Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Simple Analytics is a privacy first web analytics platform built in Amsterdam by Simple Analytics B.V. It is cookieless by design, hosts every byte in the EU and is explicitly listed by the CNIL among the analytics tools that can be deployed without a consent banner. Its dashboard publishes the GDPR positioning, the data sources and the absence of any third country transfer in plain language.
Simple Analytics is a privacy first web analytics platform founded in 2018 by Adriaan van Rossum in Amsterdam. It is the closest mainstream alternative to Plausible Analytics in the cookieless segment and was explicitly listed by the French CNIL in its 2023 update of the analytics exemption guidance as a tool that can be deployed without prior consent. Simple Analytics publishes a public roadmap, an open architecture document and a one click DPA on the dashboard.
The publisher inserts a single asynchronous script tag pointing to scripts.simpleanalyticscdn.com or to a custom subdomain proxy. On every page load the script sends a single beacon to a Simple Analytics EU collector containing the URL, the referrer (host only), the screen size bucket and the browser family. No cookie, no localStorage, no IP storage, no fingerprinting and no cross site tracking. Custom events can be sent through the sa_event JavaScript API.
Simple Analytics sets no cookie at all and does not write to localStorage. The IP address is used only at request time to derive the country code and is then hashed for one hour to deduplicate visitors within the same day; the raw IP is never persisted. The user agent is parsed in memory to extract the browser family (e.g. Chrome on Mac) and discarded. No personal identifier is stored.
Because Simple Analytics writes nothing to the visitor terminal, the Art. 5(3) ePrivacy obligation to obtain consent before storing or accessing data on the terminal does not apply. The CNIL explicitly listed Simple Analytics in its 2023 list of analytics tools that fit the consent exemption, alongside Matomo (cookieless), AT Internet Piano and a few others. The publisher can therefore deploy it without a banner, provided it is the only analytics in use.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
No CMP integration is required for Simple Analytics itself. If you nevertheless deploy Simple Analytics alongside other tracking tools that require consent, expose it as a Strictly necessary or Privacy first analytics category that is always active. Mention Simple Analytics in your privacy policy with the legitimate interest legal basis and the EU data flow.
All Simple Analytics infrastructure is in Amsterdam, Netherlands, on European bare metal servers operated by the company itself. The DPA explicitly states no transfer outside the EEA, no US sub processor and no use of Cloudflare or other US CDNs in the data path. This makes Simple Analytics one of the rare commercial analytics tools that fully sidesteps the Schrems II difficulty.
Add the Simple Analytics tag to the head of every page. Sign the DPA from the dashboard (one click). Add Simple Analytics B.V. to your Article 30 register with legitimate interest as the legal basis. Mention it in your privacy policy with a link to the public dashboard if you choose to publish your stats publicly. No banner is required for Simple Analytics itself.
Websites using Simple Analytics must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required because Simple Analytics processes only aggregated, non personal data (no IP stored, no cookie, no identifier). Document the lawful basis (legitimate interest), the EU only data flow and the absence of subprocessors outside the EEA in your processor register.
Sample consent text
We use Simple Analytics, a privacy first analytics tool that does not store any cookie, IP address or personal identifier. No consent is required for this measurement under the CNIL R32 exemption.
Third-party domains contacted
simpleanalytics.comscripts.simpleanalyticscdn.comqueue.simpleanalyticscdn.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| (no cookie) | none | n/a | Simple Analytics is cookieless by design and writes no cookie or localStorage entry on the visitor terminal. |
Simple Analytics collects user analytics data — you legally need a consent banner. Try FlowConsent free.
None. Simple Analytics is cookieless by design and writes nothing to the visitor terminal: no cookie, no localStorage and no fingerprint. The IP address is hashed in memory for one hour and then discarded.
No. Because Simple Analytics writes nothing to the visitor terminal, the Art. 5(3) ePrivacy obligation to obtain consent does not apply. The CNIL listed Simple Analytics in 2023 among the analytics tools that fit the consent exemption.
Legitimate interest (Art. 6(1)(f) GDPR). The aggregated data does not include personal identifiers, IP addresses or persistent cookies, so the balancing test is straightforward: the publisher has a legitimate interest in measuring traffic, the visitor expectation is that aggregated statistics will be collected and the rights of the visitor are not impacted.
No. All Simple Analytics infrastructure is in Amsterdam (Netherlands) on European bare metal servers operated by the company itself. The DPA explicitly states no transfer outside the EEA, no US sub processor and no US CDN in the data path.
No. Simple Analytics processes only aggregated, non personal data (no IP stored, no cookie, no identifier) and therefore does not meet the criteria for a DPIA under Art. 35 GDPR.
Add the Simple Analytics tag to the head of every page. Sign the DPA from the dashboard (one click). Add Simple Analytics B.V. to your Article 30 register with legitimate interest as the legal basis. Mention it in your privacy policy. No banner is required.
Other privacy first analytics tools include Plausible Analytics (open source, Germany), Fathom Analytics (Canada, EU hosted option), Pirsch (Germany), Umami (open source, self hosted), Cabin (Germany) and Matomo in cookieless mode. For warehouse native data, Snowplow self hosted is the closest professional alternative.
Mention that Simple Analytics is used and that no cookie is set. List Simple Analytics B.V. (Amsterdam) as the processor with a link to the public DPA. No periodic update is required because the cookieless architecture is contractual, not configurable.