Why Snorklee does not add a cookie banner
Snorklee sets no analytics cookies, uses no local storage for audience measurement and does not track visitors across sites. In standard configuration, using it therefore does not add a cookie banner to your site — subject to your other tools.
For Snorklee alone: no analytics cookies, no local storage, no cross-site tracking.
A cookie banner is generally linked to trackers that read or write information on the visitor's device, or to other processing requiring consent. Snorklee is designed to measure audience without these mechanisms. Advertising, social pixels, A/B testing, embedded videos, chat, maps or marketing CRM must be assessed separately.
Advertising tracking mechanisms stay out of scope.
Snorklee limits collection on the analytics side: no analytics cookies, no localStorage or sessionStorage for audience measurement, no fingerprinting, no advertising identifier, no cross-site tracking, no sale or advertising sharing of audience data.
- No audience-measurement cookie. The only cookie set is « snorklee_sid », a session cookie created after you sign in to your dashboard — strictly necessary, therefore exempt from consent under article 5(3) of the ePrivacy directive (2002/58/EC). The tracker itself sets nothing.
- No identifier that follows you over time. To tell two visits apart within a single day, snorklee derives a pseudonym recomputed every day (a non-reversible hash), never stored as-is; the salt that produces it is renewed monthly and the IP address is never kept. From one day to the next, no link remains.
- No cross-site tracking, no advertising, no campaign parameters. Campaign parameters (UTM) are neutralised on arrival, never stored. So no campaign information is read from or written to your terminal, nor kept: there is nothing to consent to. (This also reinforces the « audience measurement » scope defined by the European data protection authorities.)
- Unique visitors are counted without a list: no identifier kept, no one can be extracted from it. Unique visitors are estimated with a probabilistic counter (HyperLogLog, ±1-2 % margin) that keeps no visitor list: it holds a statistical fingerprint, not individuals. No one can be extracted from it.
- Crossed views apply aggregation thresholds. As soon as two dimensions are crossed (e.g. country × page) or a filter is active, an occurrence floor masks any combination below the confidentiality threshold — no identifier links two events together. The rule is identical for everyone, the authenticated site owner included — no privilege, no re-identifying view.
What the technical choice avoids on the privacy side.
| Technical choice | Privacy effect | Related documentation |
|---|---|---|
| No measurement cookie | No reading from or writing to the terminal for measurement | ePrivacy art. 5(3) (dir. 2002/58/CE) |
| Non-persistent identifier | Non-reversible daily pseudonym, monthly salt, IP never kept | RGPD art. 4(5) |
| No UTM or campaign tracking | Neutralised at ingestion → nothing read from or written to the terminal, nothing to consent to | ePrivacy art. 5(3) (dir. 2002/58/CE) |
| Counting by estimation (HLL) | No visitor list, aggregate non-individualised data | EDPB Guidelines 2/2023 |
| occurrence floor on every crossing | No re-identifiable cell, owner included | RGPD art. 5(1)(c) |
| GPC / DNT signal honoured | A browser that opts out is never measured | RGPD art. 21 · CCPA / GPC |
| US: documented service-provider role | No sale or sharing of data, no advertising identifier | CCPA / CPRA · DPA art. 28 |
One architecture, two legal rationales.
In Europe — designed not to add analytics-cookie consent
In Europe, ePrivacy rules notably govern access to or storage of information on the visitor's device. Snorklee is designed to measure audience without analytics cookies, localStorage, sessionStorage or fingerprinting. In standard configuration, Snorklee therefore does not add a cookie banner to your site. This conclusion does not cover your other tools: advertising, social pixels, embedded content, A/B testing, chat or CRM must be assessed separately.
In the United States — no sale or advertising sharing by Snorklee
US privacy regimes generally rely less on a prior banner than on information, opt-out rights and controls around certain advertising uses. Snorklee processes audience data on behalf of the customer, without sale, without advertising sharing and without advertising identifiers. Whether a “Do Not Sell or Share” link is needed depends on all tools used on the site, not only Snorklee.
And the advanced features: funnels, revenue, SEO?
Some features go beyond simply counting page views. That is why they are clearly documented: custom events, aggregated revenue, funnels, Search Console or AI Presence. Snorklee applies aggregation thresholds, keeps no stable identifier and does not return exploitable individual rows in the dashboard. If you send events containing personal data yourself, that configuration falls outside the recommended scope.
Snorklee technically limits analytics-side collection. The site publisher remains responsible for its other tools, visitor information, legal bases and any cross-referencing it may perform with its own systems, such as CRM, server logs or a customer database.
Documents to review.
This page explains how it works. These documents help you review scope, retention, processors and visitor wording against your own context.
- The DPA (data processing agreement) — processor status, GDPR art. 28 clauses, CCPA addendum
- The privacy policy — accounts, support, audience and processors
- GDPR & ePrivacy compliance in detail
- Retention periods — raw events, aggregates and recovery
- Visitor rights (CCPA / CPRA)
- The data protection contact — details and customer assistance
- International compliance (US, Canada, Australia)
Measure your audience without adding an analytics cookie banner.
Try Snorklee for 30 days, no credit card. Install the snippet, check your first visits and keep clear documentation for your DPO.