How Atriqo works
This page describes the methodology behind Atriqo's technical design: where data is hosted, how visitors are identified without cookies or fingerprinting, and what the tracker deliberately avoids.
Hosting
Hosted in the EU. Atriqo's analytics infrastructure runs on Hetzner Cloud in Falkenstein, Germany. Analytics data — from collection through storage — stays within the EU.
Choosing EU-hosted infrastructure means the EU-US data transfer question that has been the subject of multiple DPA decisions does not arise for the analytics layer itself. Germany/Hetzner is the proof behind the "hosted in the EU" claim, not the primary frame.
How visitors are identified
Atriqo identifies a visitor using a server-side HMAC hash — no cookie, no device fingerprint. When the tracker sends a request, the server computes a daily visitor_hash (sessions are a separate, shorter-lived derivation — see below):
visitor_hash = HMAC(VISITOR_HASH_SECRET, IP + UA + daily_salt)
The IP address is used transiently as one input to this computation and is discarded immediately after. It is never written to disk or stored in any database. The daily_salt rotates each day, so the same visitor produces a different hash tomorrow — cross-day identity is deliberately broken.
Each site's analytics are a separate silo, enforced by site_id. Every event is tagged with the site_id it was sent from (validated against the registered site and the request Origin), and every analytics query is scoped to a single site — Atriqo runs no query that joins one site's visitors to another's, and builds no cross-site profile. The visitor hash itself is not site-specific: isolation is enforced at the storage and query layer by site_id, not by the hash input.
No analytics cookies are set on the visitor's browser. Identification is entirely server-side and ephemeral within each daily window. Sessions are grouped by a separate 30-minute session_hash derived from the visitor_hash and a time window — the daily hash itself is not the session identifier.
visitor_hash is a pseudonym, not an anonymous identifier — it identifies a visitor within a single calendar day. What is gone is the original IP and any persistent cross-day or cross-site identifier.What the tracker avoids
Atriqo's tracker does not use:
- Tracking cookies — no cookies are set for visitor identification.
- Browser fingerprinting — no canvas, WebGL, audio, font, or battery API enumeration.
- Cross-site tracking — each site is a separate data silo.
- Raw IP storage — the IP is discarded after the privacy hash is computed.
For the full enumeration of what the tracker records and what it avoids, see the Tracker page.
Honest limits
Atriqo controls what its own tracker does. It does not control what your site sends. Atriqo automatically scrubs email addresses it detects in query-string parameters and UTM tags — but it does not scrub the path portion of a URL, and it does not sanitize other kinds of personal data. If your site puts an email in a path (like /users/alice@example.com), or names, account IDs, tokens, or other PII anywhere in URLs, query parameters, or event properties, that data is stored as your site sent it. Keeping personal data out of the URLs and properties your site emits is your responsibility.
This also means Atriqo does not make your site GDPR-compliant. The analytics tool reduces analytics-specific friction — no consent trigger from analytics cookies, no EU-US transfer concern for the analytics layer. Your site's overall compliance depends on your full vendor stack, your processing activities, your legal basis, and guidance from your data protection authority.
Next
For a full list of what the tracker records and what it avoids, see the Tracker page. For a concise summary of the privacy model — consent-banner nuance, cross-site rules — see the Privacy model page.