Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Quanta is a privacy first digital analytics platform designed to give product, marketing and editorial teams a measurement layer that respects European data protection law. Quanta avoids persistent identifiers, restricts data retention and hosts the processing in the European Union, which lets compliant deployments fall within the CNIL audience measurement exemption and operate without a cookie banner.
Quanta is a digital analytics platform built to comply with European data protection law by design. The product targets controllers who want to measure audiences and conversions without relying on persistent identifiers or cross site tracking. The collection layer runs either as a lightweight JavaScript snippet or as a server side script that pushes events to the Quanta API. Behind the API, the service aggregates the data, anonymises it and produces dashboards that resemble the reports of mainstream tools without the privacy footprint of Google Analytics.
By default Quanta does not write any cookie. Returning visitors are recognised through a daily rotating salt combined with the truncated IP address and the user agent, generating a fingerprint that resets every twenty four hours. Page views, events, page titles, referrers and screen properties are stored in the European Union. Quanta does not collect names, emails or any directly identifying data unless the controller explicitly sends them as custom dimensions, which the controller should avoid in the cookieless configuration.
The CNIL recommendation of 13 January 2022 lists the conditions under which audience measurement tools fall outside the consent requirement of Article 5(3) ePrivacy: no persistent identifier shared across sites, IP truncation, limited retention, no data sharing and use restricted to audience measurement. A Quanta deployment that respects these conditions can be loaded without consent. Activating persistent identifiers, fingerprinting beyond the daily salt or sharing data with advertising partners forces the deployment back into the consent regime.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Quanta is operated within the European Union, so there is no transfer to the United States or to another third country in the standard configuration. Customers should still ask for the list of sub processors and confirm in the Data Processing Agreement that customer support, monitoring and backups remain within the European Economic Area. Reference the EU hosting in your record of processing activities and in your privacy notice.
Use the cookieless configuration, avoid sending personal identifiers as custom dimensions, set the retention period to a maximum of thirteen months, do not share data with advertising partners or other publishers, sign a Data Processing Agreement and document the configuration in the record of processing. Even when no consent is required, mention Quanta in the privacy notice with a link to the data subject rights and provide an easy opt out mechanism.
Websites using Quanta must obtain user consent under GDPR regulations.
DPIA considerations
A standard cookieless deployment of Quanta is generally low risk and rarely requires a DPIA. A DPIA becomes appropriate when the controller adds custom dimensions that store user attributes, when retention is extended, or when integrations with CRM or advertising platforms are activated. Document the configuration parameters, confirm that the deployment matches the CNIL exemption criteria and review the Data Processing Agreement.
Sample consent text
We use Quanta to measure audience without persistent identifiers, IP addresses are truncated and data is hosted in the European Union. The processing falls under the CNIL audience measurement exemption when no cross site tracking is performed, so it is operated on the basis of our legitimate interest. You can object at any time through the cookie preferences link.
Third-party domains contacted
quanta.toolsapp.quanta.toolscollect.quanta.toolsCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| No cookies | none | n/a | Quanta is a cookieless analytics platform for mobile and web apps. It uses anonymised event ingestion without persistent client identifiers, so no cookies or localStorage values are written on the visitor device. |
Quanta collects user analytics data — you legally need a consent banner. Try FlowConsent free.
In the default cookieless configuration Quanta does not write any persistent cookie. Returning visitors are reconciled through a daily rotating salt combined with the truncated IP and the user agent, which resets every twenty four hours. Custom configurations may activate a session cookie if the controller chooses to.
When configured to match the CNIL audience measurement exemption (no persistent identifier shared across sites, IP truncation, limited retention, no data sharing) Quanta can be loaded without consent. As soon as persistent identifiers, fingerprinting beyond the daily salt or data sharing with advertising partners are activated, consent is required.
Cookieless audience measurement aligned with the CNIL exemption rests on legitimate interest under Article 6(1)(f) GDPR, with a balancing test that weighs the very limited data set against the user expectations. Configurations involving identifiers or cross site tracking require consent under Article 6(1)(a).
No. Quanta is operated in the European Union, so there is no transfer to the United States or to another third country in the standard configuration. Confirm the sub processor list with the editor and document the EU hosting in your record of processing activities.
For a standard cookieless deployment a DPIA is rarely mandatory because the data set is limited and the processing is aligned with the CNIL exemption. A DPIA becomes appropriate when the controller adds custom dimensions with user attributes, extends retention or activates marketing integrations.
Use the cookieless configuration, avoid sending personal identifiers, set retention to thirteen months at most, do not share data with advertising partners, sign a Data Processing Agreement, document the configuration and provide an opt out link in the privacy notice.
Comparable privacy first analytics tools include Plausible Analytics, Matomo Analytics in cloud or self hosted mode, Fathom Analytics, Simple Analytics, Pirsch and Piwik PRO. Each has different feature sets, integrations and prices, so map your use case before switching.
In a cookieless deployment you do not need a cookie banner for Quanta, but the privacy notice must list it, describe the data collected, the legal basis (legitimate interest), the retention period and the European hosting. Provide an easy opt out link and document any change in configuration that would trigger a consent requirement.