-first analytics give you an accurate website tracking overview without tracking individual visitors, that level of privacy doesn’t come without limitations.

If you want granular tracking that will let you, for instance, accurately A/B test several funnel scenarios, you will still need to rely on cookie-based conversion funnel analysis. Those tools will give you detailed insights about each step users take through your funnel, allowing you to make pinpoint optimizations.

While granular funnel analysis helps with precise targeting, it is still a growing privacy and compliance concern. If you want to use it, do so with explicit user consent and in a minimal way necessary to achieve your marketing goals.

Our conclusion

While traditional funnel analytics often include granular user tracking and enable detailed campaign optimization, they frequently compromise privacy.

Privacy-friendly tools don’t have the same targeting capabilities, but they do a better job privacy-wise, as they eliminate cookies and direct profiling. However, they still process personal data, requiring consent screens.

Since privacy-first tools don’t allow granular tracking, they offer accurate and fully compliant metrics. Because no personal data is processed, no consent banners are required to keep the user experience clean and improve brand reputation among privacy-aware users.

Do you want a simpler way to do funnel analytics – without personal data? Try mandera analytics today – a privacy-first, 100% cookieless & fully GDPR-compliant website tracking solution.

In this article, we will discuss web tracking tools, define them, and focus on three main types: cookie-based tracking, privacy-friendly tools, and privacy-first web analytics.

We will also discuss how regulators are reshaping the privacy field and how privacy-aware users are looking for alternatives to Google Analytics. Those shifts created a new market for privacy-friendly and privacy-first analytics tools that will provide accurate analytics data without compromising user privacy.

What Are Web Tracking Tools?

Website tracking tools allow businesses to analyze website traffic data and user behavior. They provide important insights such as:

• Traffic volume
• Traffic sources
• Top pages
• Time spent per page
• User flow predictions
• User device information
• User locations
• And much more

Leveraging this data enables businesses to optimize campaigns and create smoother, more effective user journeys, resulting in better conversion rates.

However, traditional web tracking tools are a growing concern as they are compromising user privacy.

How Do Web Tracking Tools Work – 3 Main Types

While all web traffic tools have a similar purpose—analyzing web traffic and user behavior—the way they approach it makes a big difference, especially when it comes to privacy:

Type 1: Cookie-based tracking

Cookie-based website analytics used to be the primary method of user tracking. Cookies are small pieces of code stored in users’ browsers, collecting information about user behavior in real-time.

The issue is that cookies continue to track data even when users move to other websites. While that is useful for marketing purposes, as website owners have detailed behavior analytics, it can raise privacy concerns.

After the introduction of the General Data Protection Regulation (GDPR), websites must ask for explicit consent to store non-essential cookies on users’ browsers. To collect personal data processing consent, website owners need to implement cookie consent banners, which affect the UI and UX.

Type 2: Privacy-friendly tracking 

Regulators aren’t the only ones acknowledging the link between third-party cookies and personal data—users know their personal data is a valuable resource that can be misused.

Many users rely on virtual private networks (VPN), ad and cookie blockers, DoNotTrack settings, private web browsers, as well as incognito modes to protect their privacy. As a result, cookie-based analytics aren’t as accurate in these cases.

Plus, when privacy-conscious users see third-party cookie consent screens, they will likely question the ethical standards of companies using intrusive tracking methods for marketing purposes.

For those reasons, privacy-friendly web tracking tools have started emerging. Instead of using third-party cookies, privacy-friendly analytics rely on different methods, such as:

• IP address anonymization and hashing
• No tracking across websites
• Minimal personal data processing
• No user profiling

While these methods are certainly a step in the right direction regarding privacy, they may still cause compliance risks.

Minimal personal data processing still requires consent

GDPR requires explicit consent for personal data processing, regardless of the amount and form. While privacy-friendly tools try to anonymize personal data, they still process it on their servers sometimes.

One example is IP hashing, which replaces IP addresses with a fixed string of characters. Even though a hashed IP address is hard to break, the process of hashing is considered data processing, as IP addresses are considered personal data.

Privacy-friendly web tracking tools may rely on fingerprinting, which combines several pieces of information and assigns each user a unique identifier.

Even though each piece of information wouldn’t be considered intrusive, combining precise details on user location, device, and system and assigning a unique identifier is regarded as personal data processing, as it can be traced back to identify an individual user.

Because of this, using privacy-friendly analytics still requires explicit user consent despite avoiding third-party cookies.

Plus, processing personal data on your servers carries compliance and reputational risks. For example, even if you offer users ways to refuse cookies if it is too difficult, you may still be fined for non-compliance.

So even though they are not using third-party cookies, privacy-friendly analytics solutions may cause compliance concerns, and the consent banners still affect the UX.

Type 3: Privacy-first web-tracking tools

Privacy-first web tracking tools, like mandera, allow you to track user behavior and optimize your website without infringing privacy. Here’s how we do it:

Private by design

Unlike privacy-friendly analytics, which use methods to minimize and anonymize personal data processing, mandera is private-by-design and doesn’t process any personal data, not even the IP address.

With mandera, there is no hashing, fingerprinting, profiling, or similar attribution methods—the IP address is dropped from every request. mandera only tracks aggregated data that can’t be traced back to individual users, such as:

• Time zones
• Referrer domain
• Timestamps
• Basic device and OS information

While that information can’t be associated with individual users, it’s still precise enough to allow mandera analytics to distinguish individual website visits and show actionable metrics:

Full regulatory compliance without consent banners

Because personal data is not processed or stored, you will fully comply with the CCPA and PECR without displaying consent banners.

As a result, your UX will remain uninterrupted, allowing website visitors to engage with content without consent pop-ups.

mandera is a German company with servers located in Germany. The data is fully encrypted and always remains within the EU, all in accordance with the GDPR.

Accurate metrics

As a privacy-first web analytics platform, mandera doesn’t rely on cookies to display analytics.

There is no personal data processing and profiling, so VPNs, ad & notification blockers, incognito modes, and private browsers won’t interfere with the results.

As a result, mandera will show accurate analytics while fully respecting users’ privacy.

User flow overview

mandera will show you an intuitive user flow overview to help you understand how users behave once they enter your website.

You can also create custom user flows to help you understand how many visitors navigate your website and make further optimizations.

Simple to set up, optimized for performance, an intuitive dashboard

mandera has a lightweight script that won’t slow down the website’s performance. The installation is simple via API integration, and will be ready in minutes.

Our intuitive dashboard will give you a detailed but easy-to-understand analysis of visitor metrics and user engagement patterns. The data is simple to understand and actionable without excessive complexity.

Transparent pricing

mandera has a simple pricing structure—you pay per domain for up to 500k monthly visitors. If your traffic approaches the 500k monthly visitor limit, we will kindly notify you in advance and ask you to upgrade to our Enterprise plan.

But, until then, traffic spikes will not be a source of concern—you will look forward to them, as more leads will ultimately translate into more conversions.

Web tracking tools – our conclusion

While cookie-based tools such as Google Analytics used to be the go-to web tracking method, businesses increasingly understand the importance of privacy and how maintaining high ethical standards strengthens business reputation.

