Why privacy analytics is pay-to-play — and how we built a real free tier.
Ingest was never the expensive part. After 25 years of counting the web, we know exactly where the cost lives — and it isn't where the marketing pages suggest it does.
01 The puzzle
Privacy analytics is a small, healthy market. Plausible, Fathom, Simple Analytics, Pirsch, and a dozen others all sell roughly the same product — a lightweight script, cookieless counting, a calm dashboard. The cheapest entry point is around $9 to $19 a month. The trials are 30 days. None of them have a permanent free tier worth the name.
Meanwhile the same market has two enormous free options: Cloudflare Web Analytics and Google Analytics 4. Both have material trade-offs — GA4's retention auto-expires in 14 months, Cloudflare's data ages out around six — but they are, in fact, free.
If serving a basic dashboard for a small site genuinely cost real money, neither Cloudflare nor Google would be giving the product away. So why is the privacy-first slice of the category structured around paid plans?
It isn't bandwidth. A typical privacy-analytics beacon is a few hundred bytes. A million pageviews a month is less traffic than a single mid-sized image on a homepage. It isn't compute on incoming events either — counting is one of the cheapest operations a server does.
The cost is somewhere else. We've spent 25 years finding out where.
02 25 years of evidence
StatCounter has been running since 1999. We count for about two million sites. Over that quarter-century we've learned, mostly by failing at it first, where the real bill in this business gets written.
The expensive part of analytics isn't the counting. It's:
- Storing every event forever, so that any dimension of any event remains queryable indefinitely.
- Serving filtered, segmented, interactive reports against that store, fast enough that someone clicking around the dashboard doesn't notice.
- Keeping that store healthy — compaction, indexing, replication, backups — at a scale that grows linearly with both customers and time.
Ingest is rounding-error cheap. A row written is a row written. A row stored for nine years and queryable across fifteen dimensions is a different animal entirely.
Every privacy-analytics product on the market today is built around that second animal. They store the raw events because they want to let you filter, segment, build funnels, and run cohort comparisons. That's the product. That's also why the cheapest plan is $9 to $19 a month: somebody has to pay the storage and the query infrastructure, and a free tier that did the same thing would just be the paid tier with no revenue attached.
The hard cost in privacy analytics isn't writing the events. It's keeping them queryable.
03 The architecture
Featherweight separates the two jobs deliberately.
Free tier: rollups only
When a free account's pageview comes in, we count it into a small set of pre-aggregated rollups, keyed by site and day:
- pageviews and unique visitors over time
- top pages
- top referrers and top sources
- top countries, top browsers, top devices
- goal conversions and custom event counts
Each of these is a small fixed-shape aggregate. A site doing 500,000 pageviews a month produces a few kilobytes of rollup data per day — call it a megabyte a year, generously. We can keep that around for as long as you have an account, on hardware we already own, without ever needing to charge you. That's where the "your history, kept forever" claim comes from. It isn't a marketing flourish; it's a property of the data shape.
What rollups don't give you is the ability to invent a new question after the fact. You can't ask "how many visits to /pricing from Berlin on Firefox in March came from a Hacker News referrer," because that combination wasn't pre-counted and there's no raw event left to query. This is a deliberate, honest trade-off: the rollup tier is for knowing what's happening, not for investigating why.
30-day raw event buffer — everyone gets it
Every account, free or paid, also has its detailed event stream kept for a rolling 30 days. On a free account that buffer is there but the UI to slice it isn't. On a paid account you get the filters, segments, and funnels that read from it directly.
The reason every account gets the buffer is upgrade-day experience. When a free user becomes a paying customer, we don't want them staring at an empty dashboard waiting for data to accumulate. The previous 30 days lights up immediately — every page, every referrer, every event, fully filterable. The buffer is what makes the upgrade decision low-friction: you're not buying a future product, you're unlocking the slice of your own past you can already see summarised.
Paid tier: extended raw retention + filtering UI
Paid accounts keep raw events well beyond 30 days (length tiered by plan) and unlock the dashboard's filtering, segmentation, and funnel views on top of that raw store. The economics here are the conventional privacy-analytics economics: storage scales with retention, query infrastructure scales with concurrency, and a monthly subscription covers it.
