Faut-il un bandeau cookie avec snorklee ?

Non, pas pour snorklee seul. La mesure d'audience n'utilise ni cookie ni identifiant persistant (aucun cookie, aucun fingerprint, identifiant rotatif quotidien, IP jamais stockée) ; les statistiques restituées sont anonymisées. Les autorités européennes de protection des données considèrent ce type de mesure comme exempté du recueil de consentement, sous réserve qu'aucun autre traceur soumis au consentement ne soit présent sur la page.

Mes données quittent-elles l'Union européenne ?

Les données d'audience de production sont hébergées dans l'Union européenne. Les prestataires opérationnels connus sont européens : Clever Cloud, Mistral AI, DB-IP / Eris Networks et Brevo. Les éventuels changements sont documentés dans le DPA.

Comment identifiez-vous un visiteur sans cookie ?

Par un identifiant HMAC calculé serveur à partir d'un sel mensuel rotatif et de la date du jour. Cet identifiant change automatiquement chaque nuit, ne peut pas être recoupé entre sites, et n'est jamais stocké côté navigateur. L'adresse IP n'est jamais persistée en base.

Aidez-vous à une utilisation conforme au RGPD ?

Oui, snorklee est conçu pour soutenir une utilisation conforme : aucun cookie analytics, aucun fingerprint, aucun identifiant cross-site, IP brute non stockée, rétention courte, opt-out, export, effacement, auto-évaluation, registre et DPA. Le client reste responsable de sa base légale, de son information visiteurs et de ses autres outils.

snorklee est-il utilisable aux États-Unis, au Canada ou en Australie ?

Oui. Le socle technique est européen (RGPD), mais snorklee est conçu pour fonctionner aussi hors UE — sans CMP, sans cookie, sans identifiant cross-site. Documentation et clauses contractuelles disponibles pour la Californie (CCPA / CPRA), le Canada (PIPEDA + Loi 25), l'Australie (Privacy Act). Un addendum DPA CCPA s'active en un clic dans les paramètres. Détail par juridiction sur la page /privacy-compliance.

Quels sont vos sous-traitants ?

Quatre sous-traitants, tous européens : Clever Cloud (hébergement, France, ISO 27001), Mistral AI (briefings hebdomadaires, France), DB-IP édité par Eris Networks (géolocalisation, France), Brevo (email transactionnel et webhook, France). La liste complète et son DPA sont documentés dans l'onglet Conformité du dashboard.

Comment gérez-vous le trafic des IA (ChatGPT, Claude, Gemini, Perplexity) ?

Les visites issues des chats IA sont séparées du trafic humain classique, et les crawlers IA peuvent être captés côté serveur ou CDN. Le dashboard les restitue dans la section Présence IA : score présence IA, crawls IA, visites depuis chats IA, agents détectés, pages citées et répartition.

Quelle est la taille du tracker JavaScript ?

Environ 2 KB une fois compressé. Le script est self-hosted depuis votre propre domaine analytics, sans CDN externe, sans dépendance tierce. Une discipline interne garde le tracker près de cette cible — au-delà, la release ne sort pas.

Comment exporter ou supprimer mes données ?

Export CSV et JSON directement depuis l'interface ou via l'API publique, sans frais. Effacement à la demande (RGPD art. 17) en un clic depuis les paramètres de votre site. La rétention est de 90 jours sur les events bruts et 25 mois sur les agrégats — au-delà, les données sont purgées automatiquement.

Manifesto · sprint 2026

Measure what your visitors do, not who they are.

Cookieless web analytics with no persistent identifier, hosted in Europe, usable everywhere. The dashboard brings Analytics, Compliance and Integration into a verifiable interface.

Hosted in France (EU) Tracker ≈ 2 KB gzip 6 languages Retention 90 d / 25 mo ISO 27001 (host)

Why yet another analytics tool?

Because we wanted an end-to-end coherent tool: a useful Analytics view, a Compliance view a DPO can work with, and an Integration view with the snippet, install test and AI crawler capture. The manifesto should therefore describe what the dashboard actually shows.