Even though privacy-friendly tools make an effort to protect user privacy, they are still a step away from full compliance. Personal data is still sometimes processed, requiring consent.

Privacy-first tools like mandera allow you to collect website traffic information accurately without processing personal data. Your website will be fully compliant, and users will not be affected by intrusive consent banners.

Try mandera with our free trial today, and enjoy a cookieless web analytics tool with full GDPR compliance.

In this article, we will discuss why businesses are moving away from cookie-based user tracking and how so-called privacy-friendly cookieless tracking software may still cause compliance and privacy concerns, regardless of their claims.

Lastly, we will take a look at privacy-first cookieless tracking solutions that will give you valuable tracking insights without compromising personal data of your website visitors.

Why is cookieless tracking becoming increasingly important?

Before we dig deeper into cookieless tracking and privacy, we will first explain why businesses are shifting away from cookie-based analytics in the first place:

Third-party cookies and privacy risks

Since the internet’s early days, businesses have understood the importance of analyzing website traffic. Getting more of the right kind of exposure to your website means more leads and, eventually, clients and customers.

Because of this, website analytics tools that allow user tracking have become vital parts of businesses’ digital marketing arsenals worldwide. 

The default way of tracking users was through third-party cookies, small pieces of code stored on users’ web browsers and run in the background, collecting data.

Privacy issues

While cookie-based tools such as Google Analytics used to be an effective solution to track user behavior, the level of precision they allowed had significant implications on user privacy.

Third-party cookies store data that allows external services to track users across websites. At first glance, this doesn’t seem all that important, as most of the data is technical—IP addresses, device information, precise location information, basic demographic information, and purchasing habits.

However, when combined, this information can be used to create detailed user profiles, which are incredibly valuable for website owners in their marketing efforts.

That’s why you often see ads “following” you around the web and displaying products you recently viewed—a cookie stored on your browser remembers your preferences, allowing ad targeting and much more.

Legislator’s response to modern technologies

The importance of privacy as a concept is nothing new; it is a part of the Universal Declaration of Human Rights and the United States Constitution. However, the modern digital era required a new approach as the older legal framework wasn’t specific enough.

EU privacy laws

The EU recognized this need, and its ePrivacy Directive was a step in the right direction. It established rules for the interception, storage, scanning, and surveillance of users.

However, the General Data Protection Regulation (GDPR) revolutionized internet privacy and website tracking by introducing strict rules around the use of cookies and personal data.

After the GDPR became fully effective, websites could process user data only with explicit user consent. Website owners are now required to display complex cookie consent banners that interfere with website design and user experience.

Even though the GDPR is an EU regulation, it applies based on the location of the user, not the business. If your organization processes personal data of individuals located in the EU, you are required to comply with GDPR—regardless of where your company is based. This extraterritorial scope triggered a wave of global compliance, as the EU represents a highly valuable market with over 450 million people.

International privacy laws that followed the GDPR approach

After the GDPR, other legislators followed:

• California Consumer Privacy Act: The CCPA is an essential document that raises the privacy bar in California, the home state of many global companies based in Silicon Valley.
• UK GDPR: Even though the UK left the EU, it has created its own version of GDPR, retaining its core principles.
• Brazil LGPD: Brazil, another huge market, introduced its General Data Protection Law in 2020, which shares the same values as the EU GDPR.

Users are opting out of cookie tracking too

Legislators aren’t the only ones raising concerns about cookie use—users themselves are taking active measures to prevent cookie tracking.

They can refuse cookies manually, but many ad blockers and similar tools also have built-in privacy features that block cookies or clean browsing data automatically. 

Plus, many users rely on VPNs to cloak their traffic, DoNotTrack settings and incognito windows, as well as private browsers and search engines that prevent tracking.

The reason behind this change is simple: people are becoming increasingly aware of their privacy and how major companies monetize their personal information.

According to a 2024 study by bitkom, 76% of internet users feel annoyed by cookie banners, and 68% say they don’t want to deal with them at all. More than half (51%) even avoid certain websites altogether because of excessive cookie prompts.

When this type of privacy-aware user notices third-party cookie consent screens on your website, they may raise questions regarding your company’s ethical standards, which can negatively affect your brand reputation.

However, those privacy-focused tools will also interfere with cookie-based tracking results. While this used to be accurate and granular, the data you get will now be far less reliable simply because a growing portion of visitors are doing what they can to prevent tracking.

The problem with many “cookieless” solutions

As you can see, both legislators and users have recognized cookie tracking as problematic, primarily from a privacy perspective. Because of this, cookieless tracking is booming in popularity.

What is cookieless tracking?

Instead of relying on third-party cookies for tracking, privacy-friendly cookieless solutions gather first-party data directly from your website. That means there is no tracking across websites, and data brokers, advertisers, and tech giants won’t have access to your users’ data.

While server-side tracking sounds great and is definitely a step in the right direction, these privacy-friendly tools miss the core issue. The problem isn’t cookies alone—unnecessary personal data processing is what legislators and users are trying to prevent.

IP address processing still requires consent

Even if third parties don’t monetize users’ personal data and no cookies are used for tracking, you might still be required to display a consent banner—depending on the type of data being processed.

Under regulations such as the GDPR, ePrivacy Directive, and PECR, IP addresses are considered personal data. Any information that can be used to identify a person—either directly or when combined with other data—falls under the definition of personal data and may trigger consent requirements.

Privacy-friendly tools often avoid cookies but still generate unique identifiers based on hashed IP addresses, precise geolocation, device characteristics, and fingerprinting techniques. While this data may not contain raw personally identifiable information (PII), it is still processed on servers and can potentially be used for re-identification—especially when linked with other data points. This introduces two issues:

Consent obligations: If personal data is processed, even without cookies, explicit user consent might be necessary.

Compliance risks: Hosting or transferring such data—especially outside the EU—can create GDPR vulnerabilities. In case of a data breach, personal data on your servers could be exposed, which is exactly what privacy laws are designed to prevent.

In short, even if tools are labeled “privacy-friendly,” they may still process enough data to require consent banners. For privacy-conscious organizations, this legal uncertainty itself is a strong argument to choose truly privacy-first tools that avoid personal data processing altogether—and remove the ambiguity from the equation.

How mandera implements a truly privacy-first and cookieless tracking solution

mandera is a privacy-first cookieless tracking solution that processes no personal data whatsoever. Here’s what sets us apart:

No personal data processing

We don’t use techniques such as cookies, IP hashing, fingerprinting, or profiling—mandera is private-by-design and we eliminate the IP address from every request. As a result, no IP addresses get into contact with mandera servers or your website, which means there is no personal data processing or storing.

Track accurately without consent banners

Without relying on cookies and personal data, we provide accurate website traffic data by combining unintrusive tracking methods that allow us to distinguish and count individual visits. We rely on time zones, referrer domains, time stamps, UTM parameters, and broad device information, none of which is considered personal data.

As a result of no personal data processing, you are not required to display consent banners.

Additionally, since there are no cookies, ad blockers, VPNs, and private web browsers won’t interfere with analytics. 