One ingest path, two stores. Free accounts read from the rollup store; paid accounts read from both.
The honest trade-off
We're naming this explicitly so it doesn't surprise anyone after sign-up: the free tier genuinely cannot filter. Not in a "we're holding it back" way — in a "there's no raw data behind the dashboard to filter" way. If you need ad-hoc filtering and you need it on your historical data, you need the paid tier.
What the free tier can do is answer the question most sites actually have, which is "what's working, and what changed." Top pages, top referrers, top sources, conversion counts on the goals you defined, custom event counts — all kept forever. For a large fraction of sites, that's the whole job.
04 The privacy model
The same data architecture that makes the free tier viable also keeps the privacy model simple.
We don't set cookies. We don't fingerprint. We don't have an account-level visitor ID that follows anyone between sites. Counting unique visitors uses a daily-rotating hash:
visitor_id = hash(daily_salt + domain + ip + user_agent)The salt rotates every 24 hours, site-local, and the previous day's salt is destroyed. After 24 hours, the same browser at the same IP on the same site produces a completely different identifier. There is no way to link a visit on Tuesday to a visit on Wednesday, and no way to link a visit on site-a.com to a visit on site-b.com.
We don't model sessions. We use a 24-hour visitor window (the Fathom approach, not the Plausible approach) — no 30-minute session-stitching, no inactivity timeouts, no session-state in our infrastructure. Simpler to operate, simpler to reason about, and structurally incapable of the cross-day correlations that a stateful session model permits.
The infrastructure is in Dublin, on bare-metal servers we own and operate. No US cloud provider sits in the data path. No third party sub-processor receives raw events. The hardware was paid for by StatCounter's existing business; serving the free tier doesn't depend on anyone else writing us a cheque.
What this means in practice. "GDPR-compliant" is the floor, not the ceiling. The product is structurally incapable of building a profile of a person across sites, across days, or across sessions — because there's nothing in the data store that would let it.
05 Why competitors won't follow
The natural question reading this is: if the architecture is straightforward and the cost is manageable, why hasn't anyone else done it?
Three reasons. None of them are technical.
Cannibalisation. Plausible's $9 plan and Fathom's $15 plan are bought, in large part, by indie developers and side projects who would happily downgrade to a free tier matching ours. Adding 500k-pageview free is, for those companies, a direct hit to the customer segment that pays them today. We don't have that constraint — StatCounter's revenue doesn't come from this segment, so there's nothing to cannibalise.
Architecture. Their paid product is built around filtering on stored raw events. Adding a rollup-only free tier means standing up a parallel, materially different pipeline — pre-aggregation, separate query path, a UI mode that hides filters — for users who, by definition, pay nothing. It's a real engineering investment with no near-term revenue, and "build a second pipeline to make a free tier work" is the kind of thing that loses arguments inside small companies.
Brand. Privacy analytics has spent a decade positioning itself as "fair pricing that supports independent software." Adding a "Free" column to a premium-positioned pricing page anchors every future prospect on free and quietly contradicts the existing narrative. We started without that narrative, so we can position differently without contradicting ourselves.
This isn't a taunt. It's a structural observation about why a category that could have a real free tier doesn't have one, and why we think it'll stay that way for a while.
06 What this enables
Concretely, what falls out of all of this:
- 500,000 pageviews a month, free, with no card and no trial countdown.
- Unlimited summary retention while your account is active. The dashboard you see today is the dashboard you see in 2031.
- A rolling 30-day detailed buffer on every account, so upgrading is instantly useful.
- EU-only infrastructure, on bare metal we own, with no US cloud in the path.
- A privacy model that's structurally — not just contractually — incapable of cross-site or cross-day tracking.
The pitch isn't complicated and we've tried not to dress it up. Privacy analytics has been pay-to-play for too long for a reason that's mostly economic rather than technical. We had the infrastructure, the experience, and an existing business that meant we didn't need a paid floor to make the numbers work. So we built the free tier we'd want, and we built the paid tier for the people who actually need to investigate.