Cookieless analytics, explained without the legal jargon
How Slab measures real usage without cookies, consent banners, or a meeting with your DPO.
“Cookieless” gets thrown around a lot. Here’s what it actually means in Slab, in plain language.
What we don’t do
We don’t drop a cookie. We don’t fingerprint your device. We don’t try to follow you across other websites. There’s no profile of “you” being built and sold.
What we do instead
When someone visits your product, Slab records the event — “page viewed”, “signed up”, “upgraded” — along with coarse, non-identifying context like country and device type. IP addresses are truncated before they’re ever stored, so we keep enough to know “someone in Germany on mobile” and nothing more.
To count returning visitors without a cookie, we use a daily-rotating, salted hash that can’t be reversed and resets every 24 hours. Good enough to measure retention. Useless for tracking a person.
Why this matters for you
Because there’s no personal data and no cross-site tracking, in most jurisdictions you can run Slab without a consent banner. That’s not legal advice — talk to your own counsel — but it’s the whole reason we built it this way.
Fewer banners, faster pages, happier users, calmer lawyers.
The trade-off
You give up creepy individual-level tracking. For 95% of teams, that was never the point. You wanted to know if the product is working. You still can.