Skip to content
☁️ HitKeep Cloud is coming! Join the Early Access waitlist →

HitKeep

Open Source · MIT Licensed · Self-Hosted

Sovereign Web Analytics.

Deploy on your servers, in your jurisdiction, under your security policy. HitKeep is a single auditable binary — no PostgreSQL, no Redis, no ClickHouse, no external service calls. Your traffic data never leaves your network.

✓ Cookie-Free✓ Air-Gap Ready✓ GDPR by Design✓ Zero Telemetry✓ WebAuthn + 2FA✓ MIT License
HitKeep analytics dashboard — traffic overview, geographic breakdown, goals, funnels, and UTM attribution in a single view

Full analytics dashboard. Your data, your server, your rules.

Not a SaaS. Not a Vendor.
Yours.

Most analytics tools are built around the assumption that sending your visitors’ data to a third-party cloud is acceptable. For government agencies, healthcare organizations, financial services firms, and security-conscious teams, it is not. HitKeep is built on the opposite assumption.

🏛️
Government Agencies

Deploy on classified or air-gapped networks. No outbound connections required. Full source code available under MIT license for security review and procurement processes.

🏥
Healthcare Organizations

Cookie-free tracking processes no personal identifiers. Data never leaves your HIPAA-compliant infrastructure. No third-party data processors to disclose.

🏦
Financial Services

Full data sovereignty. Export your complete analytics history in open formats (Parquet, JSON, CSV) at any time. No vendor lock-in. Audit your data pipeline end to end.

🔒
Enterprise IT & Security Teams

Single binary with minimal attack surface. RBAC across all sites. WebAuthn hardware key authentication. Kubernetes StatefulSet with PVC. Health and readiness probes.

Everything Needed.
Nothing Extra.

Conversion tracking, multi-step funnels, hardware-key authentication, and automated reports — all built in, all running on your server.

HitKeep goals and conversion tracking dashboardGoals & Conversion Tracking
HitKeep multi-step funnel analyticsMulti-Step Funnels
HitKeep two-factor authentication — TOTP and WebAuthn PasskeysTOTP & Passkeys (WebAuthn)
HitKeep email reports — weekly digest and per-site notificationsScheduled Email Reports

Compliant by Design,
Not by Configuration

🇪🇺
GDPR — Article 5

Cookie-free by default. No personal identifiers stored. No consent banner required under the ePrivacy Directive. Data minimization built in.

📡
Zero Telemetry

HitKeep makes no outbound network calls from the server process. Your traffic data, your user list, your analytics — none of it leaves your network unless you export it.

🗄️
Data Sovereignty

Choose your jurisdiction: on-premise on your own hardware, EU region (Frankfurt, strict GDPR), or US region. You decide where the data physically resides.

✈️
Air-Gap Deployable

A single binary with zero runtime dependencies. No package manager, no container registry pull, no external service calls. Runs in fully disconnected network environments.

🔑
WebAuthn / Passkeys

Hardware security key authentication (YubiKey, FIDO2) and platform authenticators (Face ID, Windows Hello). TOTP included as a second option. Not a paid add-on.

📂
Open Source Audit

Full source code under MIT license on GitHub. Audit the entire codebase. No proprietary binaries, no obfuscated code, no telemetry hidden in dependencies.

One Binary.
Everything Included.

01
Download

One binary (~80 MB). Runs on Linux, macOS, Windows, and ARM. No runtime, no package manager, no container required.

curl -L …/hitkeep-linux-amd64 -o hitkeep && chmod +x hitkeep
02
Configure

Set your domain and a JWT secret. No database provisioning. DuckDB and NSQ are embedded and start automatically.

./hitkeep -public-url=“https://analytics.example.com” -jwt-secret=”…“
03
Track & Own

Add a 2 KB cookie-free snippet to your site. Analytics flows into your embedded DuckDB database. Export any time, forever.

<script async src=“https://analytics.example.com/hk.js”&gt;&lt;/script>

Full Data Ownership

Your analytics live in hitkeep.db — one file on your server. Export everything in JSON, CSV, or Parquet. No retention limits. No vendor lock-in. Your data is always portable.

Zero External Dependencies

DuckDB and NSQ are embedded directly into the binary. No containers to orchestrate. No databases to provision. One process, one file to back up.

Goals, Funnels & UTM

Conversion goals (path or event-based), multi-step funnels, and UTM campaign attribution — all with fast timeseries rollups over DuckDB’s columnar storage.

Shareable Dashboards

Generate read-only share links for stakeholders, clients, or public dashboards. No account required to view. Revoke any time.

Email Reports

Scheduled digest emails and per-site reports. The built-in Report Worker dispatches over your SMTP server — no external cron jobs or queue services.

Cluster Ready

Start on a single $4 VPS. Scale to a Leader/Follower cluster with HashiCorp Memberlist gossip protocol. Health and readiness probes for Kubernetes.