Umami

Umami

Umami is an open-source, privacy-focused web analytics tool designed as a simple alternative to Google Analytics. Scripts collect page views and custom events without cookies or cross-site tracking. All data is self-hosted and anonymized, making it inherently GDPR-compliant.

Back to Vendor Library

Overview

Umami is an open-source, privacy-focused web analytics tool designed as an alternative to Google Analytics. Its script collects page views and custom events without using cookies or performing cross-site tracking. All data can be self-hosted and is anonymized by default.

What This Script Does

  • Loads a lightweight tracking script that records page views and custom events
  • Collects page URL, referrer, browser type, OS, device type, and country (derived from IP, which is not stored)
  • Does not set any cookies or use local storage for visitor identification
  • Does not perform cross-site or cross-device tracking
  • Sends anonymized event data to the Umami instance (self-hosted or cloud)
  • Respects Do Not Track browser settings by default

Consent & Compliance

  • Category: Analytics
  • GDPR: Designed for GDPR compliance by default. No cookies, no personal data storage, no cross-site tracking. IP addresses are used only for country-level geolocation and are not stored. Can operate under legitimate interest.
  • CCPA: Does not collect, sell, or share personal information. Anonymized analytics data does not trigger CCPA obligations.
  • ePrivacy: Does not set cookies or access device storage. Exempt from the ePrivacy cookie consent requirement.

Should You Block This Without Consent?

No. Umami is specifically designed to be privacy-compliant by default. It does not use cookies, does not store personal data, and does not track users across sites. It can operate without consent under legitimate interest for website analytics.

Visit website

Consent Categories

Analytics

Also Known As

Umamiumami analyticscookie-free analyticsopen source analyticsprivacy analyticsGoogle Analytics alternativeself-hosted analytics

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (1)

cloud.umami.isAnalytics

Frequently Asked Questions

Does Umami analytics require cookie consent from visitors?

Generally no. Umami is designed for privacy compliance by default — it uses no cookies, stores no personal data, and performs no cross-site tracking. IP addresses are used only for country-level geolocation and are never stored. Under GDPR, Umami can typically operate under legitimate interest without requiring explicit consent.

What visitor data does the Umami tracking script collect?

Umami's lightweight script records page views and custom events, collecting page URL, referrer, browser type, operating system, device type, and country derived from IP. Crucially, IP addresses are not stored. No cookies or local storage are used for visitor identification, and no cross-site or cross-device tracking is performed.

How does ConsentStack categorize Umami analytics?

ConsentStack classifies Umami under the analytics category. Because Umami sets no cookies and collects no personal data, ConsentStack can be configured to allow it under legitimate interest without gating it behind a consent prompt. This makes Umami one of the few analytics tools that can run consent-free on most sites.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Analytics
Google Analytics
Google Analytics is the world's most widely deployed web analytics platform. Scripts track page views, sessions, user demographics, traffic sources, and conversion events. Drops cookies to identify returning visitors and attribute user journeys across sessions.
Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.

Manage consent for Umami

ConsentStack automatically detects and manages Umami trackers so your site stays compliant with global privacy regulations.

Get started free