Privacy-First Architecture

Narrowbeam is built from the ground up with privacy as the core principle. Learn how our architecture protects user privacy while delivering powerful analytics.

Core Privacy Principles

What We DON'T Collect

Understanding what's NOT collected is just as important as what is:

What We DO Collect

Narrowbeam collects only aggregate, non-personally-identifiable data:

• Page URLs: Which pages are viewed
• Referrers: Where traffic comes from (domain level)
• UTM Parameters: Campaign tracking codes
• Device Type: Mobile, Desktop, or Tablet (generic categories)
• Browser: Browser name and general version
• Operating System: OS name (no version details)
• Country: Geographic location at country level only
• Language: Browser language preference
• Custom Actions: Events you explicitly track

How Sessions Work

Traditional analytics use cookies to create persistent user IDs. Narrowbeam uses a completely different approach:

// Server-side session generation
input = origin + IP + userAgent + timeBucket
sessionId = SHA256(input)

// IP is ONLY used for hashing, never stored
// Session expires automatically after 4 hours

See Sessions and Session Generation for detailed explanations.

Privacy by Design Benefits

1. No Consent Required

Because Narrowbeam doesn't collect personal data or use cookies, GDPR consent is typically not required. Always consult your legal team, but most sites using only Narrowbeam can remove consent banners entirely.

2. Ad Blocker Friendly

Many ad blockers allow Narrowbeam because we don't track users, don't use third-party scripts, and don't share data. Get more accurate analytics data.

3. Faster Performance

No cookie reads/writes, no complex tracking scripts, no third-party requests. Just a tiny script that sends data directly to our servers.

4. User Trust

Respecting privacy builds trust with your visitors. They can browse your site knowing they're not being tracked or profiled.

Data Processing Flow

1. User visits page → Narrowbeam script loads
2. Script collects: URL, referrer, device, browser, etc.
3. Data sent to Narrowbeam servers
4. Server generates session ID (hashed, not stored IP)
5. Event stored in database
6. Dashboard queries aggregate statistics
7. Results shown to you (no individual user data)

Technical Safeguards

One-Way Hashing

Session IDs use SHA-256 hashing, which is mathematically irreversible. We cannot extract IP addresses from session IDs.

No Persistent Storage

IP addresses are used only during the request for session generation, then immediately discarded. They never touch our database.

Aggregate Queries Only

Dashboard queries always aggregate data. There's no interface to view individual events or "follow" a specific user.

4-Hour Expiration

Time buckets ensure sessions automatically expire. After 4 hours, a new session begins even for the same user.

Comparing to Alternatives

Privacy Guarantees

Related Documentation