Full regulatory compliance

Because there is no personal data collection or processing, mandera is GDPR and CCPA compliant and in line with many other leading privacy regulations.

Additionally, mandera is a German company with servers located in Germany, ensuring that all data remains within the EU at all times.

Intuitive and lightweight

mandera’s sleek dashboard shows metrics you can understand. User flow predictions will indicate where users go next after they end up on your site.

You’ll be able to track several websites from a single dashboard and also share viewing access with your team or clients.

mandera analytics won’t slow down your website—our script is lightweight, and the installation is straightforward. Everything will be ready and running in just a couple of minutes.

Fair pricing

With mandera, you don’t have to worry about sudden traffic spikes causing your invoices to skyrocket. You pay per domain, so there will be no surprises or confusion.

If your traffic exceeds 500k monthly visitors, we will kindly notify you and ask you to upgrade to our Enterprise plan. But, until then, traffic spikes will be something you look forward to. As every marketer knows, more visitors on your website will mean more leads and, eventually, conversions.

Our conclusion

As you can see, privacy-friendly cookieless tracking is still a step away from full compliance. Yes, you won’t use cookies, but personal data is still being processed sometimes, posing compliance risks and requiring consent banners.

mandera is a privacy-first analytics platform that provides accurate website analytics without personal data processing. It offers true privacy and requires no consent screens or data processing notifications, keeping your UI clean and UX impeccable.

Try mandera now, completely free – a 100% privacy-first & fully GDPR-compliant cookieless tracking solution.

This article provides a detailed comparison between mandera and Google Analytics, examining their features, differences, and overall approach to website analytics. 

We’ll explore why mandera stands out as a strong Google Analytics alternative, offering reliable website traffic insights while prioritizing user privacy and full compliance with modern data protection regulations.

Why businesses are looking for Google Analytics alternatives

Google Analytics (GA) has long been the go-to solution for tracking website users, primarily due to its feature set allowing granular targeting. It is also frequently used with other Google marketing tools, like Google Ads, to serve targeted campaigns.

However, granular user tracking and targeting came at a massive cost—infringing on user privacy.

Online audiences became increasingly aware of and complained about ads “following” them around the internet. They would browse a random product, and the same item would appear all over the web—in sidebars while they read the news, in the middle of YouTube videos, and in their Google Mail Promotions tab.

One of the main reasons why that happens is the fact that Google Analytics relies on cookie data to track user behavior.

The privacy issue with third-party cookies

Cookies are small pieces of code stored in a user’s browser when they visit a website, allowing data to persist as they navigate the web.

The problem is that cookies remain active even after users leave the original website, continuously tracking their activity across different pages. This enables the company that set the cookie to keep collecting behavioral data, often without users being fully aware of it.

Furthermore, GA data is indirectly accessible by third parties via Google Ads. That is why ads are so effective in “stalking” us around the web. They are based on a large amount of behavioral data used for profiling, and advertisers can target us based on our preferences and habits.

While that information can be useful for marketing activities, this method of collecting personal data is overly intrusive. It conflicts with some of the core rights guaranteed by the Universal Declaration of Human Rights, such as the right to privacy.

Still, a more precise and modern legal framework was needed to tackle the nuances of the digital era, which led to more privacy regulations.

How regulators intervened

While several privacy regulations impacted global privacy, such as the ePrivacy directive, which still applies today, there was no real breakthrough regarding cookies until the mid-2010s.

The General Data Protection Regulation (GDPR) reshaped the global privacy sector. It applies not only to the territory of the EU but also to the data of its citizens. This means that foreign companies need to comply with GDPR if they want to process data of EU citizens. Considering that the EU is a large and wealthy market, this had global consequences.

Soon, other legislators realized the importance of privacy standards set by the EU and the impact of the GDPR. What followed was a wave of synchronization and national laws that share a similar level of privacy protection. The California Consumer Privacy Act is a prime example of how also the US states are introducing a new level of privacy.

GDPR impact on website analytics solutions

The GDPR revolutionized website analytics, too. Once it was introduced, explicit data processing consent became a requirement. Practically, before any cookies are stored, you are now required to display complex consent banners.

Those cookie notifications and consent banners not only disrupt the user interface and experience but also cause compliance concerns and hefty fines for making it hard to refuse cookies.

However, legislative changes, compliance fines, and cookie banners have had an additional consequence: users are becoming increasingly aware of their privacy.

As a result, more and more website visitors are using ad blockers, VPNs, DoNotTrack settings, and similar technical methods to protect their privacy.

However, users are also increasingly aware that some companies are misusing their private information, which is why respecting privacy matters for ethical business conduct for companies that care about brand reputation.

The problems with Google Analytics

We have covered how new privacy regulations have affected the world of web analytics, but let’s now speak about Google Analytics and the problems businesses face when using this tool:

Google Analytics and GDPR compliance issues

The Google Analytics Suite relies on cookies to provide traffic analytics. Cookies not only track users’ interactions with your website but also collect information across the web.

Because of third-party cookies and cross-site tracking, you must implement cookie consent banners on your website. If not, you could face fines for non-compliance, reaching as much as €20 million or 4% of your yearly turnover.

Conversely, displaying the banners will negatively impact the user experience, as website visitors will need to navigate through complex legal information and tickboxes instead of focusing on the content of your pages.

Furthermore, Google is an American company with (cloud) servers spread across the globe. This will cause further GDPR compliance issues, as taking user data outside the EEA is problematic.

Google Analytics data is shared with other Google services

Google profiles users based on their preferences and behavior. That is why services such as Google Ads are so effective in targeting users—Google collects data across websites, and its algorithm assigns unique identifiers, allowing granular targeting.

While third parties cannot access personally identifiable information directly, they can use other Google services based on that data.

The most famous example of why this type of profiling is so privacy-infringing is the case of TARGET and their marketing campaign targeting pregnant women solely based on their purchasing habits.

Situations like that were one of the reasons privacy regulations needed to be updated and in line with modern technologies, eventually leading to the GDPR.

Complex UI, unreliable data, and potential performance issues

GA can be useful for granular tracking, but its interface is quit complex—especially for teams that simply want clear, reliable insights into their website traffic.

In addition, ad blockers, DoNotTrack settings, private browsing, and the growing tendency of users to reject cookie banners are steadily limiting the tool’s ability to gather meaningful data. This leads to less reliable traffic reports and questionable data quality.

But beyond performance and usability issues, there’s a deeper risk: brand reputation.
Using a tool widely associated with aggressive tracking and opaque data-sharing practices can reflect poorly on companies—especially those aiming to position themselves as privacy-conscious and ethically responsible. In a climate where user trust and transparency are increasingly vital, continuing to rely on Google Analytics could signal the wrong values to your audience.

You may be undermining your brand image while getting less reliable data in return.

mandera analytics vs. Google Analytics – Key Differences 

mandera is a privacy-first web analytics platform that provides reliable website data without infringing privacy. Here’s what separates us from Google Analytics:

1. Privacy & Compliance

Google Analytics, as a cookie-based solution and a small fraction of the Google ecosystem, poses privacy, compliance, and ethical dilemmas.

