Aller au contenu
Démarrer avec HitKeep Cloud

Digital Sovereignty for Web Analytics

Ce contenu n’est pas encore disponible dans votre langue.

HitKeep is designed and developed in Recklinghausen, Germany by an independent developer. The codebase, dashboard, tracker, and documentation are maintained from Germany.

This is not a marketing label. It is an architectural decision with legal consequences:

  • HitKeep Cloud EU runs in Frankfurt, Germany on AWS infrastructure in the EU region.
  • Workspace analytics data and backups are stored in the chosen cloud region for the managed service. Your own SMTP, CDN, support, payment, or infrastructure choices still need a separate transfer review.
  • HitKeep Cloud uses AWS as infrastructure provider for the managed service. See the Privacy Policy for current subprocessor details.
  • The self-hosted binary has no telemetry, license checks, or CDN dependency. Optional integrations such as favicon lookup, SMTP, S3 backups, and any proxy/CDN you add can create outbound traffic.

After the Schrems II ruling invalidated the EU-US Privacy Shield, analytics data flows through US or global infrastructure need careful GDPR transfer analysis. Many hosted analytics stacks depend on vendor-controlled infrastructure, CDNs, or subprocessors that the customer cannot fully choose.

HitKeep takes the opposite approach:

Aspect HitKeep (Self-Hosted) HitKeep Cloud EU Typical SaaS Analytics
Data location Your server Frankfurt, DE US / global CDN
Subprocessors None AWS (EU region) Multiple (US, global)
Outbound calls None for core analytics; optional integrations can add calls Managed service dependencies Tracking pixels, CDNs
Control model Your infrastructure German operator, EU-region hosting Vendor-controlled
Source code MIT, fully auditable Same binary Proprietary

For Public Sector and Regulated Industries

Section titled “For Public Sector and Regulated Industries”

German and European public sector organizations, healthcare providers, and financial institutions face strict requirements around data sovereignty:

  • BSI IT-Grundschutz — HitKeep’s single-binary architecture reduces the number of services you need to review and operate.
  • GDPR Art. 44-49 — Self-hosting or EU Cloud can reduce transfer complexity, but your full deployment and vendor choices still determine the legal analysis.
  • Restricted-network deployment — The self-hosted binary can run without outbound internet access for core analytics when optional outbound features are disabled.

Use this checklist before approving a deployment:

  1. Choose self-hosted, HitKeep Cloud EU, or HitKeep Cloud US.
  2. Document where the HitKeep data directory, backups, and retention archives live.
  3. Decide whether optional outbound features are enabled: SMTP, S3 backups, favicon lookup, AI providers, or external proxies.
  4. Confirm whether a CDN, reverse proxy, or load balancer adds its own logs or subprocessors.
  5. Decide who can access the dashboard, API clients, exports, and MCP analytics tools.
  6. Record the region and subprocessor position in your privacy documentation.

For self-hosted restricted networks, the core analytics path can stay inside your infrastructure. For managed cloud, region choice and the current privacy policy become part of the review.

HitKeep is released under the MIT License. The complete source code is available on GitHub. You can:

  • Audit every line of code before deployment
  • Build the binary from source on your own infrastructure
  • Fork and modify for internal use
  • Verify that no telemetry or tracking is present

Sovereignty depends on how you deploy and govern the system. HitKeep gives you source access, self-hosting, and region choice so that review starts from concrete infrastructure facts.


Ready to deploy sovereign analytics?