Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Seline is an EU hosted cookieless web analytics platform built in Estonia that delivers privacy first metrics without persistent identifiers, generally not requiring user consent under Article 5(3) ePrivacy.
Seline is a privacy first web analytics platform built and hosted in the European Union by an Estonian team. It positions itself as a Google Analytics alternative for European publishers and SaaS founders who want simple, ePrivacy friendly metrics. Seline tracks page views, custom events, conversions and source attribution without persistent identifiers in the default mode. The script is lightweight, the data stays in Frankfurt on Hetzner infrastructure, and the dashboard exposes only aggregated counts.
In its default cookieless configuration Seline does not write any cookie or localStorage entry. Instead, the server computes a daily rotating hash from the visitor IP, the user agent and the website domain to estimate unique visitors for the day; this hash is not stored beyond 24 hours. The platform receives the URL of each page view, the referrer, the country derived from the IP, the device class and any custom event payload defined by the publisher. No advertising IDs and no cross site identifiers are processed.
Because the default Seline configuration does not write or read any identifier on the user terminal, Article 5(3) of the ePrivacy Directive does not apply, in line with EDPB and CNIL guidance for first party, aggregated audience measurement. Processing can therefore be operated under Article 6(1)(f) GDPR (legitimate interest) without prior consent. If you switch to extended retention, identifiable session replays or third party integrations, the analysis must be redone and consent will likely be required.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Seline hosts all customer data in Germany on Hetzner servers. The vendor is registered in Estonia, an EEA Member State, so there is no third country transfer for the operational service. Sub processors are documented in the DPA and limited to EU based providers. This is a notable advantage compared to most US analytics tools that still require Standard Contractual Clauses and a transfer impact assessment.
Document a legitimate interest assessment that records the cookieless design, the daily rotating hash and the EU hosting. Add Seline to your record of processing activities under web analytics. Inform users in your privacy notice that you use a cookieless analytics tool and that no personal data leaves the EU. If you later activate optional cookies, identifiable user IDs or extended retention, switch the legal basis to consent and bring Seline behind your CMP.
Websites using Seline must obtain user consent under GDPR regulations.
DPIA considerations
Low risk by design. A formal DPIA is not mandatory in the default cookieless mode. Document the legitimate interest assessment, retention periods and data minimisation choices.
Sample consent text
We use Seline (cookieless web analytics, Estonian vendor with EU hosting) which counts visits without persistent identifiers and does not track you across sites. No personal data leaves the European Union.
Third-party domains contacted
seline.socdn.seline.soapi.seline.soCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| No cookies | none | n/a | Seline is a cookieless privacy first analytics platform. It identifies sessions through a hash of user agent, IP and a daily salt, and does not write cookies or localStorage entries on the visitor browser. No client side identifiers are persisted. |
Seline collects user analytics data — you legally need a consent banner. Try FlowConsent free.
No, in its default configuration Seline does not write any cookie or localStorage entry. Unique visitors are estimated server side using a daily rotating hash that is not retained beyond 24 hours.
In the default cookieless mode, no. Because no identifier is stored or read on the user terminal, Article 5(3) of the ePrivacy Directive does not apply, in line with EDPB and CNIL guidance for aggregated first party measurement. If you activate optional persistent identifiers, prior consent becomes mandatory.
Article 6(1)(f) GDPR (legitimate interest) is appropriate for the cookieless mode that aggregates anonymous metrics. Document a legitimate interest assessment that explains the design choices, the daily rotating hash and the EU hosting.
No. Seline hosts data exclusively in Germany on Hetzner Frankfurt and the company is registered in Estonia. Sub processors are limited to EU based providers. There is no third country transfer for the operational service.
A formal DPIA is not mandatory in the default cookieless mode because the residual risk is low. Document a legitimate interest assessment, retention rules and the cookieless design instead. If you activate optional identifiable features, the DPIA decision should be reassessed.
Install the Seline script, keep the cookieless mode enabled, document the legitimate interest assessment and add Seline to your record of processing activities. Mention the cookieless analytics tool in your privacy notice and verify that EU hosting is enforced in your account settings.
Comparable privacy first analytics tools with EU hosting include Plausible Analytics (Estonia), Fathom (Canada with EU option), Simple Analytics (Netherlands), Pirsch (Germany), Matomo Cloud EU and Piwik PRO. Selection depends on event modelling, conversion goals and budget.
Mention that you use Seline (cookieless analytics, EU hosting) for aggregated audience measurement, that no persistent identifier is stored and that no personal data leaves the EU. List Seline as a processor in your privacy notice and explain the data minimisation choices.