Privacy and Revenue Attribution: Why You Shouldn't Have to Choose
There’s a thread I keep seeing in indie maker communities. Someone asks: “What analytics tool should I use?” The replies split into two camps.
Camp A recommends the popular “privacy-first” tools. No cookies. Simple dashboard. You’ll know how many visitors you got and where they came from.
Camp B recommends tools with revenue attribution. See which traffic sources drive paying customers. But nobody explains exactly how the privacy works.
The frustrating part: nobody recommends a tool that does both. Because until now, the market assumed these were mutually exclusive. You either protect privacy or you understand your revenue. Pick one.
That assumption is wrong.
The pseudonymization problem
Let’s be precise about what “privacy-first” means in practice.
Most “privacy-first” analytics tools hash your IP address along with your User-Agent and a daily salt, store that hash for 24 hours, then delete it. This is a massive improvement over Google Analytics. But under GDPR, a hash derived from an IP address is pseudonymous data — it’s still personal data. The regulation is explicit about this in Article 4(5).
This matters because pseudonymous data still falls under GDPR. You still need a legal basis for processing. You should still mention it in your privacy policy. And depending on how strict your local data protection authority is, you might technically still need consent.
Most site owners don’t worry about this, and honestly, the risk is low. These tools are doing good work. But the marketing claim of “anonymous” is legally imprecise.
What actually anonymous looks like
Anonymous data is data that was never derived from personal data, or has been processed to the point where re-identification is impossible by any reasonable means. GDPR Recital 26 explicitly excludes anonymous data from the regulation’s scope. If your data is truly anonymous, GDPR doesn’t apply to it.
At INSG, we count unique visitors using an irreversible anonymization pipeline. Visitor data is processed transiently in server memory — the same way every web server processes every HTTP request — and fed into a compact statistical summary. That summary can answer “approximately how many distinct visitors?” and nothing else. You can’t extract individual records, can’t reverse-engineer who visited, can’t correlate entries across time periods. It is mathematically impossible to recover any individual’s data from the output.
Everything identifiable is immediately and permanently discarded. Only the summary is stored.
This isn’t just better privacy. It’s a fundamentally different category. Not pseudonymous (derived from personal data, potentially reversible). Irreversibly anonymous — mathematically impossible to extract individual information from. The GDPR doesn’t apply because there’s nothing in the output that could identify anyone.
”But then how do you track sessions?”
This is the question that stopped most privacy tools from offering user journeys and funnels. If you can’t identify users, how do you link pageviews within a single visit?
The answer: you don’t identify users. You identify browser tabs.
When a visitor opens your site, the tracker generates a random token in the browser. This token exists only for the current tab and is automatically destroyed when the tab is closed.
This random token links pageviews within one session: /blog → /pricing → /checkout. It enables funnels, bounce detection, time on site, and session flow visualization.
But crucially:
- The token is random — not derived from IP, user agent, or any personal data
- It’s ephemeral — dies when the tab closes, no persistence across visits
- It’s not a cookie — different legal treatment under the ePrivacy Directive
- It’s not linkable — you can’t connect sessions across visits or devices
Under GDPR, data that cannot identify or single out a natural person is not personal data. A random token that expires on tab close and is never linked to identifying information meets this standard.
Revenue attribution without tracking users
Here’s the part that really separates us from the field.
When a visitor lands on your site from a UTM-tagged link (say, a Twitter ad), INSG captures that attribution data in the browser. When the visitor converts — clicks Subscribe, starts a checkout — your code calls insg.getAttribution() and passes the result to Stripe as metadata. Two lines of code in your checkout flow.
When the payment completes, INSG matches the revenue to the original traffic source. Your dashboard shows:
- Twitter Ads → 12 conversions → $96 MRR
- Google Organic → 8 conversions → $64 MRR
- Direct → 3 conversions → $24 MRR
No user tracking. No cookies. The attribution data describes the traffic source, not the person. It’s marketing campaign metadata, not user identity.
Other major privacy analytics tools can’t do this. They tell you traffic sources all day but have no idea which ones generate paying customers. The ones that do revenue attribution don’t explain how their privacy model works. We do both.
The comparison
| INSG | Others | |
|---|---|---|
| Cookies | No | No |
| IP/hash stored | Nothing | Daily hash (pseudonymous) |
| Data stored | Irreversibly anonymous | Pseudonymous |
| Revenue attribution | Yes | Rarely |
| User journeys | Yes | Rarely |
| Consent banner needed | No | Debatable |
| Free plan | Yes | Trial or limited |
This isn’t a tradeoff
The analytics market has conditioned us to think privacy means giving up features. It doesn’t. It means being thoughtful about architecture.
You can count unique visitors without storing hashes. You can track sessions without fingerprinting. You can attribute revenue without cookies. You just have to design the system to separate what you need to know from who the visitor is.
That’s what INSG does. Full analytics — visitors, journeys, funnels, revenue by channel, Web Vitals, scroll depth, custom events — with zero personal data stored. Not pseudonymized. Not “we delete it after 24 hours.” Zero.
No consent banner. No DPA. No privacy policy gymnastics. Just add the script, connect Stripe if you want revenue data, and see the full picture.