Privacy Policy

Last updated: April 15, 2026

The short version

Transiet is a privacy-first web analytics service. We do not use cookies, we do not track individuals across sites, and we do not sell or share your data with anyone. If you visit a site that uses Transiet, we collect the bare minimum needed to count a page view — and nothing more.

What we collect from site visitors

When you visit a website that uses Transiet, our script sends:

  • The page URL (pathname only)
  • The referrer URL (where you came from)
  • Screen width (to determine device type)
  • Time spent on the page

Your browser also sends your IP address and user agent as part of the HTTP request. We use these server-side to derive a few things — then we throw them away. Here is exactly what happens:

  • IP address — used once to look up your country and state/region (never city, postal code, or precise coordinates) and to generate a daily visitor hash. The raw IP is never stored in our database, logs, or anywhere else.
  • User agent — used once to parse browser name, operating system, and device type. The raw user agent string is never stored.

How visitor identification works

We generate a one-way hash from your IP, user agent, the site you're visiting, the current date, and a random salt that rotates every 24 hours. This produces a visitor identifier that cannot be reversed, cannot be used to identify you, and expires every day. Tomorrow's hash will be completely different — even for the same visitor.

The hash is also scoped to each site. If you visit two different sites that both use Transiet, there is no way to connect those visits. Cross-site tracking is architecturally impossible.

What we never do

  • Set cookies of any kind
  • Write to localStorage or sessionStorage
  • Store raw IP addresses
  • Store raw user agent strings
  • Resolve location below state/region level (never city or postal code)
  • Track visitors across different websites
  • Create persistent visitor profiles
  • Sell, share, or transfer data to third parties for advertising

What we store in the database

Each page view event contains:

  • Page pathname
  • Referrer and referrer source
  • UTM parameters (if present in the URL)
  • Country code and state/region (e.g. "US", "California")
  • Device type (desktop, mobile, tablet)
  • Browser name and operating system
  • A daily-rotating visitor hash (not reversible)
  • A session hash (30-minute windows)
  • Time spent on the page
  • Timestamp

That is the complete list. There is no hidden data collection.

Data for Transiet customers

If you create a Transiet account, we store your email address and a hashed password for authentication. If you subscribe, we share your email with Stripe to process payments. We use Resend to send transactional emails (verification, password resets, trial reminders). We do not send marketing emails.

Third-party services

  • Stripe — payment processing. Receives only what is needed to manage your subscription.
  • MaxMind GeoLite2 — country and state/region-level geolocation. IP lookups happen locally on our server; no visitor data is sent to MaxMind. We never store city, postal code, or precise location data.
  • Resend — transactional email delivery for account holders only.

GDPR

Transiet is designed to be GDPR-friendly without requiring cookie consent banners. We do not process personal data in the way that most analytics tools do. No cookies, no persistent identifiers, no individual tracking. Site owners who use Transiet generally do not need a cookie banner for our script.

Data retention

Analytics data is stored as long as your account is active. If you cancel your subscription, your data is retained during the grace period. After account deletion, all associated analytics data is permanently removed.

Contact

Questions about this policy? Email privacy@transiet.com.