At the most basic level, you are required to show cookie banners and disturb the website interface. However, at the core level, the fragile personal information of your website visitors will be indirectly accessible and used for targeting by third parties. Even if this is done with consent, it is still a questionable practice from an ethical standpoint.

What’s more, third-party cookies and intrusive tracking are under increased regulatory scrutiny. Even Google Chrome will end support for third-party cookies in the future, signaling the industry’s shift toward stricter privacy regulations.

mandera’s approach:

mandera doesn’t process personal data. Because of this, you are not required to show cookie consent banners while still being fully compliant.

Our technology relies on data that can’t be traced back to individual users, so it is not considered personal information.

For example, we remove the IP address from every request by default and respect the DoNotTrack settings. Our technology allows us to distinguish individual visits and show accurate numbers, even though we are not processing personal information:

Because there is no personal data processing, mandera will future-proof your business against upcoming regulatory changes that will likely put new limitations on personal data access.

2. Data Ownership & Third-Party Access

Google Analytics is part of the Google ecosystem, which means it shares universal analytics with its other services, such as Google Ads and Google Search Console. In other words, visitor analytics will be indirectly accessed by third parties and used for targeting purposes across websites.

Additionally, Google is a global company with servers located worldwide. That means your website visitors’ data will be transferred to locations outside the EEA, which is problematic from a GDPR standpoint.

mandera’s approach:

With mandera, there is no data sharing nor third-party access.

mandera servers are based in Germany, and only you can access your data. Because we don’t store or process personal information, there will be no personal data on our servers in the first place, minimizing the possibility of personal data leaks or breaches.

In other words, your data stays yours and will not leave the EEA, making mandera fully GDPR-compliant.

3. Tracking Methodology

Google Analytics assigns each visitor a unique identifier and relies on cookies to track website data and behavior. That creates data privacy and compliance concerns.

Because users are aware of their privacy, they increasingly use tools such as ad blockers, VPNs, incognito browsers, and similar technologies to cloak traffic. This interferes with Google Analytics and may cause unreliable traffic metrics.

mandera’s approach:

mandera doesn’t use cookies, and there is no personal data processing.

Instead of storing IP addresses, tracking precise traffic sources, using cookies, or privacy-friendly techniques such as fingerprinting, hashing, or assigning unique user identifiers, mandera relies on data that can’t be tied to any individual user, not even when combined with other information. The real-time analytics we monitor include:

• Time zones
• Site referrer
• Time stamps
• UTM Parameters
• Basic device information

Our goal is to distinguish individual visits and to separate new from repeating traffic, while we don’t use any invasive techniques to achieve that.

4. User Experience & Consent Banners

Google Analytics relies on cookies to process data. Because of this, you are required to present users with difficult-to-understand cookie consent banners.

Not only may this cause further compliance issues, but it also doesn’t look good on your website, as it distracts from the content.

mandera’s approach:

Because mandera doesn’t process personal information, you aren’t required to display cookie consent banners. This will keep your website interface clean, and users will focus on the content.

Since cookie blocker settings and ad blockers won’t interfere with the results, mandera tracks website traffic accurately.

5. Performance, set up, and usability

You often hear Google Analytics users complaining about its script hindering website performance. But page speed is not only important for the user experience; it is also one of the well-known ranking factors

Also, the Google Analytics 4 interface will take some time to get used to, which is also one of the primary complaints users have had since its launch.

mandera’s approach:

mandera has a lightweight script that will not hinder the performance of your website.

The installation is super fast, and mandera will be ready in minutes after you connect your website. So, there are no cookie banners that will interfere with the interface and no heavy script that can lower the website performance.

Not only will it have a negative impact on your website UX, but mandera also has a simple dashboard that is very intuitive. Basic analytics will be available at first glance, allowing you to make the correct conclusions without overwhelming details.

6. Pricing & Business Model

While Google Analytics has a free plan, that is for a reason—Google’s primary source of income are ads and user data monetization. They collect analytics data across websites that use their services and later monetize it by providing paid advertising.

That approach creates many ethical concerns, which can affect your business’s reputation. Users are becoming increasingly aware of their privacy, and they are looking to avoid companies that don’t maintain ethical standards and use services that carry privacy risks only because they are free.

mandera’s approach:

mandera is a state-of-the-art, privacy-first solution. While we have a free trial, our service isn’t free—you pay a fixed price for each domain you use. Because mandera’s paid plan doesn’t scale with traffic, you won’t have any unpleasant surprises when you receive our invoice.

As a private-by-design tracking web analytics tool, mandera doesn’t store or process any personal information in the first place, so no third party can access the user’s data.

With mandera, there is no data monetization whatsoever—your data stays yours.

Conclusion

Even though Google Analytics provides you ways to granularly track users, compliance issues, ethical concerns, complexity, and performance issues are some of the reasons why more and more businesses prioritizing privacy are shifting towards privacy-first tools.

mandera is a private-by-design GA alternative that will provide actionable website traffic data and insights into user flows, all while respecting privacy and staying compliant with GDPR.

Try mandera today, completely free, and explore accurate web analytics without privacy concerns.

Visitor tracking via third-party cookies was the cornerstone of user metrics and marketing for years. But, users are more privacy-aware than ever, and regulators are working hard to reduce the amount of personal data websites process.

That’s why we have a new generation of website visitor tracking software built with privacy in mind. It gives you accurate results while protecting users’ fragile personal information.

What is visitor tracking in general, and why do you need it?

Visitor tracking is a process of tracking and analyzing the information about users who visit your website, particularly insights into visitor behavior, such as:

• Pages they visit and interact with
• Traffic source
• Information about the devices used for browsing
• Location-specific information
• The amount of time they spend on your pages
• Total website traffic aggregate and averages
• More advanced statistics such as user flows, heat maps, visitor demographics, and detailed user behavior metrics.

As you can see, the information tracking software displays is incredibly useful. It will help you uncover information about website traffic and allow you to optimize your pages and marketing campaigns to improve the user experience and conversion.

What features should you look for in website visitor tracking software?

While tools for tracking website visitors differ, the best website analytics tools offer most of these features:

• Total traffic volume: This will allow you to see how many visitors your site receives and compare analytics data periodically. This information will tell you a lot about the success of your SEO activities.
  
  
• Page traffic volume: In addition to total website organic traffic, seeing which page receives traffic and its source is incredibly valuable for optimizations.
  
  
• User flow analytics: Tracking visitor behavior once they enter your site will allow you to optimize their entire user experience while interacting with your website.
  
  
• Privacy features: As you are about to see, the Achilles heel of traditional website tracking software is privacy—the granular results come at a high cost, infringing fragile personal data for marketing purposes.
  
  
• Ease-of-use: While you want a powerful tool, it should also be simple to use, with an intuitive dashboard as well as useful and actionable visitor tracking data.
  
  
• Fair and predictable pricing: If pricing scales with traffic, it can become a problem, as you never know what you can expect on a monthly basis. That can result in a catch-22 situation—you are happy that the website traffic drastically increased during the Black Friday spike, but you are unpleasantly surprised when you see the invoice amount.
  

