Security

Simple Analytics is designed to reduce risk by collecting minimal data and keeping systems simple.

Minimal data

We don't collect or store personal data

EU-hosted

All analytics data is processed in the Netherlands

No tracking

No cookies, no identifiers, no cross-site tracking

Minimal attack surface

Less data collected means less data exposed

SOC 2 (in progress)

We are working toward SOC 2 Type II certification

Privacy by design

We don't collect, store, or process personal data. That fundamentally reduces risk.

Traditional analytics tools collect large amounts of user-level data, which increases both complexity and risk. Simple Analytics takes a different approach by avoiding the collection of personal data altogether. Even in the event of a security incident, the potential impact is significantly reduced.

No cookies or persistent identifiers
No cross-site tracking
No IP addresses stored (discarded immediately)
No identifiers or fingerprints
No user-level tracking or profiling
Metrics are aggregated and not linked to individuals

Learn more about our data collection

Data ownership

You own your data. We never share or sell it.

Your analytics data belongs to you. We do not use, sell, or repurpose it. Even our infrastructure providers cannot read your data in plain form.

You retain full ownership of your data
We do not sell or share your data with third parties
Access is restricted to a small number of core team members
Data is encrypted, and only Simple Analytics controls the decryption keys
Export your data at any time

Infrastructure & hosting

All analytics data is hosted within the European Union with robust security measures.

Our infrastructure is based in the Netherlands and operated by EU-based providers. We use a small number of infrastructure providers to reduce operational complexity and limit exposure.

Data stored in the Netherlands (EU)
Hosted on infrastructure from Worldstream and Leaseweb
No transfer of analytics data outside the EU
Encryption in transit (HTTPS) and at rest
Redundant infrastructure across multiple providers
Regular backups and continuous security updates
CDN for performance and network protection
Monitoring and uptime tracking

Access control

Access to production systems is restricted and monitored. Only a limited number of team members can access sensitive systems.

Restricted production access
Authentication controls including MFA where applicable
Logging and monitoring of system activity
Vendors must meet security and privacy standards
Preference for EU-aligned providers
Vendor practices reviewed before adoption with periodic re-evaluation

Compliance & data retention

Simple Analytics is built with European privacy regulations in mind and is used by companies that require strong compliance standards.

We retain data only as long as necessary to provide our service. Customers have full control and can export or delete their data at any time.

GDPR-compliant by design
EU-based company (Netherlands)
Data Processing Agreements available
SOC 2 Type II in progress
Retention based on subscription plan
Data stored only while account is active
Data deleted after account deletion (fully removed after 90 days)

GDPR Compliance Data Collection Data Processing Agreement Subprocessors Privacy Policy

For security or compliance questions:

Open contact form