So we built what we wanted to use: honest, cookieless, privacy-first audience measurement — sacrificing nothing on the analytics side.

Our principles

1. Absolute sovereignty

Production analytics data stays hosted in the European Union. Known operational processors are documented in the DPA and the Compliance view; the tracker is served without a third-party CDN.

2. Zero cookies, zero fingerprint

Daily-rotating visitor ID (monthly salt + date in HMAC), aggregation thresholds applied to every data crossing, owner included, IP never stored. Privacy is an invariant, not an option.

3. Verifiable compliance

GDPR self-assessment export, pre-filled processing register, online-signable DPA, per-jurisdiction documentation (GDPR · CCPA · Law 25 · Privacy Act). All available from your dashboard.

4. Proportional retention

90 days for raw events, 25 months for aggregates. No archive outside the database. Your data doesn't linger — that's GDPR data minimization in spirit.

Context

A brief history of web analytics — and why it had to be redone.

Thirty years of audience measurement in nine milestones. Pioneers, ad-tech monopoly, GDPR earthquake, waves of fines, AI breakthrough — and the gap that was left to fill.

1993
The first hit counter

Webhits, then Analog (1995), invent reading Apache log files. Web analytics is born server-side: one number, one page, zero JavaScript. Privacy is implicit — there's simply no one to track.
2005
Google buys Urchin and invents free analytics

Google Analytics launches. Free, powerful, tagged everywhere. The implicit deal: you measure your site, your data flies to Californian servers. For a billion websites, it became the default for fifteen years.
2016 → 2018
GDPR rewrites the rules

Adopted in 2016, enforceable on 25 May 2018, the GDPR requires transparency, minimisation, data-subject rights and strict safeguards for transfers outside the EU. Cookie banners flood the web.
2018 → 2019
A new wave of privacy-first analytics

GDPR opens a market: Matomo (renamed in January 2018, ex-Piwik), Fathom Analytics (2018, Canada / UK), Simple Analytics (October 2018, Netherlands) and Plausible Analytics (April 2019, Estonia, open source) all answer the same question: can you measure an audience without cookies, without cross-site IDs, without reselling data? The first generation of concrete answers.
2020
Schrems II ruling: the earthquake

On 16 July 2020, the Court of Justice of the European Union hands down ruling C-311/18 (Schrems II) and strikes down the Privacy Shield. The operational takeaway is simple: international data transfers must be documented, contractually governed, and checked case by case. Its successor, the Data Privacy Framework (July 2023), remains closely watched.
2022
Google Analytics declared illegal in Europe

Austria fires the opening shot in January 2022 (DSB). France's CNIL follows on 10 February. Then Italy (Garante), Denmark, Norway, Finland, the Netherlands. The shared verdict: GA exposes European visitors to US surveillance. Public sites must migrate urgently.
2023
A record year for GDPR fines

Meta is hit with €1.2 billion in May for illegal EU → US transfers (Ireland's DPC). TikTok gets €345 million for handling minors' data. Criteo is fined €40 million for ad targeting without consent (France's CNIL). Cumulative GDPR fines to date: over €4 billion.
2024 → 2025
ChatGPT, Claude, Gemini: a new audience

AI assistants become a traffic source in their own right: they cite pages, send crawl bots, and refer visitors from their chat windows. Classic analytics tools count them as humans — or ignore them as noise. Marketers fly blind.
2026
snorklee — the analytics that comes next

Post-Google Analytics, post-cookie, minimised and hosted in the EU. Humans and AI counted separately, multi-jurisdiction support file (GDPR, CCPA, Law 25, Privacy Act), documented European operational processors. Not a certification: a verifiable architecture. We wanted to use it ourselves, so we built it.

Concrete commitments

What these principles change for your team.

Analytics should not create a legal, technical and marketing project at every release. Our role: make measurement easier to explain, easier to audit, and more useful day to day.

For marketing

In the Analytics view: human KPIs, sources, pages, conversions, SEO search and AI presence. AI chat visits and AI crawlers stay separate from human traffic.