How traditional website visitor tracking infringes privacy

We have mentioned how traditional website analytics have a poor reputation for infringing user privacy, which is one of their main downsides. Here is a list of their problematic features that will help you understand how they work:

How traditional third-party cookies work

The default method of user tracking was third-party cookies, pieces of code that were quietly installed on users’ browsers. These cookies tracked users and collected valuable data that website owners could use to optimize their content.

What’s more, a third-party cookies-powered tool like Google Analytics tracks users across websites, giving insights into user behavior and preferences, allowing site owners to serve dynamic, targeted content.

While this granular approach to user metrics does have certain advantages for sales and marketing teams, it comes at a high cost of infringing user privacy.

Cookie banners and compliance headaches

Over time, user data has become an incredibly valuable resource as tech giants indirectly monetize it to optimize their advertising programs. Relying on third-party cookie analytics can result in a website’s visitors’ data being reused on other websites, creating privacy concerns.

The EU was the first major legislator to recognize the problem, which was addressed in detail in the famous General Data Protection Regulation (GDPR). Other major markets soon followed with regulations, such as California’s Consumer Privacy Act (CCPA). As time went by, the GDPR became the gold standard as more countries released privacy laws that aligned with GDPR recitals.

After GDPR, you are required to greet visitors with complicated cookie banners and pop-ups that require them to select the amount of personal data that will be collected for tracking purposes. If you don’t do this adequately, you are facing drastic fines for non-compliance that can go as high as €20 million or 4% of your global annual turnover.

User interface problems

If you want to comply with privacy regulations and display cookie notifications and pop-ups, you are taking users’ attention away from your content.

Then again, if you try to reduce the size of the pop-ups, you risk being non-compliant as you are making it hard for users to reject cookies, which will also result in fines.

Accurate results? Not anymore

While cookie-based website visitor tracking software used to have a clear advantage in terms of the precision of the metrics it provides, that is no longer the case.

Legislators aren’t the only ones trying to protect privacy—users themselves are becoming increasingly aware of their fragile rights and the way tech giants misuse their information.

An increasing number of features, such as Do Not Track, ad blockers, privacy-oriented browsers, and search engines, contribute to inaccurate results of cookie-based software. Even tech giants such as Apple and Google are announcing they will end the support for third-party cookies on their devices in the near future.

Not only are legislators tightening the rules, but even tech companies and users are moving away from cookie-powered metrics. As a result, you will not be able to estimate web traffic accurately, as a growing number of users are refusing cookies or using devices and tools to cloak their traffic. In other words, third-party cookies are no longer what they used to be, especially regarding accuracy, creating problems for sales teams in traffic and conversion tracking.

Third-party cookies and reputational risks

Even if you are GDPR compliant and fine with cookie banners interfering with the UX, using third-party tools can cause reputational risks.

We have already mentioned that visitors are increasingly aware of their privacy, which is why they use tools to protect it. When privacy-aware users see cookie notifications, it often becomes a red flag in their eyes—the website they are visiting is collecting their personal data and is likely sharing it with third-party websites and tech giants.

If that is the case with your website, privacy-aware users might question the ethical principles behind your brand, which can hurt your reputation in the long run.

Can you track website data without infringing privacy?

Due to rising privacy awareness, website owners are faced with a dilemma: How can they accurately monitor website traffic without interfering with personal protection regulations?

The answer lies in privacy-friendly and privacy-first website tracking software.

Privacy-friendly analytics: An improvement, but still not ideal

Privacy-friendly website visitor tracking tools gets rid of third-party cookies, which is a step in the right direction when it comes to privacy.

Instead, they rely on tracking methods such as:

• First-party and server-side tracking: Privacy-friendly tools gather data from the website server, not relying on third-party sources. While this is good, the type of data collected still matters—IP addresses are still considered personal data, as users can be identified based on them, regardless of whether indirectly.
  
  
• IP hashing: To mask IP addresses after processing them, privacy-friendly analytics hide them via a technique called hashing, which replaces all IP addresses with fixed-length strings. The problem is that these addresses are not entirely private; they are still being processed on the website’s server while being hashed, creating privacy concerns.
  
  
• Other fingerprinting techniques: Once a visitor opens a website, some privacy-friendly tools might assign it a unique identifier based on their geographical location, device used for browsing, network data, and certain settings. Even though these pieces of information can’t be used independently, in combination, they can be traced back to individual users. From a privacy standpoint, fingerprinting is still personal data processing.

While privacy-friendly tools respect privacy, they only do it partially. Privacy-friendly analytics still process personal data, which is why consent banners are still mandatory.

Privacy-first analytics: A true private solution with reliable user metrics

Privacy-first website visitor tracking tools provide you a way to track users accurately without infringing privacy. 

Rather than relying on processing IP addresses, hashing, and fingerprinting, privacy-first solutions measure data that is impossible to trace back to individual users. In other words, true privacy-first analytics don’t process any personal data.

Instead, they rely on data that can not be used for website visitor identification, even if it is combined with other similar pieces of information. For example, instead of using precise geographical locations, privacy-first tools can use time zones—the result will be precise enough to distinguish individual visits but not accurate enough to track them back to a single person, even when combined with other data.

As a result, using privacy-first web analytics won’t require consent banners and pop-ups. You will remain compliant, and your UX and brand reputation will remain intact.

But because there is no data processing, ad and pop-up notification blockers won’t interfere with the data. You will see accurate metrics, which cookie-based analytics can’t give.

In other words, privacy-first tools give you the best of both worlds—compliance without consent banners combined with reliable data.

How mandera helps you measure visitor traffic and truly respect privacy

mandera is a private-by-design website tracking software that will give you useful user data while keeping you fully compliant. Here’s what makes mandera unique:

True privacy-first solution

mandera is built with privacy in mind, and we don’t process any personal data.

With mandera, there is no IP hashing, fingerprinting, or IP storage. By default, we drop the IP address from every single request, so there’s no IP processing.

mandera respects DoNotTrack requests. Users who have turned on these settings won’t be taken into account.

Because of this, the technical information process isn’t considered personal data, as it can’t be traced back to individual users.

Plus, our servers are based in Germany, are fully encrypted, and the data is only accessible by you, making our service safe and fully GDPR and CCPA-compliant.

Private but accurate visitor metrics

We also don’t assign unique identifiers to users but instead rely on an untraceable combination of metrics such as:

• Timestamps
• Time zone tracking
• Time spent on page
• Anonymized user agent
• Basic device information
• Referrer domain

This type of information allows us to distinguish individual visits without processing personal data:

Furthermore, mandera gives us accurate readings, as no personal data processing means ad-blockers, and rejecting cookies won’t interfere with the results, as they do with traditional tools.

We can also display user flows, giving you predictions of where users are likely to go after they enter your website.

Sleek interface and a lightweight script

mandera has a sleek and intuitive interface that displays essential information about traffic. 

The script is super lightweight, easy to install, and provides metrics in minutes through our intuitive dashboard.

Transparent pricing

mandera pricing is simple, as you only pay a fixed price for each domain. If your traffic exceeds 500k pageviews per month, we will notify you to upgrade to our Enterprise plan.

