Satsu
Web analytics that shows every interaction and every live visitor — without cookies, a consent banner, or the noise.
// THE PROBLEM
I wanted analytics for my own projects and hated the options: cookie banners, GDPR overhead, dashboards buried in noise. So I built Satsu — open to anyone, register and go. It tracks every interaction and every live visitor in real time, with nothing to consent to. An independent developer later deployed the Satsu script inside two Indonesian government projects; the rest is under NDA.
// WHAT I BUILT
Cookieless tracking that derives a per-day visitor identity server-side — no client cookie, no persistent ID, nothing to consent to.
Dual-channel ingestion: a fire-and-forget REST endpoint for pageviews and a WebSocket channel for the live-visitor feed, on one server, no message queue.
Real-time dashboard — live visitors, top paths, referrers, device and geo breakdowns — querying the raw event store directly.
Multi-site, multi-tenant accounts with per-site monthly quota enforced by an O(1) counter upsert instead of COUNT(*) scans.
A tracking script that follows SPA navigation by intercepting the History API, and drops bots before a single event is stored.
// THE INTERESTING PART
Satsu identifies a visitor without ever setting a cookie. The backend derives a daily session id as sha256(siteId | masked-IP | user-agent | date | salt), truncated to 16 hex chars. The date is part of the hash, so the id rotates at midnight UTC — the same person tomorrow is a new, unlinkable session. That single design choice is what removes the cookie, the persistent identifier, and the consent banner all at once.
// IN THE PRODUCT
// OUTCOME
Live in production as an owned product, open for public registration. Deployed by a third-party developer into two Southeast Asian government projects (under NDA); runs at roughly 620k–1M tracked events per month.