Introduction
HitKeep is privacy-first analytics for teams that want control over their data and reporting surface. Use it in managed EU/US cloud or run it yourself as one Go binary with governed access, clear export paths, and tracking that collects only what the dashboard needs.
Try the live demo → — explore a real dashboard with sample data, no account needed.
Most analytics choices force an early tradeoff: use a hosted ad-tech platform, or self-host a stack with several moving parts.
HitKeep keeps that decision smaller. Start in HitKeep Cloud when you want the fastest production pilot, or use the installation guide when infrastructure ownership is the reason you are evaluating HitKeep.
The Core Principles
Section titled “The Core Principles”1. Data Sovereignty
Section titled “1. Data Sovereignty”In self-hosted installs, your data lives under HitKeep’s data directory. In single-team installs that’s hitkeep.db; in multiteam installs it also includes tenant-local DuckDB files under tenants/*/hitkeep.db.
In HitKeep Cloud, workspace data lives in the region you choose at signup. The export model stays the same: JSON, CSV, and Parquet are available so your analytics history stays portable.
2. Low Infrastructure Cost
Section titled “2. Low Infrastructure Cost”HitKeep runs as one about-100 MB Linux binary with embedded DuckDB and NSQ. For memory use, see Facts and Limits instead of stale local sizing claims. Compare that to a typical self-hosted analytics stack that requires dedicated compute for a database server, a queue broker, and the application itself.
Running analytics on AWS, GCP, or Hetzner? Because HitKeep is one process, you size one instance. There is no separate database node to keep warm, no managed cache to pay for by the hour, and no egress charges for cross-service traffic. For teams running analytics on cloud infrastructure, this routinely cuts the analytics line item from double digits per month to single digits.
3. The “Single Binary” Philosophy
Section titled “3. The “Single Binary” Philosophy”We believe self-hosting should be as simple as running a single command.
- Ingestion: Requests hit the Go HTTP server.
- Buffering: Events are published to an embedded NSQ topic in memory. This decouples the API from the database write speed.
- Storage: An internal consumer writes to embedded DuckDB, a high-performance OLAP database.
Everything is compiled into one file: the database, the queue, and the HTTP server.
What’s Included
Section titled “What’s Included”Analytics
Section titled “Analytics”- Pageview tracking with a lightweight cookie-less snippet
- Traffic breakdown by country, language, device, browser, OS, and referrer
- Dashboard page analysis with Top Pages, Landing Pages, and Exit Pages in one card-level toggle
- Goals — path-based and event-based conversion tracking
- Funnels — multi-step conversion paths with drop-off analysis
- Ecommerce analytics — GA4-inspired revenue, product, and source reporting
- Opportunity recommendations — saved suggestions from deterministic detectors, with optional AI enrichment from cited evidence
- AI visibility analytics — track AI crawler fetches and directional fetch-to-visit correlation
- AI chatbot analytics — measure on-site chatbot conversations, handoffs, citations, and assisted conversions
- Automatic events — track
outbound_click,file_download, andform_submitfromhk.js - UTM parameter attribution, automatically captured
- Custom events from browser or server-side
On the dashboard, the pages card can be toggled between Top Pages, Landing Pages, and Exit Pages, so you can inspect where sessions begin and end without leaving the main overview. The audience card can be toggled between Countries and Languages, so you can switch between geographic and language breakdowns without adding more clutter to the same screen.
If AI systems are becoming part of how people discover your content or interact with your product, HitKeep also treats that as a first-class analytics surface: crawler fetches, later AI-referred visits, and on-site chatbot usage are intentionally kept separate so discovery, acquisition, and assistant performance do not blur into one generic metric.
Privacy & Compliance
Section titled “Privacy & Compliance”- Cookie-less by default, with device-storage implications still to assess under PECR / ePrivacy because the public tracker uses
sessionStoragefor only the opaque session ID and timestamp - Respects Do Not Track (DNT) headers
- Self-hosted data stored locally under HitKeep’s data directory; cloud data stored in the selected hosting region
- Configurable data retention per site
- Data takeout in JSON, CSV, or Parquet (GDPR Article 20)
- Compliance Overview for a deployment-specific compliance view
Security
Section titled “Security”- Two-factor authentication — TOTP (authenticator apps) and Passkeys (WebAuthn / hardware keys)
- HTTP-only JWT cookies with configurable expiry
- Strict rate limiting on auth, API, and ingest endpoints
- IP exclusions to filter your own traffic and known bots
- Bot and spam filtering for Matomo-listed referrer spam and Spamhaus-listed abuse networks
Access Control
Section titled “Access Control”- Instance-level roles (Owner, Admin, Member)
- Per-site permissions (Owner, Admin, Editor, Viewer)
- API clients with bearer tokens for programmatic access
- Optional MCP server for read-only aggregate analytics and docs tools over scoped API client tokens
- Shareable read-only dashboards for stakeholders
Operations
Section titled “Operations”- Email reports — scheduled digests and per-site summaries
- System Status and Settings — runtime health, storage, cache status, backups, spam database freshness, mail tests, and instance audit logs
- Multi-node clustering via Memberlist (gossip protocol)
- Health and readiness probes for orchestrators
- Built-in OpenAPI documentation at
/api/docs/v1 - First-party WordPress integration that installs the normal tracker and exposes automatic event controls
Cost Efficiency
Section titled “Cost Efficiency”- About 100 MB Linux release binary, with memory use covered in Facts and Limits
- Single process means one instance to size, monitor, and pay for
- No cross-service egress, no managed database node, no standby replicas
- Fits comfortably on a $6/month VPS for multi-site deployments
Localization
Section titled “Localization”- Dashboard UI fully translated into English, German, Spanish, French, Italian, and Dutch
- Language preference stored server-side — follows you across devices
- Instant language switching without a page reload
- Community contributions welcome — add your language
Next Steps
Section titled “Next Steps”- Start with HitKeep Cloud
- Choose a use case
- Install HitKeep yourself
- Automatic Events
- Official MCP Server
- Configuration Reference
- REST API Reference — includes cloud-tagged hosted-only endpoints under
/api/cloud/*
About the Author
Section titled “About the Author”HitKeep is built and maintained by Pascale Beier.
- Website: pascalebeier.de
- Email: mail@pascalebeier.de
Feel free to reach out for consulting, support, or just to say hi!