Bedrock is first-party, privacy-first analytics. It does not identify people, set cookies, or track anyone across sites or across days. This page documents exactly what that means.
Bedrock sets no cookies and writes nothing to your browser's localStorage or sessionStorage for tracking. It does not read your timezone, fonts, canvas, battery, or installed plugins. Because it accesses no information stored on your device, it needs no consent banner under PECR / ePrivacy.
To count unique visitors within a single day, Bedrock computes an irreversible hash:
visitor_id = sha256( daily_salt + property_id + ip_address + user_agent )
The property_id is mixed in so the same person produces a different hash on every site — there is no cross-site tracking.
The daily_salt is a random value generated each day and hard-deleted after about 26 hours. Once it is gone, yesterday's hashes can never be reproduced or reversed — so a person cannot be re-identified from one day to the next. This is also why Bedrock does not offer returning-visitor, retention, or cohort metrics: they are impossible by design.
Country, region, and city are derived from your IP using a local database on our own server. Your IP address is never sent to a third-party geolocation service.
When your browser sends a GPC or DNT signal and a site has the option enabled, Bedrock records only an anonymous count with no visitor hash and no session linkage. We treat this as a trust feature; the legal basis for needing no consent is the absence of cookies and personal data.
Raw, short-lived events are pruned after a configurable window (90 days by default). Only anonymous, aggregated daily counts are kept long-term — and those never contain the visitor hash.