Skip to content
Nomada
Sign in Start free

Solution

GDPR-compliant web analytics

Measure your website without putting your visitors’ privacy — or your compliance — at risk. No personal data, no consent banner, and nothing sold or shared.

Start free Read our privacy stance

What makes web analytics GDPR-compliant?

The GDPR governs the processing of personal data — anything that can identify a person, directly or indirectly. Most analytics tools fall under it because they store cookies and identifiers that single out individuals, which means a lawful basis, consent banners and data-subject rights all come into play.

Nomada is built so there is no personal data to govern. We set no cookies and store no identifiers. IP addresses are used in memory only to derive a country, then dropped. Unique visitors are counted with a one-way hash and a salt that rotates daily, so the data can’t be tied back to a person. The result is analytics that sits cleanly outside the GDPR’s heaviest requirements.

No personal data stored

No cookies, no device IDs, no names or emails. There is simply nothing personal to expose, sell or leak.

No consent banner required

Because we don’t read or write anything on the visitor’s device, the ePrivacy rule that triggers banners doesn’t apply.

IPs hashed in memory

The IP address derives a coarse country and is then discarded — it is never written to storage.

Never sold or shared

Your analytics are never sold, shared with advertisers, or used to build ad-targeting profiles — there’s no ad-tech in the loop.

DPA on request

You’re the controller, we’re the processor — request a signed Data Processing Agreement for your records any time.

Honest retention controls

Purge raw events on a schedule and keep only anonymous daily aggregates — store as little as possible, for as short as possible.

How Nomada delivers it

  • No cookies and no consent banner needed for analytics.
  • No IP addresses, names or emails written to storage.
  • Anonymous metrics only — nothing that identifies a person.
  • Configurable retention plus a DPA available on request.

Frequently asked questions

Is Google Analytics GDPR-compliant?

It’s contested. Several EU regulators have ruled that sending visitor data, including IP addresses, to Google in the US is problematic, and GA requires cookies and consent. Nomada avoids the issue entirely by storing no personal data at all.

Do I need consent to use Nomada?

No consent is required for our analytics, because we don’t store cookies or any identifier on the visitor’s device and we process no personal data. There’s nothing for the visitor to opt into.

Where is my analytics data stored?

In your private account on Nomada’s managed cloud. We keep only anonymous, aggregated metrics — no cookies, no IP addresses, nothing that identifies a person — and we never share it with advertisers.

Can I get a Data Processing Agreement (DPA)?

Yes. When you use Nomada you are the data controller and we act as your processor. You can request a signed DPA through our support page for your compliance records.

Explore more

Cookieless analytics Compare tools

Privacy-first analytics, in 60 seconds.

Create your free account

No credit card, no cookie banner, no catch.