Skip to content

Private analytics

4Analytics privacy statement

4Analytics has been started in 2024, at a time when website visitors privacy considerations are not only a key point for many people using the web around the world but has already been part of the law of many lands for some time.

We share this concern and want to provide a native Joomla Analytics solution that provides both useful information and completely respect visitor privacy.

The statement

4Analytics does not store any private information from your website visitors. Private information is understood in the largest possible meaning, including IP address for instance.

A very important consequence of 4Analytics private-by-design operation for someone building or running a Joomla website is that:

The statement consequences for you

  • No need to ask for user consent. You do not need a cookie-consent extension.
  • Simply update your Privacy Policy to mention the use of privacy-focused technology for traffic measurement.

But why?

The most well-known privacy regulation certainly is GDPR in the European Union but there are many others:

A few privacy laws from around the world
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • Colorado Privacy Act (CPA)
  • USA Federal laws for specific sectors like HIPAA for healthcare and FERPA for education
  • Japan's Act on Protection of Personal Information (APPI)
  • Singapore's Personal Data Protection Act (PDPA)
  • South Korea's Personal Information Protection Act (PIPA), one of Asia's strictest frameworks
  • Brazil's Lei Geral de Proteção de Dados (LGPD), heavily influenced by GDPR
  • Argentina's Personal Data Protection Law
  • Mexico's Federal Law on Protection of Personal Data
  • Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Australia's Privacy Act 1988 and Australian Privacy Principles (APPs)
  • South Africa's Protection of Personal Information Act (POPIA)

This non-exhaustive list shows 2 things in our opinion:

  • privacy is a global concern, not just limited to the European Union. It's only going to be stricter and stricter
  • while many of these policies are similar to the GDPR, there are still too many to be sure to comply with all of them

This is why we selected from the start to:

  • not use any cookie
  • use privacy-oriented technologies to still obtain most of the information that cookies would give us

A good read on the matter is this legal analysis blog post by Plausible, a privacy-focused analytics solution.

4Analytics uses techniques similar to that of Plausible (but not quite exactly the same: they host your data, we don't).

We're not lawyers of course, so you'll need to get your own advice on the matter, but we believe this analysis applies entirely to 4Analytics.

You have a deeper description of technologies 4Analytics uses to do its job on the Technology page.

Data storage

One of the issue with any analytics solution is where data is stored. Using Google Analytics could be fine in the European Union for instance, in terms of privacy at least. But the remaining problem is that they are a US-company and store all data in the US. And even if they stored all your data in Europe, American laws force them to grant access to any government or official entity.

So where does 4Analytics stores all your analytics data, and is that data safe from anyone else?

4Analytics does not store your data. You do. On your server. In your country, or at least in the country where you chose to locate your server. Your data is yours.

Cookies

Cookies are used by common analytics solutions to:

  • identify returning visitors and new visitors
  • track what visitors are doing on your site, including for instance which pages they visit and in which order

The problem with cookies is that they identify visitors individually. With cookies, no privacy is possible.

Another issue with them is that browsers start to block some of them, and many users have privacy software, such as ads blockers that block many cookies.

Analytics system that rely on cookies simply will not see or measure any traffic from users with privacy software on their device. Studies have shown this can amount to up to 25% of actual visitors.

  • Most analytics services such as Google Analytics use cookies.
  • Software such as Matomo can be configured to be private and GDPR-compliant, but they are not by default
  • Existing Analytics Joomla extensions such as JRealtime Analytics use cookies and therefore require a cookie-consent extension. They are not GDPR-compliant by design and out of the box, as they require another extension to collect, store and manage user consent

As said before, 4Analytics does not use any cookie.

Identifying new vs returning visitors, counting unique visitors and visits

As 4Analytics does not use cookies, it recognizes new and returning visitors, count individual visitors and many visits they make to your site with other techniques.

Again, we suggest you visit the Technology page for all details but here is the short version:

New vs returning visitors

4Analytics uses an anonymous caching header to learn if a user has been visiting this site in the past. It cannot tell which visitor it was, simply it knows this visitor was there before.

Unique visitors, and grouping them by visit

A visit is a series of pages viewed by the same visitor in a given period of time, typically 30 minutes (you can change that).

To decide if the current page is the first a visitors sees, or whether it's their second, third or more in a row, we must identify them.

We do that by building a unique ID for each visitor that:

  • does not let the visitor be personally identified
  • only lasts a day

If two pages views are from the same visitor ID, there's a good chance it's the same visitor. We don't know which visitor, but it's likely the same.