Once AnalyticsSee demo →
Back to Documentation
On this page
OverviewMode 0: AnonymousMode 1: Daily (Default)Mode 2: FingerprintMode 3: CookieComparison tableChanging privacy modeGDPR complianceVisitor opt-out

Privacy Modes

Once Analytics offers 4 privacy levels so you can balance analytics accuracy with visitor privacy. The default mode requires no cookies and no consent banners.

Overview

ModeNameVisitor TrackingCookie RequiredConsent Needed
0AnonymousNoneNoNo
1Daily (Default)Daily hashNoNo
2FingerprintPersistent hashNoRecommended
3CookieCookie-basedYesYes

Mode 0: Anonymous

No visitor identification at all.

Every request generates a new random ID. You cannot track:

  • Session duration
  • Pages per session
  • Return visitors

Use case: Strictest privacy compliance, aggregate page counts only.

Technical: visitor_hash = crypto.randomUUID().substring(0, 16)

Mode 1: Daily (Default)

Daily rotating visitor identification.

Visitors are identified within a single day using a hash of their IP + User Agent. The hash resets at UTC midnight.

  • ✅ Track session duration
  • ✅ Track pages per session
  • ❌ Cannot identify return visitors across days
  • ❌ No cookies required

Use case: GDPR-friendly analytics with session tracking. No consent banner needed.

Technical: visitor_hash = SHA256(IP + UserAgent + Date + Salt)[0:16]

Mode 2: Fingerprint

Persistent browser fingerprint.

Visitors are identified using a stable hash of IP + User Agent. Same visitor across different days has the same ID (unless their IP or browser changes).

  • ✅ Track session duration
  • ✅ Track pages per session
  • ✅ Identify return visitors
  • ❌ Less privacy-friendly

Use case: When you need to track user journeys across multiple visits.

Technical: visitor_hash = SHA256(IP + UserAgent + Salt)[0:16]

Warning: This mode may require consent in some jurisdictions as it enables persistent visitor identification.

Traditional cookie-based tracking.

A persistent cookie identifies visitors across sessions for up to 1 year.

  • ✅ Most accurate visitor counting
  • ✅ Full user journey tracking
  • ❌ Requires cookie consent
  • ❌ Blocked by some browsers/extensions

Use case: Traditional analytics comparable to Google Analytics.

Technical: Cookie oa_vid with 1-year expiration.

Warning: Cookie-based tracking requires a consent banner under GDPR, ePrivacy, and similar regulations.

Comparison table

FeatureAnonymousDailyFingerprintCookie
Session tracking
Bounce rate
Return visitors
Cross-device
Cookie consentNot neededNot neededRecommendedRequired
GDPR without consent⚠️

Changing privacy mode

  1. Go to your analytics dashboard
  2. Click Settings (gear icon)
  3. Select your preferred privacy mode
  4. Click Save

Changes take effect immediately for new visitors.

Note: Changing privacy mode doesn't affect historical data. Old visitor hashes remain unchanged.

GDPR compliance

Modes 0 and 1 are designed for GDPR compliance without consent:

  • No personal data storage
  • No cookies
  • No cross-session tracking
  • Data is pseudonymized with daily rotation
  • IP addresses are hashed, never stored

Modes 2 and 3 may require consent depending on your interpretation and jurisdiction.

Tip: When in doubt, use Mode 1 (Daily). It provides useful analytics while maintaining strong privacy.

Visitor opt-out

Regardless of privacy mode, visitors can opt out of tracking:

  1. Visit https://your-analytics.com/optout
  2. Click "Opt Out"

This sets an oa_optout cookie. When present, no data is collected from that visitor.

You can add an opt-out link to your privacy policy:

html
<a href="https://stats.yoursite.com/optout">Opt out of analytics</a>

Questions? Email hello@onceanalytics.com