Infinity Metrics is designed with privacy at its core, making GDPR
compliance simple and straightforward for website owners.
No Cookies, No Consent Banners Needed
Traditional analytics tools use cookies to track users across
sessions, requiring consent banners under GDPR. Infinity Metrics is
different:
- Zero cookies used - We don't set any cookies on your
visitors' browsers
- No consent banners required - Since we don't use cookies
or collect personal data, you don't need cookie consent banners
- Better user experience - Your visitors can enjoy your
site without intrusive consent popups
How We Protect Personal Data
Under GDPR, personal data is any information relating to an identified
or identifiable natural person. Here's how Infinity Metrics ensures
compliance:
- No personal data collection - We don't collect names,
email addresses, or other directly identifiable information
- IP address protection - IP addresses are considered
personal data under GDPR. We hash and salt IP addresses immediately upon
collection and then discard the original IP, making identification impossible
- No cross-site tracking - Unlike other analytics tools,
we don't track users across different websites
- No persistent identifiers - We don't use any persistent
identifiers that could track users over time
- Anonymized metrics only - We only provide aggregated,
anonymized metrics that cannot be used to identify individuals
Our Technical Approach to Privacy
How Infinity Metrics Works Without Cookies
Instead of cookies, we use a sophisticated but privacy-preserving
method to generate anonymous session IDs:
- Session-based tracking - We generate a temporary session
ID that exists only in memory and expires after a short period of inactivity
- One-way hashing - When a page is loaded, we take anonymous
browser characteristics and apply a one-way hash function with site-specific
salt
- Never stored on device - Unlike cookies, no identifiers
are stored on the user's device
- Mathematically non-reversible - Our hashing algorithm
makes it mathematically impossible to derive the original information
How We Handle IP Addresses
IP addresses must be handled carefully under GDPR. Here's our
process:
-
IP address is briefly used to determine country (for geographic
stats)
-
IP is immediately hashed using a secure one-way algorithm with a
unique salt for your website
- Original IP address is discarded completely
-
The hash cannot be reversed to reveal the original IP address
- Even we cannot access or reconstruct the original IP
Data Processed by Infinity Metrics
| Data Type | How It's Processed | GDPR Impact |
| Country | Derived from IP, then IP is discarded | No personal data retained |
| Browser & OS | Recorded as generic category (e.g., "Chrome", "Windows") | No personal data processed |
| Page Views | Counted anonymously by URL | No personal data processed |
| Referrer Source | Recorded as domain only | No personal data processed |
| Device Type | Categorized as mobile, tablet, or desktop | No personal data processed |
| Session Duration | Tracked via anonymous session ID, no cookies | No personal data processed |
GDPR Rights and Your Visitors
GDPR provides various rights to individuals, including access,
rectification, erasure, and objection. Since Infinity Metrics doesn't
collect or store any personal data, these rights are automatically
respected:
- Right to access - No personal data is collected, so
there's nothing to access
- Right to be forgotten - No personal data is stored,
so there's nothing to forget
- Right to data portability - No personal profiles are
created, so there's nothing to port
- Right to object to processing - Processing is anonymous
and statistical only
Your Responsibility as a Website Owner
While Infinity Metrics is designed to be GDPR-compliant by default, as
a website owner you should:
-
Mention in your privacy policy that you use analytics tools to
collect anonymous usage statistics
-
Make it clear that you don't track individual users or collect
personal data for analytics purposes
-
Include Infinity Metrics in your data processing records (though no
DPA is required as no personal data is processed)
Sample Privacy Policy Statement
You can use the following text in your website's privacy policy:
"We use Infinity Metrics to collect anonymous statistics about how
visitors use our website. This analytics service does not use
cookies and does not collect, store, or process any personal data.
The analytics data we collect includes anonymous information such
as page views, referrer sources, browser types, device types, and
country-level location. We cannot identify you or your browsing
habits from this data."
Legal Basis for Processing
Under GDPR, any data processing requires a legal basis. Since Infinity
Metrics Analytics doesn't process personal data, this requirement is
not applicable. However, your website might use the following legal
basis for general analytics:
- Legitimate Interest - As you don't process personal
data for analytics, you can rely on your legitimate interest to understand
website usage patterns
- No Consent Required - Since no cookies or personal data
processing is involved, you don't need to obtain consent for analytics
Conclusion
Infinity Metrics was built from the ground up to be GDPR-compliant by
design. By not collecting personal data and not using cookies, we
eliminate most GDPR concerns for website analytics. This privacy-first
approach gives you valuable insights into your website performance
without compromising your visitors' privacy or your legal compliance.