Privacy & data
Exactly what the tracker collects, how cookieless visitor counting works, and how visitors can opt out.
This page is the technical companion to the privacy policy: what the tracker actually collects, how visitors are counted without cookies, and where the hard limits are.
No cookies, no persistent identifiers
The tracking snippet sets no cookies and stores nothing on a visitor's device that outlives the browsing session, with one exception: the voluntary opt-out preference (below), which the visitor sets themselves. There is no fingerprinting library, no cross-site identifier, and no consent banner requirement created by the tracker itself.
What an event contains
- The page URL and the referrer.
- The event name and any custom properties the site owner sends (sanitized, see below), plus optional revenue.
- The browser and operating system family only: Chrome, Firefox, Safari, Edge, Opera, or Other; Windows, macOS, iOS, Android, Linux, or Other. Never full version strings.
- A screen-size bucket from the viewport width: Mobile (under 576px), Tablet (under 992px), Laptop (under 1440px), or Desktop. The exact width is not stored.
- Approximate location derived from the IP at collection time.
- The daily visitor hash and a session id (both below).
The daily visitor hash
Visitors are counted with a one-way SHA-256 hash of the site id, IP address, and user agent, salted with a server secret. The salt is derived from the current date and the site, so it rotates every day and differs per site. The consequences:
- The hash cannot be reversed to recover an IP or user agent.
- The same visitor produces a different hash tomorrow: no cross-day tracking, no visit history per person.
- The same visitor produces a different hash on every site: no cross-site correlation.
- The raw IP and user agent are never stored with events. They are used transiently to compute the hash, classify bots, derive approximate location, and rate-limit, then discarded.
If the server secret is missing, the collector refuses to compute hashes at all rather than fall back to a weak salt. The guarantee fails closed.
Sessions
Sessions use a random id kept in the visitor's own sessionStorage, rotated after 30 minutes of inactivity and cleared when the tab closes. It exists only to order one visit's hits so bounce rate, visit duration, funnels, and flows can be computed. It identifies a tab, not a person.
Custom property limits
Custom event properties are sanitized server-side: at most 30 properties per event, keys and values truncated to 300 characters, string/number/boolean values only (nested objects and arrays are dropped). These are hard caps, but they do not decide what is appropriate to send: do not put emails, names, or other personal data in properties.
Bot filtering
Every event is classified server-side from the user agent before storage:
| Class | What happens |
|---|---|
| Uptime monitors, generic HTTP tools | Dropped before storage. They carry no analytical value and never count against your quota. |
| AI crawlers, search engines, link previews, SEO crawlers, headless browsers | Stored and tagged is_bot, shown in the separate Bots & AI crawlers report, and excluded from your human metrics by default. |
| Everything else | Counted as a human visit. |
Major AI and search crawlers are additionally verified against the vendors' published IP ranges, so a visit labeled GPTBot or Googlebot can be marked as genuinely from that vendor rather than a spoofed user agent. Stored bot events count toward the event quota like any other stored event; only the junk classes are free because they are never stored.
The page-signal fingerprint
For change detection, the snippet sends a small numeric hash of the page's own content (title, meta description, first heading, approximate text length). It describes the page, not the visitor: it contains no visitor data, is not an analytics event, and is not billed.
Visitor opt-out
Any visitor can exclude their browser from counting on a given site by loading any page with ?numative_ignore=true appended to the URL. The preference persists in that browser's localStorage until reversed with ?numative_ignore=false.
Retention
Analytics data is kept until you delete it. There is no age-based deletion on any plan: keeping full history indefinitely is a product feature. Deleting a site removes its analytics data, and deleting your account removes your account data.
GA4 mode
For sites that connect Google Analytics instead of installing the snippet, Numative reads reporting data from the GA4 API on your instruction and collects nothing from that site's visitors itself. Google's data practices apply to the collection; Numative is a read-only consumer of the reports.