Introduction

HitKeep is built on a single conviction: your analytics data belongs to you. Not a cloud vendor. Not an advertising company. You.

Try the live demo → — explore a real dashboard with sample data, no account needed.

HitKeep dashboard overview

Most self-hosted analytics tools require you to manage a complex stack: a database server, a caching layer, a reverse proxy, and the application server.

HitKeep gives you that back.

It occupies the gap between simple log analyzers (GoAccess) and enterprise analytics stacks (Umami, Plausible) — without the operational complexity of either.

The Core Principles

1. Data Sovereignty

Your data lives on your server under HitKeep’s data directory. In single-team installs that’s hitkeep.db; in multiteam installs it also includes tenant-local DuckDB files under tenants/*/hitkeep.db. No third party ever touches it. Configure retention per site. Export everything — any time, in open formats (JSON, CSV, Parquet). There is no lock-in.

2. Low Infrastructure Cost

HitKeep idles at ~45–64 MB RAM and consumes negligible CPU between requests. A single $6/month VPS comfortably handles multiple sites. Compare that to a typical self-hosted analytics stack that requires dedicated compute for a database server, a queue broker, and the application itself — each sized for peak load.

Running analytics on AWS, GCP, or Hetzner? Because HitKeep is one process, you size one instance. There is no separate database node to keep warm, no managed cache to pay for by the hour, and no egress charges for cross-service traffic. For teams running analytics on cloud infrastructure, this routinely cuts the analytics line item from double digits per month to single digits.

3. The “Single Binary” Philosophy

We believe self-hosting should be as simple as running a single command.

Ingestion: Requests hit the Go HTTP server.
Buffering: Events are published to an embedded NSQ topic in memory. This decouples the API from the database write speed.
Storage: An internal consumer writes to embedded DuckDB, a high-performance OLAP database.

Everything is compiled into one file — the database, the queue, and the HTTP server.

What’s Included

Analytics

Pageview tracking with a 2 KB cookie-less snippet
Traffic breakdown by country, language, device, browser, OS, and referrer
Dashboard page analysis with Top Pages, Landing Pages, and Exit Pages in one card-level toggle
Goals — path-based and event-based conversion tracking
Funnels — multi-step conversion paths with drop-off analysis
Ecommerce analytics — GA4-inspired revenue, product, and source reporting
AI visibility analytics — track AI crawler fetches and directional fetch-to-visit correlation
AI chatbot analytics — measure on-site chatbot conversations, handoffs, citations, and assisted conversions
UTM parameter attribution, automatically captured
Custom events from browser or server-side

On the dashboard, the pages card can be toggled between Top Pages, Landing Pages, and Exit Pages, so you can inspect where sessions begin and end without leaving the main overview. The audience card can be toggled between Countries and Languages, so you can switch between geographic and language breakdowns without adding more clutter to the same screen.

If AI systems are becoming part of how people discover your content or interact with your product, HitKeep also treats that as a first-class analytics surface: crawler fetches, later AI-referred visits, and on-site chatbot usage are intentionally kept separate so discovery, acquisition, and assistant performance do not blur into one generic metric.

Privacy & Compliance

Cookie-less by default, with device-storage implications still to assess under PECR / ePrivacy because the public tracker currently uses sessionStorage
Respects Do Not Track (DNT) headers
All data stored locally under HitKeep’s data directory — no third-party transfers
Configurable data retention per site
Data takeout in JSON, CSV, or Parquet (GDPR Article 20)
Compliance Overview for a deployment-specific compliance view

Security

Two-factor authentication — TOTP (authenticator apps) and Passkeys (WebAuthn / hardware keys)
HTTP-only JWT cookies with configurable expiry
Strict rate limiting on auth, API, and ingest endpoints
IP exclusions to filter your own traffic and known bots
Bot and spam filtering for Matomo-listed referrer spam and Spamhaus-listed abuse networks

Access Control

Instance-level roles (Owner, Admin, Member)
Per-site permissions (Owner, Admin, Editor, Viewer)
API clients with bearer tokens for programmatic access
Shareable read-only dashboards for stakeholders

Operations

Email reports — scheduled digests and per-site summaries
Multi-node clustering via Memberlist (gossip protocol)
Health and readiness probes for orchestrators
Built-in OpenAPI documentation at /api/docs/v1

Cost Efficiency

~45–64 MB RAM at idle — runs alongside other workloads on a shared server
Single process means one instance to size, monitor, and pay for
No cross-service egress, no managed database node, no standby replicas
Fits comfortably on a $6/month VPS for multi-site deployments

Localization

Dashboard UI fully translated into English, German, Spanish, French, and Italian
Language preference stored server-side — follows you across devices
Instant language switching without a page reload
Community contributions welcome — add your language

Next Steps

Install HitKeep
Configuration Reference
REST API Reference — includes cloud-tagged hosted-only endpoints under /api/cloud/*

About the Author

HitKeep is built and maintained by Pascale Beier.

Website: pascalebeier.de
Email: mail@pascalebeier.de

Feel free to reach out for consulting, support, or just to say hi!