Skip to main content

Tracker Analytics - Privacy-First Analytics Platform

Cookie-free web analytics platform with anonymous tracking, real-time dashboard and multi-site management

Next.jsReact 19TypeScriptPostgreSQLDrizzle ORMTailwind CSSRechartsPWAAnalyticsPrivacy

Privacy-first web analytics platform developed as a freelance project for business clients. Complete solution for tracking website traffic without cookies or consent banners, using an anonymous daily-rotating hash identification system.

ARCHITECTURE:

Full-stack Next.js 16 application deployed on Vercel. PostgreSQL database with Drizzle ORM (7 tables: sites, events, users, userSites, auditLogs, sessions, passwordResetTokens). Lightweight tracking script (~3.4 KB) injected client-side via script tag. REST API with CORS cross-origin collection endpoint, httpOnly session authentication and CSRF protection.

TECH STACK:

Next.js 16 + React 19, TypeScript 5, Tailwind CSS 4, shadcn/ui (Radix), Recharts (charts), Drizzle ORM + PostgreSQL (postgres-js), Resend (transactional emails), ua-parser-js (User-Agent parsing), PWA (Service Worker, install prompt, pull-to-refresh)

Security: scrypt (N=32768, r=8, p=2), 8h httpOnly sessions, CSRF middleware, rate limiting (30 req/10s per IP), CSP headers

FEATURES:

Automatic tracking: Pageviews (load + SPA navigation), outbound clicks, phone clicks (tel:), email clicks (mailto:), form submissions, CTA clicks (data-track="cta"), custom events (JSON API, max 1 KB). 30s heartbeat system for accurate session duration measurement.

Real-time dashboard: Visitor/pageview stats with period comparison (7d/30d/12m/custom), top pages, traffic sources (referrers), device breakdown (desktop/mobile/tablet + browser + OS), geographic data (country), conversion tracking by event type, daily chart (Recharts), average session duration, outbound clicks, page filter.

Admin panel: Multi-site management (CRUD, copyable integration snippets), client management (creation, editing, site assignment, password reset), paginated audit log (20 entries/page) with IP and timestamps.

Privacy by design: Zero cookies, anonymous visitor ID (daily SHA-256 hash of date + IP + User-Agent + salt, daily rotation), origin validation (registered domain), no IP stored in database.

Automated reports: Weekly and monthly emails via Resend with per-site statistics summary. Built-in documentation page with integration guides (WordPress, Webflow, Shopify, Next.js).

PWA: Service Worker for offline support, install prompt, mobile pull-to-refresh, responsive icons (192x512px, maskable).

RESULTS:

Production solution serving multiple client websites. GDPR-compliant tracking without consent requirement. Ultra-lightweight script with no performance impact on tracked sites. Complete dashboard replacing Google Analytics for clients wanting a privacy-first alternative. Scalable serverless architecture on Vercel with optimized connection pooling.

← Back to projects