Skip to main content
Privacy law compliance
Our legal documents

Privacy law compliance

Fathom Analytics began from day one with a focus on protecting the digital privacy of website visitors. This isn't just something used for our marketing purposes; it's how we built the business and our software.

Other website analytics software collects whatever personal information it could about us and follows us all across the whole internet. This is horribly invasive, and Fathom Analytics doesn't do this.

Instead, we pioneered a way to do analytics anonymously, whilst still tracking page views and unique visitors. Our analytics dashboard is simple and only contains data in aggregate. We're so proud of how our analytics software works that we've documented the entire data journey (start to finish) that happens when you visit a website that uses our software.

Our mission has always been that digital privacy is our business model. This is why we do our best to comply with privacy laws from around the world:

Why you need to consider GDPR, CCPA, PECR and other privacy laws when you use website analytics

Not all website analytics software are created equal.

Some track personally identifiable information (like IP Address, geolocation, or attribute demographic information like age and gender to visits). Website analytics tools like that assume our personal information is useful for making website or business decisions, when for most website owners and businesses, it’s not. And, while it’s creepy, it also creates some legal ramifications if privacy policies and terms aren’t very specifically laid out, worded and displayed on websites.

Some website analytics software, like Fathom Analytics, focus on website visitor privacy. We still track website usage for our customers, but we do this without collecting creepy amounts of data about visitors on websites with our tracking code.

Personally identifiable information, when we’re talking about website analytic tools, is incredibly important because it very specifically relates to privacy laws that are coming into effect and being used as the basis of lawsuits around the world.

What is the data we collect and what do we use it for?

Our main thesis is that data in aggregate is just as useful as data about individuals, and far more privacy-focused too. That’s why we don’t collect gobs of personal information about your visitors, ever, and nothing we do collect could be tied to a specific person or be used to track someone across several sites. We have put together a deep dive into how we handle traffic in our full data journey.

Cookie notices and tracking cookies

Website cookies are not delicious like real cookies. They’re used to collect tiny pieces of data on the devices of people using the internet. Browsers then store and send these cookies back to the website on any subsequent visit, making it easy to know a lot about every visitor.

While website cookies are essential to the internet—for things like remembering to keep you logged into sites, or save your shopping cart for later, cookies can also be used for non-essential (or nefarious) purposes, like following you around the internet with targeted ads. And while targeted ads are not specifically illegal (yet), they are both annoying and invasive.

We don't use cookies, and we actually invented a cookie-free analytics method to offer analytics without invading user privacy.

Can Google Analytics work without cookies?

Fundamentally, Google Analytics is based on using cookies. They set multiple cookies to identify website visitors across different browsing sessions so that data can be used to remember what visitors have done in previous sessions on the website.

However, even if Google Analytics switched from cookies to something different, like localStorage, they would still struggle to comply with privacy laws without express consent notices, because they’d still be using something (cookies or otherwise) to track personal data from visitors.

In addition to privacy notices relating to laws and regulations, websites and businesses who use Google Analytics have several requirements they must legally adhere to for their website. For example, they must have a privacy policy which makes notice of the cookies or identifiers used to collect data, which then needs to be provided to all website visitors in a clear and comprehensive way. In addition, if Google Analytics users also enable things like demographic or re-marketing data, their notices and privacy policies must be even more in-depth and comprehensive.

Is Google Analytics even GDPR compliant, CCPA compliant or PECR compliant?

Websites that use Google Analytics can be compliant with these privacy laws. But, we feel that since Google Analytics collects a whole lot of personal data about visitors, it’s much easier to be legally liable for that data and it must be properly disclosed to all visitors how and why you track them. Google Analytics also requires consent from website visitors (i.e. annoying cookie notices) to be fully compliant.

Whereas with Fathom Analytics, you can mention Fathom is used in your privacy policy and that we track anonymously, but you do not have to put notices on your website to that effect (unless you want to market how well you treat the privacy of your website visitors, which some of our customers do).

Google says that anyone using their analytics tool must legally obtain express consent to:

  • Use cookies and/or local storage
  • Collect, share and use personal data for personalized ads

So Google Analytics can be GDPR, CCPA and PECR compliant, but it takes a lot of work (and probably a team of lawyers). Whilst Fathom is built to protect user privacy and comply with privacy laws out of the box. This is one of the main reasons you should consider Fathom an amazing Google Analytics alternative.

This all means that Fathom analytics is the best privacy-focused web analytics software out there.

Data ownership for your website analytics

You own your data if you use Fathom Analytics, period. Although your site analytics are stored on our cloud servers (making them fast to load), you are in complete control and fully own the analytics data we collect for your website.

  • We don’t share or sell your website data, ever, for any reason
  • We don’t provide your website data to any third-parties
  • We sell software, not data, so your data is paid for when you pay us for your Fathom Analytics plan (we don’t have to sell it to advertisers because that’s not how we make money)

Fathom Analytics is fully GDPR, CCPA, and PECR compliant website analytics

By using our software, you don’t need to have prompts, notices or consent forms annoying your visitors or complicated privacy policies outlining how your analytics is collecting personal data. And your visitors are free to use your website without distractions.

Give Fathom Analytics a try with a 30-day free trial

Fathom Analytics is a simple analytics tool that’s privacy-friendly for your website visitors. It’s GDPR, PECR and CCPA compliant as well. If you aren’t sure, keep Google Analytics installed while you test out Fathom (both scripts can be on the same site at the same time) and only remove Google Analytics once you see how simple and easy our software is to use.

Ready to get started? Try Fathom today with our 30-day free trial.

Pixel cat

Switch to a better Google Analytics alternative

Fathom Analytics is simpler, more accurate and privacy-first. Import your Google Analytics data (UA and GA4), add our single line of code, and watch real-time analytics from your site pour in.

Start a 30-day, unlimited free trial to see how simple analytics can be.

Get started

Check out our full-featured, live demo to see how our software works.

Live demo