As a result, you don’t have to worry about website traffic spikes—with mandera, there will be no unpleasant surprises in invoices.

Our conclusion

Privacy first website visitor tracking software combines the best of both worlds: privacy and quality metrics. It allows you to collect accurate traffic information without processing fragile visitor data.

Because of this, pop-ups and consent banners will not be needed, keeping the website interface intact. Additionally, visitors will notice that you respect their privacy and that your company maintains high ethical standards, which you can be proud of.

Sign up for mandera free trial today and see why privacy-first tools are the future of website tracking software.

There’s no denying that choosing privacy friendly analytics is a step in the right direction when it comes to respecting the privacy of website visitors.

However, simply “respecting” privacy is not enough. To comply with privacy regulations and maintain a sturdy reputation among your audience, it is important to fully protect that privacy by not processing personal data at all.

As you are about to see, privacy-friendly analytics solutions fail to deliver on that front, as they still process personal data, regardless of their claims. 

What are privacy friendly analytics?

Before discussing privacy-friendly analytics, we will briefly explain how traditional analytics work and the key issues they pose. Then, we will discuss how privacy-friendly analytics tools claim to alleviate those concerns.

Traditional analytics: powerful but privacy-infringing

Traditional analytics tools, such as Google Analytics, rely on third-party cookies to provide insights about user behavior.

Cookies are small pieces of code that get installed on users’ browsers and track their behavior. In short, cookies allow you to see information about website traffic and where users go when they visit your pages, while also letting you serve targeted campaigns.

Google Analytics privacy concerns

While they allow you to optimize your pages and run campaigns based on user preferences, traditional web analytics tools are followed by common privacy concerns.

The information on user behavior is considered personal data, and collecting and processing it without consent violates privacy regulations such as the GDPR, CCPA, and the ePrivacy directive. 

However, due to increased privacy awareness worldwide, regulatory compliance and potential hefty fines are not the only problems with infringing individual privacy, but you also risk your company’s reputation. Not only do cookies collect personal data across websites, but sensitive data is often bought and sold on data broker markets. This is one of the main reasons why Google Analytics is free.

Due to privacy regulations, traditional analytics currently require complex cookie-consent screens that impact the user experience and divert the user’s attention away from the content of your pages.

How privacy-friendly web analytics help 

Privacy-friendly analytics try to comply with regulations by limiting the processing of personally identifiable information (PII) in their metrics.

For example, after a user visits your page, using Google Analytics data would record different types of information, including:

• Their IP address (this alone is considered PII)
• Assign a user identifier
• Implement a cookie for cross-site tracking
• Store data on Google servers (if they are outside of the EU, that type of storage is not compliant with the GDPR)
• The user data will likely be accessible with other Google platforms, including Google Ads

On the other hand, as a Google Analytics alternative, most privacy friendly analytics will limit data processing. Depending on the tool you choose, you will see these privacy features:

• No unique user identifiers
• No cross-site tracking
• Minimal personal data collection
• PII anonymization
• Do-not-track friendly
• More storage control

While this sounds great and is a significant step forward in privacy compared to traditional analytics, privacy-friendly tools don’t ensure full legal compliance.

Privacy-friendly website analytics still process personal data

While privacy-friendly analytics tools work without cookies and claim that no personal data is collected, personal data is still being processed. Here are some of the common problems:

Anonymization issues 

Even if it is irreversible, the anonymization process itself is considered personal data processing. If tools first gain access to personal data and then anonymize it, it is still considered processing. In technical terms, personal data will be accessed by the privacy friendly tool and processed on their servers.

Hashing

Another commonly used tactic is hashing, which processes IP addresses into fixed strings of characters, thus cloaking the actual IP address. Because IP addresses are PII, GDPR considers this as data processing.

Even though hashing hides the IP address, re-identification is possible, and the original data can be rehashed. Because of this, hashing isn’t considered true anonymization.

Fingerprinting

Traditional analytics tools profile users based on cookies, which directly track user behavior and PII, which is why they are problematic from a right to privacy standpoint.

Fingerprinting, on the other hand, is a technique used by some privacy-friendly analytics platforms to identify individual users by combining information about their devices, location, operating systems, and web browsers. Because this type of information can be tracked to individual users, even if it doesn’t contain PII, consent is still required — according to GDPR, any technique that can create a unique user profile and enable re-identification falls under personal data processing.

Plus, it is questionable if collecting that amount of user information, even if not directly PII, can be considered data minimization in terms of GDPR.

Storage problems

We have already said that claiming “no personal data storage” doesn’t translate to no personal data processing whatsoever. But even the storage itself can be problematic.

Some privacy-friendly tools claim limited data collection, retention, and temporary storage. For example, they may state that user sessions are kept only for 24 hours.

However, any type of storage, no matter how long, is considered personal data processing, making it problematic in terms of compliance.

Cookie consent banners

Privacy-friendly tools often advertise that you can eliminate cookie consent banners—but this is misleading.

While it’s true that data isn’t shared with third parties like in traditional analytics, these tools often rely on alternative tracking methods, such as fingerprinting or hashed identifiers. According to the ePrivacy Directive, PECR (UK) for instance consent is still required whenever personal data is processed—even without cookies.

That includes any technology that can create a unique identifier or track individual behavior across sessions or devices, even without directly storing names or email addresses. Fingerprinting falls into this category, meaning users must give their permission before tracking begins.

In short: Even if cookies aren’t used, consent pop-ups will still be necessary—interfering with your UX and adding friction to your user journeys. Instead of focusing on your offering, visitors are forced to click through tickboxes and policies before they can engage.

Compliance issues and reputational risks

While privacy-focused analytics are a better solution compared to traditional cookie-based analytics, they can still be a source of non-compliance headaches.

For example, processing personal data without displaying a consent banner can result in fines.

But in the worst-case scenario, data breaches and leaks can result in your users’ personal information ending up in the wrong hands. If that happens after you have claimed that no personal data was processed, your business reputation might face severe consequences. While you will likely be fined, broken trust and a reputational hit can result in even more significant financial losses.

Privacy first analytics: A true private-by-design analytics solution

As you can see, privacy-friendly tools are a much better solution than traditional cookie-based tools like Google Analytics, but they still process personal data. 

If you want to ensure proper compliance with privacy regulations, you will need to implement true private-by-design analytics solutions for tracking website data. Here’s how privacy-first analytics tools approach user privacy protection:

No personal data processing

The key difference between privacy-friendly and privacy-first analytics is that the latter don’t process any personal data. There will be no fingerprinting, no temporary storage, and no hashing—all of those activities would still be considered data processing.

GDPR-compliant web analytics

Private-by-design user analytics give you website traffic measurements and other useful information without processing personal data.

Because of this, you will be fully compliant with GDPR, ePrivacy regulative, CCPA, and many other data privacy regulations that follow the same principles.

No need for consent banners

Since there is no personal data processing, using privacy-first analytics software won’t require consent pop-ups.

This will keep the design of your website clean, ensuring a distraction-free user experience.

Secure data handling and storage

True private-by-design solutions will implement encryption and anonymization for all collected data and appropriate organizational and technical data security measures. All data used to deliver metrics will be kept secure and GDPR compliant.

