What Palace Analytics collects on behalf of your website — and what we don't.
Last updated: April 2026
When a visitor loads a page on your site, our script records a fixed set of data points.
No raw IP addresses or User-Agent strings are ever stored — these are used transiently to derive the fields below and then discarded.
By default, Palace Analytics is fully anonymous. We do not use cookies, browser storage, or any persistent identifiers on visitor devices.
To count unique visitors, we generate a temporary identifier from a hash of the IP address and User-Agent combined with a rotating salt. The salt changes every 24 hours and is then permanently deleted, making it impossible to reconstruct or link visits across days.
All data is isolated to a single website, a single device, and a single day — there is no way to know whether the same person visits another site or returns on a different day.
By default, we do not collect names, email addresses, or any personally identifying information (PII) from your website visitors.
IP addresses are used transiently to derive location and generate the daily hash; they are never stored, logged, or accessible after that computation.
We do not build visitor profiles, track users across sessions, or share data with advertising networks.
You retain full ownership of all analytics data collected on your behalf. We obtain no rights to your website data.
Your historical data is stored indefinitely for as long as your account is active, and you may export or delete it at any time.
When you delete your account, all associated data is permanently and immediately deleted from our systems.
All data is stored and processed in the European Union on infrastructure meeting EU data protection standards. Data is encrypted in transit via HTTPS and secured at rest.
We do not sell your data. We share data only with a limited number of trusted subprocessors strictly necessary to operate the service, each bound by data protection agreements.