For the DPO

In the Compliance view: Status & documents, electronic DPA signature, retention periods, export and erasure, DPO contact. A verifiable working base, not legal advice.

For developers

In the Integration view: install the tracker, test installation, WordPress plugin, platforms and AI crawler capture. Less fragile integration, more concrete diagnostics.

For leadership

A documented European stack, readable costs and data that remains actionable. You choose a tool your team can defend in front of a client, an audit or an internal committee.

For visitors

No analytics cookies, no cross-site tracking, no advertising profile. People visit your site, you measure what works, and each side stays in its lane.

For product teams

Events, content, errors and sources live in the same place. The dashboard helps prioritize what deserves fixing, not just watch a line go up.

Frequently asked

Precise answers, no detours.

Do I need a cookie banner with snorklee?

No, not for snorklee alone. Measurement uses no cookie and no persistent identifier: no cookie, no fingerprint, daily-rotating ID, IP never stored; the statistics returned are anonymised. European data-protection authorities consider this type of audience measurement exempt from consent collection, provided no other consent-bound tracker is loaded on the page.

Do my data ever leave the EU?

Production analytics data is hosted in the European Union. Known operational providers are European: Clever Cloud, Mistral AI, DB-IP published by Eris Networks, Brevo. Any changes are documented in the DPA.

How do you identify a visitor without a cookie?

Via an HMAC ID computed server-side from a monthly-rotating salt and today's date. That ID changes automatically every night, cannot be cross-site joined, and is never stored on the browser side. The IP is never persisted.

Do you help with GDPR-compliant use?

Yes. snorklee is designed to support compliant use: no analytics cookie, no fingerprinting, no cross-site ID, raw IP not stored, 90-day raw event retention and 25-month aggregates. Opt-out, export, erasure, self-assessment, register and DPA are included. You remain responsible for your legal basis, visitor notice and other tools.

Can I use it in the US, Canada or Australia too?

Yes, subject to checking your context. The technical foundation is European (GDPR), without analytics cookies or cross-site ID. Supporting documents and contractual clauses exist for California (CCPA / CPRA), Canada (PIPEDA + Law 25), Australia (Privacy Act). Per-jurisdiction detail: /privacy-compliance.

Who are your sub-processors?

Four, all European. Clever Cloud (hosting, FR, ISO 27001), Mistral AI (AI briefings, FR), DB-IP published by Eris Networks SAS (geolocation, FR, SIREN 807 778 212), Brevo (transactional email, FR). The full list and DPA are documented in the Compliance tab of your dashboard.

How do you handle AI traffic (ChatGPT, Claude, Gemini, Perplexity)?

AI chat visits are separated from classic human traffic in the AI presence section. AI crawlers can be captured from the Integration view when a server or CDN module is available. The report shows AI presence score, AI crawls, AI chat visits, detected agents, cited pages and distribution.

How big is the JavaScript tracker?

Around 2 KB once compressed. The script is self-hosted from your own analytics domain, without external CDN or third-party dependency. An internal discipline keeps the tracker close to that target — past that, no release ships.

How do I export or delete my data?

CSV and JSON export from the UI or via the public API, free. Deletion on request (GDPR art. 17) in one click from your site settings. Retention: 90 d raw events, 25 mo aggregates — beyond that, automatic purge.

If these principles resonate…

…you're in the right place. Start in 2 minutes, no card.

Get started Contact

Measure what your visitors do, not who they are.

Why yet another analytics tool?

Our principles

1. Absolute sovereignty

2. Zero cookies, zero fingerprint

3. Verifiable compliance

4. Proportional retention

A brief history of web analytics — and why it had to be redone.

The first hit counter

Google buys Urchin and invents free analytics

GDPR rewrites the rules

A new wave of privacy-first analytics

Schrems II ruling: the earthquake

Google Analytics declared illegal in Europe

A record year for GDPR fines

ChatGPT, Claude, Gemini: a new audience

snorklee — the analytics that comes next