Impeccable brand reputation

While avoiding fines is important, the fact that you try to be fully compliant by using privacy-first solutions will make a strong statement about your company’s values and ethics principles.

Choosing a privacy-first website analytics tool will not go unnoticed. It will result in improved customer loyalty and brand reputation, which are becoming increasingly important as privacy awareness continues to rise.

How mandera provides reliable user data with a privacy-first approach

mandera for instance is a true private-by-design analytics solution. Here is how we provide you with accurate analytics data without infringing privacy:

No personal data processing

mandera doesn’t process personal data. All of the data we work with is impossible to trace back to individual users, which is why it is not considered personal data.

We don’t use methods such as fingerprinting and IP hashing that privacy-friendly analytics tools rely on. mandera doesn’t collect IP addresses, as we drop the IP from every single request, and don’t process any data that can be traced back to individual users.

mandera also respects Do Not Track settings—users who have this feature turned on won’t be taken into account.

GDPR compliance by design

mandera is built with privacy in mind, and there is no personal data processing and zero personal data collection. As a result, mandera is fully compliant with privacy laws like GDPR, CCPA, PECR, and ePrivacy directive.

Plus, all of the data is stored in the EU, as the company location and servers are in Germany. The company implements strict organizational and infrastructure standards to ensure GDPR compliance.

mandera is a state-of-the-art analytics platform—you pay us to use our service, and we won’t resell your data to make a profit. As a result, all the data will stay yours and never be accessed by any third party.

Reliable metrics

mandera chose a private-by-design approach that still allows us to distinguish individual visits without personal data processing.

We analyze referred domains, time zones, anonymized user agents, and only the most basic device information, such as viewport and screen size.

Because this information can’t be traced back to individual users but is still valuable for identifying a unique visit, our sleek and intuitive dashboard can provide accurate traffic metrics.

Intact user experience and brand reputation

Because mandera doesn’t process personal data, you don’t have to display consent banners, if you are only using our solution. The user experience will remain clean, and website visitors will focus on your content and offerings.

As a result, your brand reputation will remain intact, as you don’t have to worry about non-compliance fines and data leaks. Users also appreciate privacy-first companies and will recognize your efforts to protect their private data.

Our conclusion

While privacy-friendly analytics do make an effort to protect users’ privacy, they still process personal data. Because of this, they still require consent screens, which may cause compliance headaches and brand reputation trouble.

That’s why privacy-first solutions are a much better way to protect personal data. mandera is private-by-design, and it processes no personal data, ensuring compliance.

Start your free trial now and enjoy the benefits of accurate, compliant website traffic metrics that respect user privacy.

Additional FAQs

To wrap things up, we’ve also put together an FAQ to address some common questions about privacy, analytics, and regulatory requirements. Here, you’ll find more concise answers on key topics like GDPR, privacy-friendly analytics, and the risks of non-compliance.

Are privacy-friendly analytics platforms as effective as traditional ones?

Privacy-friendly analytics platforms do a decent job when it comes to web traffic information and user behavior on your website. Traditional analytics better track users across websites, which is why they compromise privacy.

But privacy friendly analytics aren’t entirely private. If you want to ensure that no personal data is being processed, read this article to learn more about privacy-first analytics.

What is GDPR and how does it affect data analytics?

The General Data Protection Regulation (GDPR) is a key framework that regulates the protection of the European Union’s personal data. GDPR has quickly become the gold standard for regulatory compliance in personal data protection and privacy.

GDPR has affected data analytics by mandating consent banners and limiting what third-party cookies can do, even with user permission. This has reshaped the analytics industry as more companies and users realize the importance of personal data and the adverse effect cookie-based tracking can have on personal data protection.

As a result, we now have privacy-compliant analytics that don’t compromise privacy rights and still show accurate results.

Which other privacy regulations should businesses be aware of?

Besides the GDPR, businesses should be mindful of local privacy laws in their countries. However, some large markets are so influential that the impact of their regulators spreads even across their borders. Here are a few regulations you should take into account:

• California Consumer Privacy Act (CCPA)
• EU ePrivacy directive
• EU Privacy and Electronic Communications Regulations (PECR)

What are the risks for companies not respecting privacy in analytics?

GDPR and other privacy regulations stipulate hefty fines, reaching 20 million euros or 4% of global revenue. While getting fined for non-compliance is a problem, the reputational hit that will follow can undermine the trust in your brand long-term. That’s why it’s imperative to use privacy-first tools and protect your hard-earned business reputation.

This article will explore cookieless analytics, a new, privacy-first approach to user tracking. We will analyze how privacy regulations are reshaping the industry and how cookieless tracking is a fully compliant solution for your marketing needs.

We will also explain how mandera can help you optimize your pages while ensuring compliance with privacy regulations without jeopardizing user experience.

The not-so-sweet problem with cookies

Before we analyze cookieless tracking, we must first explain what (third-party) cookies are and why privacy regulators are trying to restrict their use.

What are cookies, and why do websites use cookies

For decades, one of the default methods for tracking user behavior was via third-party cookies.

Cookies are small pieces of code installed on users’ browsers. They track user behavior and remember how they interact with websites.

Using this information, gathered via tools such as Google Analytics, you can analyze website traffic and see how users interact.

You will also gain valuable insights into user preferences and overall behavior. These insights allow you to serve targeted strategies, significantly improving the efficacy of your marketing efforts.

Unfortunately, that comes at a cost, one of which is jeopardizing user privacy.

Privacy infringement: key problem with third-party cookies

The key problem with third-party cookies is that user behavior and preferences are tracked across websites, and many companies are monetizing personal data.

You know the famous maxim: “If you are not paying for a product, you are the product.”

And let’s be honest: Google (Analytics) is powerful, yet you don’t have to pay anything to use it. The central reason it’s free is that it tracks user behavior as well as personal data and offers it to advertisers, who pay for advertising space, Google’s primary source of income.

Of course, Google is not the only company that does this. The same goes for Facebook, other social media platforms, and many data brokers that buy and sell data on the market.

In fact, most tech giants that offer free products (not just limited free versions or trials) are likely to exchange valuable user information for advertising purposes, especially if they also provide advertising platform services.

Tightening up the privacy regulations

While attempts to regulate this field were made, significant progress was lacking until the EU introduced the famous GDPR.

The General Data Protection Regulation (GDPR) revolutionized cookie-based tracking. Before GDPR, cookie consent banners were rare. Now, users have detailed explanations and options for deciding what personal data will be shared.

GDPR only applies to EU residents, but other markets soon followed, with the crown example being the California Consumer Privacy Act.

Tech giants followed the approach—Apple’s Safari is famous for implementing its Intelligent tracking prevention (ITP), while Google also announced the end of third-party cookie support for Chrome in the future (although they are constantly pushing the implementation date).

Disadvantages of traditional cookie-based analytics

Besides the apparent privacy issues, traditional cookie-based website analytics have a few other disadvantages:

Compliance issues and risks

Privacy and cookie regulations stipulate high penalties. Non-compliance with GDPR can cost you as much as €20 million or 4% of your global annual turnover, whichever is higher.

