Enable privacy-first tracking that works without cookies and doesn't require consent banners.
What is Privacy Mode?
Privacy mode is a cookieless, privacy-focused tracking configuration that:
- Uses no cookies
- Doesn't store IP addresses
- Creates no persistent identifiers
- Complies with GDPR without consent
- Respects user privacy by default
Enabling Privacy Mode
Dashboard Setup
Privacy mode is enabled in the dashboard:
- Go to Settings → Privacy
- Toggle Privacy Mode ON
- Optionally enable Full IP Anonymization
- Save changes
These settings are delivered to the tracker automatically via the /load endpoint -- no script attribute changes needed.
Script Tag
Your script tag stays simple:
<script
defer
data-tracking-code="YOUR_TRACKING_CODE"
src="https://api.zenovay.com/z.js"
></script>
Note: Zenovay respects Do Not Track (DNT) and Global Privacy Control (GPC) by default. No attribute is needed for this. Use
data-ignore-dnt="true"only if you need to override this behavior and track anyway.
Feature Comparison
Standard vs Privacy Mode
| Feature | Standard | Privacy Mode |
|---|---|---|
| Page view tracking | ✓ | ✓ |
| Event tracking | ✓ | ✓ |
| Traffic sources | ✓ | ✓ (domain only) |
| Geographic data | City | Country only |
| Device/browser | ✓ | ✓ |
| Session tracking | ✓ | Limited |
| Returning visitors | ✓ | ✗ |
| Cross-session tracking | ✓ | ✗ |
| User identification | ✓ | ✗ |
| Cookies used | Yes | No |
| Consent required | Usually | No |
Data Differences
Standard Mode:
Visitor arrives:
├── Session cookie set (24h expiry)
├── Visitor ID created (hash of IP+UA)
├── Full URL with parameters recorded
├── Full referrer URL recorded
└── City-level geolocation stored
Privacy Mode:
Visitor arrives:
├── No cookies set
├── Random session ID (page-level only)
├── URL stripped of parameters
├── Referrer domain only
└── Country-level geolocation only
Technical Details
Visitor Identification
Standard: Consistent ID across sessions
Day 1: Visitor v_abc123 visits
Day 2: Same visitor v_abc123 returns
↪ Counted as returning visitor
Privacy: Per-page random ID
Day 1: Visitor random-1 visits
Day 2: Same person, new random-2
↪ Counted as new visitor
URL Handling
Standard: Full URL with parameters
https://example.com/products?campaign=summer&source=email
Privacy: Stripped URL
https://example.com/products
Referrer Handling
Standard: Full referrer
https://google.com/search?q=analytics+tools
Privacy: Domain only
google.com
IP Address
Standard: Hashed, used for geo and visitor ID
IP → GeoIP lookup → Store location + visitor hash
Privacy: Transient, never stored
IP → Country lookup → Discard IP immediately
Analytics Impact
What You Keep
- Page view counts
- Event tracking
- Traffic source channels (organic, social, direct)
- Device and browser stats
- Country-level geography
- Session duration (within single page)
What You Lose
- Returning visitor detection
- Multi-session journey tracking
- City-level geography
- User path analysis
- Conversion attribution (multi-session)
Accuracy Trade-offs
| Metric | Standard | Privacy Mode |
|---|---|---|
| Total page views | 100% | 100% |
| Unique visitors | Accurate | Overcounted ~20-30% |
| Sessions | Accurate | Undercounted |
| Bounce rate | Accurate | Less accurate |
| Time on site | Accurate | Per-page only |
When to Use Privacy Mode
Recommended For
- EU-focused sites without consent management
- Privacy-sensitive industries (healthcare, legal)
- Government sites with strict requirements
- Sites avoiding consent banners
- Minimal tracking needs
Not Recommended For
- E-commerce needing conversion attribution
- SaaS tracking user journeys
- Marketing measuring campaign effectiveness
- Sites with consent management already
Hybrid Approach
Conditional Loading Based on Consent
// Only load tracking after consent is granted
function handleConsent(granted) {
if (granted) {
const script = document.createElement('script');
script.src = 'https://api.zenovay.com/z.js';
script.setAttribute('data-tracking-code', 'YOUR_TRACKING_CODE');
document.head.appendChild(script);
}
}
Privacy mode itself is controlled via dashboard Settings → Privacy. If you need different behavior per region, configure this through the dashboard or conditionally load/skip the tracker entirely based on user consent.
Additional Privacy Options
Respect Do Not Track
Zenovay respects DNT by default. No additional attribute is needed. If you need to override this behavior:
<script
data-tracking-code="YOUR_TRACKING_CODE"
data-ignore-dnt="true"
src="https://api.zenovay.com/z.js"
></script>
When DNT is enabled and respected, tracking is disabled entirely.
Global Privacy Control (GPC)
GPC is respected by default, just like DNT. When a visitor's browser sends a GPC signal, Zenovay automatically honors it. No script attribute is needed.
Combining Privacy Options
Privacy mode, IP anonymization, and URL parameter stripping are all configured in the dashboard under Settings → Privacy. Your script tag remains simple:
<script
defer
data-tracking-code="YOUR_TRACKING_CODE"
src="https://api.zenovay.com/z.js"
></script>
Note: DNT and GPC are respected by default -- no attribute needed. Use
data-ignore-dnt="true"only to override this behavior.
Dashboard Changes
Privacy Mode Indicators
When viewing data from privacy mode:
- "Privacy Mode" badge shown
- Returning visitor metrics hidden
- User journey features disabled
- Clear indication of data limitations
Filtering
Filter: Tracking Mode
├── All Traffic
├── Standard Mode Only
└── Privacy Mode Only
Legal Implications
GDPR
Privacy mode is designed to not process personal data:
- No persistent identifiers
- No IP storage
- Can rely on legitimate interest
- Consent banner not required
CCPA
Privacy mode reduces personal information collection:
- No "sale" of data
- Minimal tracking footprint
- Easier compliance
ePrivacy
Cookie rules don't apply when:
- No cookies are set
- No local storage used
- No device fingerprinting
Configuration via API
Enable for Website
curl -X PATCH "https://api.zenovay.com/api/v1/websites/your-website-id" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d '{
"privacy_mode": true,
"ip_anonymization": "full"
}'
Note: DNT and GPC are always respected by default and do not need to be enabled.
Check Current Settings
curl -X GET "https://api.zenovay.com/api/v1/websites/your-website-id" \
-H "Authorization: Bearer YOUR_API_KEY"
Best Practices
Implementation
- Start with privacy mode if unsure about consent
- Add consent management if you need more features
- Document your choice in privacy policy
Transparency
Include in privacy policy:
We use privacy-focused analytics that:
- Does not use cookies
- Does not store your IP address
- Cannot track you across visits
- Does not create a personal profile
This allows us to understand how our website is used
without collecting personal data.
Regular Review
- Audit your tracking setup quarterly
- Ensure configuration matches intent
- Update documentation as needed
Troubleshooting
Data Seems Wrong
Privacy mode causes:
- Higher unique visitor counts
- Lower returning visitor counts
- Inaccurate session duration
This is expected behavior, not a bug.
Features Not Working
These don't work in privacy mode:
- User identification
- Conversion attribution
- User journey tracking
- Funnel analysis
GPC/DNT Detection
Verify detection:
console.log('DNT:', navigator.doNotTrack);
console.log('GPC:', navigator.globalPrivacyControl);