What Data Do Privacy Analytics Tools Actually Store?
"Privacy-first" is a claim that means different things to different tools. The only way to know what a tool actually stores is to look at the data model. Here is what Antlytics stores — and what it does not.
The data model
For each pageview, Antlytics records:
| Field | Stored | Notes |
|---|---|---|
| Pathname | Yes | The URL path, e.g. /blog/my-post |
| Referrer domain | Yes | The referring site, not the full URL |
| Session ID | Yes | UUID from sessionStorage — cleared when tab closes |
| Country code | Yes | Derived from IP at request time |
| Device type | Yes | Desktop / mobile / tablet |
| Browser | Yes | Chrome / Firefox / Safari / etc. |
| OS | Yes | Windows / macOS / iOS / Android / etc. |
| UTM parameters | Yes, if present | utm_source, utm_medium, campaign, content, term |
| IP address | No | Used only for country lookup, not stored |
| Full URL including query string | Partial | Pathname stored; some query params stripped |
| Individual visitor identity | No | No cookies, no fingerprinting, no persistent ID |
| Email address | No | Never collected |
| Name | No | Never collected |
What's discarded
IP addresses — The IP address is used at request time to derive the country code. The IP address itself is never written to the database.
Personally identifiable information — Antlytics does not collect names, email addresses, phone numbers, or any other information that would identify a specific individual.
Full query strings — The tracker reads UTM parameters from the query string and stores them separately. The raw query string is not stored as part of the pathname for privacy reasons.
Data retention
- Starter: Events are retained for 2 years from the date of each event.
- Free: Basic retention — see the data retention docs for current policy details.
What this means for your compliance
The data model above is designed around data minimisation: collect only what is needed for analytics, discard everything else immediately.
This is a description of product behaviour, not a legal compliance determination. Your specific obligations depend on your jurisdiction. Consult your legal adviser.
Export
Your data is not locked in. Export options:
- CSV export — available from the dashboard (check the roadmap for status)
- API — the public API lets you read your analytics data programmatically
FAQ
Does Antlytics share my data with third parties? Antlytics does not share your analytics data with third parties. Processors (Clerk, Supabase, Stripe) handle their own data under their own policies.
Can I delete my data? Contact support@antlytics.com for data deletion requests.
Is the session ID personally identifiable? No. The session ID is a random UUID generated fresh for each tab. It cannot be linked to an individual across sessions and is cleared when the tab closes.
Related: Privacy behaviour docs · Data retention docs · What is privacy-first analytics?