Introduction

HitKeep is built on a single conviction: your analytics data belongs to you. Not a cloud vendor. Not an advertising company. You.

HitKeep dashboard overview

Most self-hosted analytics tools require you to manage a complex stack: a database server, a caching layer, a reverse proxy, and the application server.

HitKeep gives you that back.

It occupies the gap between simple log analyzers (GoAccess) and enterprise analytics stacks (Umami, Plausible) — without the operational complexity of either.

The Core Principles

1. Data Sovereignty

Your data lives in hitkeep.db on your server. No third party ever touches it. Configure retention per site. Export everything — any time, in open formats (JSON, CSV, Parquet). There is no lock-in.

2. Low Infrastructure Cost

HitKeep idles at ~45–64 MB RAM and consumes negligible CPU between requests. A single $6/month VPS comfortably handles multiple sites. Compare that to a typical self-hosted analytics stack that requires dedicated compute for a database server, a queue broker, and the application itself — each sized for peak load.

Running analytics on AWS, GCP, or Hetzner? Because HitKeep is one process, you size one instance. There is no separate database node to keep warm, no managed cache to pay for by the hour, and no egress charges for cross-service traffic. For teams running analytics on cloud infrastructure, this routinely cuts the analytics line item from double digits per month to single digits.

3. The “Single Binary” Philosophy

We believe self-hosting should be as simple as running a single command.

Ingestion: Requests hit the Go HTTP server.
Buffering: Events are published to an embedded NSQ topic in memory. This decouples the API from the database write speed.
Storage: An internal consumer writes to embedded DuckDB, a high-performance OLAP database.

Everything is compiled into one file — the database, the queue, and the HTTP server.

What’s Included

Analytics

Pageview tracking with a 2 KB cookie-less snippet
Traffic breakdown by country, device, browser, OS, and referrer
Goals — path-based and event-based conversion tracking
Funnels — multi-step conversion paths with drop-off analysis
UTM parameter attribution, automatically captured
Custom events from browser or server-side

Privacy & Compliance

Cookie-less by default — no consent banner required
Respects Do Not Track (DNT) headers
All data stored locally in hitkeep.db — no third-party transfers
Configurable data retention per site
Data takeout in JSON, CSV, or Parquet (GDPR Article 20)

Security

Two-factor authentication — TOTP (authenticator apps) and Passkeys (WebAuthn / hardware keys)
HTTP-only JWT cookies with configurable expiry
Strict rate limiting on auth, API, and ingest endpoints
IP exclusions to filter your own traffic and known bots

Access Control

Instance-level roles (Owner, Admin, Member)
Per-site permissions (Owner, Admin, Editor, Viewer)
API clients with bearer tokens for programmatic access
Shareable read-only dashboards for stakeholders

Operations

Email reports — scheduled digests and per-site summaries
Multi-node clustering via Memberlist (gossip protocol)
Health and readiness probes for orchestrators
Built-in OpenAPI documentation at /api/docs/v1

Cost Efficiency

~45–64 MB RAM at idle — runs alongside other workloads on a shared server
Single process means one instance to size, monitor, and pay for
No cross-service egress, no managed database node, no standby replicas
Fits comfortably on a $6/month VPS for multi-site deployments

Localization

Dashboard UI fully translated into English, German, Spanish, French, and Italian
Language preference stored server-side — follows you across devices
Instant language switching without a page reload
Community contributions welcome — add your language

Next Steps

About the Author

HitKeep is built and maintained by Pascale Beier.

Website: pascalebeier.de
Email: mail@pascalebeier.de

Feel free to reach out for consulting, support, or just to say hi!