After Brexit, the UK has its own GDPR and is issuing hefty fines for non-compliance. In fact, privacy regulations are becoming tighter worldwide as more countries synchronize their legislatures with GDPR standards.

But it’s not just about the cost of fines—being penalized for violating personal data regulations can have lasting consequences for your company’s reputation.

Annoying cookie consent banners

Not only are cookie notifications and consent banners distracting, but they also interfere with the user experience.

You work hard to present your company and products in the best light possible—only to disrupt the experience with intrusive cookie pop-ups that divert attention from the content.

Instead of looking at your offerings, users have to navigate confusing checkboxes and fine print, which can lead to further issues and compliance fines.

Inaccurate results

While cookie-based solutions are powerful, they have some limitations that can lead to inaccurate results.

Regulations like GDPR are not the only ones against this type of tracking—users are doing their best to combat it. Ad blockers, Do Not Track requests, private web browsers, VPNs, and incognito modes are some methods to cloak web traffic.

These tools interfere with cookie installation and performance, causing cookie-based tools to give inaccurate information.

So, not only are there reputational concerns about offering the personal information of users who visit your website (yes, IP addresses and any data that can be used to identify a person are personal data, not just names and addresses), but you are also doing it more and more inefficiently.

What are cookieless analytics and how do they work

While many privacy-friendly solutions try to better protect user privacy, the only way to prevent personal data processing is to eliminate privacy infringement by implementing privacy-by-design technologies.

One way to do this is through cookieless tracking, a form of user tracking that does not rely on personal data processing and storage but still allows you to analyze user behavior and optimize campaigns.

How Cookieless Tracking Works

The key principle of true privacy-first cookieless tracking is eliminating personal data processing.

Regarding privacy regulations, personal data is information of any form that can be used to identify a person. This can be based on the data itself (such as a personal ID number or an IP address) or by combining that information with other data (which is the case for usernames and similar).

Instead of processing personal data, privacy-first digital analytics tools such as mandera rely on data that can not be used to identify a person. Because of this, no personal data is being processed, making this type of cookieless tracking solution fully compliant with privacy laws by design.

More key benefits of cookieless tracking

Besides the regulatory compliance, cookieless tracking provides you with more benefits:

Added reliability

We have already discussed how cookie-based solutions don’t always give accurate results, primarily due to ad blockers and settings that users adjust to protect their privacy. Because cookieless tracking doesn’t process personal information in the first place, these types of tools and settings won’t affect the results they show, giving you more accurate readings.

Better UX

Since there is no personal information processing, there is no need to show intrusive cookie banners that ruin the user experience. Instead, the users will only focus on the page content, increasing your chances of making a conversion.

Improved brand reputation

The fact that you don’t offer the personal information of your users and potential customers to third-party data brokers will speak volumes about the ethical standards your company maintains.

We are not talking about just a cosmetic difference in terms of not having the cookie notification pop-ups; it’s a genuine effort you make to preserve sensitive personal information.

Users will recognize your effort as it demonstrates compliance and reinforces your commitment to user experience and trust.

Limitations of cookieless tracking solutions

While the benefits of cookieless tracking solutions are apparent, there are a few limitations you should be aware of:

Fewer targeting capabilities

Traditional third-party-based tools allow you to track users across websites and see individual details that will enable you to optimize campaigns to the finest degree. This granular tracking is not possible without cookies.

While tailoring your campaign for each based on fragile personal information can be effective, it raises ethical concerns and poses risks to your business’s reputation.

Not all tools are truly privacy-focused

Privacy is becoming increasingly important, and more and more tools claim to be privacy-friendly and cookieless.

However, actions such as collecting detailed information about browsers and hardware and creating unique identifiers for each user (a.k.a. fingerprinting) are still problematic regarding privacy laws. The same goes for processing and storing IP addresses.

Therefore, it’s essential to distinguish between privacy-friendly tools that implement some privacy-aware options and privacy-first cookieless tracking that is private by design.

Inaccurate metrics

Some cookieless tracking tools have issues distinguishing new and returning visitors, giving false traffic estimates. This lack of precision can cause headaches when assessing the effectiveness of your marketing efforts.

To prevent this issue, it is important to use tools that have reliable identifiers that don’t infringe privacy, which will prevent the same user from being counted multiple times. 

For example, mandera uses a referrer-based detection method to distinguish unique and returning visitors while ensuring full compliance with privacy regulations:

How mandera’s cookieless analytics works in detail

mandera provides valuable information about website traffic while fully respecting user privacy and ensuring compliance with the GDPR and CCPA. Here’s how:

Privacy-first approach

You can find other web analytics tools on the market that claim to respect user privacy. However, that is only partially true. While they may try to minimize it, they still process personal data.

For example, they use user hashing and similar attribution tactics. Yes, this is not raw personal data that can identify a person directly, but hashing is still personal data processing, which also requires consent and carries risks.

mandera does not process any personal data. None of the information we collect can be traced back to individual users, even when in combination with all other data we track.

For example, we rely on time zones and time stamps instead of IP addresses and locations. We collect device information, but only essential elements that allow us to differentiate unique visits. 

No cookie consent banners

If you are only using mandera, you will not need to disrupt the user experience with cookie consent banners, as no personal data is processed.

As a result, you also don’t need to sign a DPA to use our cookieless solution, which can often slow things down and introduce additional legal questions and costs.

Full legislative compliance

mandera and its servers are based in Germany, with all data fully encrypted. This ensures that data remains within the EU, fully complying with the privacy standards outlined by GDPR.

Your data stays yours

With mandera, your data belongs to you. We never share or resell your data; no third parties or resellers are involved. You pay us to use our service exactly because we don’t resell user data.

Accurate traffic counts

As already shown, mandera only counts unique visits based on the referred domain—if the current page’s domain matches the referred, then the visit is not unique and won’t be counted. Combined with our other tracking methods, this results in more reliable traffic measurements.

User flow analysis, easy setup, and transparent pricing

mandera estimates where the visitor will go once they land on one of your pages. That will allow you to make changes based on our probabilistic tracking and optimize your content.

With a straightforward setup, you will have mandera running in a few minutes. The dashboard is minimalistic and intuitive, giving you all the essential information in a glimpse. Plus, the script is super lightweight, ensuring it won’t slow down your website.

Instead of making traffic estimates based on the information you don’t have in advance, you pay mandera by domain, with each subscription giving you up to 500k monthly visitors. That makes mandera ideal for businesses that want to know expenses in advance without worrying if added traffic will cause extra costs. 

Final thoughts on cookieless tracking solutions

As you can see, intrusive third-party cookie tracking is followed by various challenges. Instead, more privacy-aware businesses rely on cookieless website tracking solutions for their marketing efforts.

mandera’s lightweight yet sophisticated approach to cookieless tracking enables you to gain valuable insights about user sessions across all domains and make data-driven decisions while fully complying with privacy regulations.

Our service is a perfect combination of quality user analytics and privacy, allowing you accurate tracking to optimize your pages for conversions without hurting users’ privacy.

Start your free trial today, and embrace the cookieless future of digital marketing now!