Skip to content
potolo

Methodology

How Potolo works

We measure your traffic without identifying anyone — and we publish exactly how. No cookies, no fingerprints, no profiles. Sees the numbers, not the people.

What happens on a pageview

Five steps, in the order they actually run.

  1. 1

    A tiny script sends a beacon

    When someone opens a page, a script around 1 KB (gzipped) sends the page path and referrer. It sets no cookies and reads nothing from the device.

  2. 2

    Privacy signals come first

    Requests carrying Do Not Track or Global Privacy Control are dropped before anything else. Obvious bots are filtered out too.

  3. 3

    Context is derived in memory

    From the request we read a coarse country (from the IP) and the browser, OS and device class (from the user-agent) — held only for a moment.

  4. 4

    The visitor is anonymized

    The IP, user-agent and site are folded into a one-way daily hash. The raw IP and user-agent are then discarded — never written to disk.

  5. 5

    Only counts are stored

    What lands in the database is that hash plus non-identifying fields. Each night they roll up into daily totals that contain no personal data at all.

The visitor hash

To tell visitors apart without identifying them, we don't store who someone is — we store a fingerprint that can't be turned back into a person.

visitor_hash = sha256(daily_salt · ip · user_agent · site)
daily_salt
32 random bytes generated on the server, rotated every 24 hours and then destroyed. Without it the hash can't be recomputed.
one-way
SHA-256 can't be reversed. There is no lookup table from a hash back to an IP, a device, or a person.
per-site
The site is part of the input, so the same visitor on two sites produces two unrelated hashes. No cross-site profile is possible.
per-day
When the salt rotates, yesterday's hashes can never be reproduced. A visitor can't be followed from one day to the next.

What we collect

Per pageview — none of it identifies a person.

  • Page path
  • Referrer host — e.g. google.com, not the full URL
  • Coarse country
  • Browser, OS & device class
  • UTM campaign tags
  • The daily visitor hash

What we never store

Used for a moment, if at all, then gone.

  • No cookies or local storage
  • No raw IP addresses
  • No raw user-agent strings
  • No device fingerprints
  • No cross-site or cross-day identity
  • Nothing sold or shared, ever

Read the script we serve

The tracker is MIT-licensed and served unminified — about 80 lines of plain JavaScript, no dependencies. What you read is exactly what runs on your site.

View the source

No consent banner

Because nothing is stored on your visitors' devices, there's nothing to consent to. GDPR-friendly by construction.

Cookieless Web Vitals

The same script measures real-user LCP, CLS and INP in the browser, reported once when the page is closed — with no identity attached.

EU-hosted, end to end

Visitor data is stored on European infrastructure and never leaves the EU. No black box — the method is documented right here.

Measure honestly.

Real numbers about your site, without collecting data about your visitors.

Get started Read the privacy policy