DataFast logoDataFast
Best analytics tool I've used in 14 years

GDPR and cookieless tracking

DataFast offers two ways to run the web tracker:

Default script (/js/script.js)

  • Cookies: uses cookies for visitor identification (best accuracy).
  • Typical consent UI: you may need a cookie banner for the script, depending on law and setup.
  • Accuracy: highest, including long-term and multi-touch journeys.

Cookieless script (/js/script.cookieless.js)

  • Cookies: does not use cookies for visitor identification.
  • Typical consent UI: designed so you usually do not need a cookie banner for DataFast.
  • Accuracy: lower—see accuracy and attribution.

This guide focuses on the cookieless option for teams that prioritise avoiding cookie-based visitor IDs while still using DataFast.

How the cookieless script works

  • No cookies for assigning a stable visitor ID in the browser. DataFast does not rely on third-party cookies for this mode.
  • Session-only storage may be used in the browser for the current tab session (for example session continuity). It is cleared when the user closes the site session, unlike long-lived cookies.
  • Server-side pseudonymous visitor id: each visitor is represented by a hashed identifier derived from signals such as IP address, browser user-agent, your site domain, and a salt that rotates about every 24 hours (UTC). The same person browsing on different days is not linked as one long-lived profile across those days.
  • No cross-domain visitor linking in cookieless mode (privacy-first default).
  • Identify and stored payment identity features used in the default product are not applied in the same way for cookieless sites, so the product stays aligned with a stricter privacy posture.
Disclaimer: Laws vary by country and your role (controller vs processor). This page describes how DataFast’s cookieless script behaves technically. You remain responsible for your privacy policy, lawful basis, and any notices required for your site. For DataFast’s commitments as a processor, see the Data Processing Agreement.

Accuracy, revenue attribution, and long-term journeys

Cookieless mode is not “worse on purpose”—it reflects a real constraint: without a long-lived cookie (or equivalent), you cannot recognise the same browser weeks later the way you can with the default script.

Example: someone first visits your marketing site three months ago, again two weeks ago, and converts today. With the default script, DataFast can tie those visits to one visitor story where your product supports it. With the cookieless script, each calendar day (after the salt rotates) can look like a different visitor for identification purposes. A first touch from last quarter will not persist as the same visitor id months later.

That hits revenue attribution especially hard: DataFast’s strength is tying revenue to traffic sources. If you cannot keep a stable visitor key across long periods, multi-touch and delayed conversions will be attributed less completely than with the default script. Daily aggregates can still be meaningful; long-horizon “this campaign paid off after 30 days” stories are more limited.

This limitation is shared by essentially all cookieless analytics products—it is not unique to DataFast. If you need maximum attribution accuracy over long sales cycles, use the default script (and plan for cookie consent where required).

Enable or disable cookieless mode

  1. Open the dashboard and select your website.
  2. Go to SettingsGeneral (this is where you copy the tracking snippet).
  3. Enable Cookieless / privacy mode (no cookies on visitors) to use the cookieless script, or turn it off for the default script. The General tab shows the matching snippet—copy it again after you change the toggle.

Important: your live site must load the script that matches the toggle:

  • Cookieless on → use the cookieless script URL (see below).
  • Cookieless off → replace it with the default script (/js/script.js).

If you switch modes, update your site’s HTML or tag manager so the snippet always matches your setting.

How to get started (code examples)

Add the queue snippet once (so early calls are buffered), then load the script. Use your real data-website-id and data-domain from the dashboard.

Plain HTML

<script>
  window.datafast = window.datafast || function () {
    window.datafast.q = window.datafast.q || [];
    window.datafast.q.push(arguments);
  };
</script>
<script
  defer
  data-website-id="dfid_YourWebsiteId"
  data-domain="yourdomain.com"
  src="https://datafa.st/js/script.cookieless.js"
></script>

Next.js (App Router)

import Script from "next/script";

// In your root layout (e.g. app/layout.js)
<>
  <Script id="datafast-queue" strategy="beforeInteractive">
    {`window.datafast = window.datafast || function () {
      window.datafast.q = window.datafast.q || [];
      window.datafast.q.push(arguments);
    };`}
  </Script>
  <Script
    src="https://datafa.st/js/script.cookieless.js"
    data-website-id="dfid_YourWebsiteId"
    data-domain="yourdomain.com"
    strategy="afterInteractive"
  />
</>
If you proxy the script through your own domain, keep the same data-website-id and data-domain attributes; only the src URL changes.

GDPR: what you should still do

  • Keep a privacy notice that describes analytics if your jurisdiction requires it (even without cookies, some processing may still be personal data).
  • Honour access and deletion requests for data you control as a business.
  • Choose cookieless when you want to minimise cookie-based tracking and accept lower long-range attribution accuracy; choose the default script when you need maximum accuracy and can present a banner or lawful consent where required.
For how DataFast processes personal data on your behalf (processor role), see our Data Processing Agreement and Terms of Service.
Something missing? Suggest features ✍️