Introduction

Userbird's User Anonymization Algorithm

Privacy-First

Userbird is a web analytics platform designed to respect user's privacy, while simultaneously providing website owners enough information to make business decisions.

Userbird does not use cookies, device fingerprinting, or any other unethical tracking technology.

IP Addresses

Userbird does not store IP addresses or similar personally identifiable information.

Userbird uses IP addresses at our ingest edge in order to calculate:

  • Country
  • Anonymous Session ID

Limited Lifetime Session Identifier

Userbird uses an innovative anonymizing session identifier to maintain sessions.

Our algorithm is as follows:

session_id = slice(current_date_UTC + md5(current_date_UTC + ip_address), 32)

Example output: 20250403dcc05f2b68c4287040cfcf71

Every night at midnight UTC, the salt for the md5 hash changes, and the sessions are reset.

The md5 hash is irreversible and the IP address cannot be derived from it.

Data Collected

The data our ingest script collects are:

  • Limited lifetime session identifier
  • Timestamp of click
  • Querystring-normalized URL of page
  • Cloudflare Geo-IP Header (country, city)
  • UTM parameters, if provided
  • Ad network query, if provided.
  • Browser version
  • Viewport size
  • External link clicks
  • Viewport clicks x & y coordinates
  • Time on page

Data is transmitted in a single payload using beacon at the end of the page view.

Data is always anonymous and is designed to provide fully actionable analytics without compromising individual user privacy.

Servers and Data at Rest

  • We use Cloudflare Workers for ingest.
  • IP addresses are discarded at the Cloudflare edge.
  • No analytics data is stored at Cloudflare.
  • Analytics data is stored in your own dataset, in Google BigQuery and Google Cloud Storage, in the eu-west-1 (Belgium, European Union) region.
  • We use Fly.io for application servers, in Paris, European Union.
  • Static content and ingest is operated on Cloudflare.

About the UK and EU GDPR

  • The EU GDPR was incorporated into UK law under the European Union (Withdrawal) Act 2018, becoming the “UK GDPR”, which works alongside the Data Protection Act 2018.
  • Core principles, data subject rights, controller/processor obligations remain nearly identical.
  • The EU has granted the UK an adequacy decision, meaning EU–UK data transfers can continue without safeguards.
  • Conversely, the UK GDPR allows free data transfers to the EEA, treating those countries equivalently.

Frequently Asked Questions

Do you collect personally identifiable information about users?

No.

Userbird was designed with privacy in mind. We only collect anonymized, aggregated statistics.

Do you collect IP addresses?

No.

When data arrives at our edge, IP addresses are immediately hashed with an irreversible algorithm.

The seeds for algorithm are rotated at midnight UTC.

Where is data located?

We operate a global edge network through Cloudflare; users communicate with the servers closest to them.

Data is hashed at our edge, and then transmitted to our central database, which is located in the EU.

Does appending the date to the beginning affect privacy?

No.