Trackless

Trackless measures your site’s traffic — and, on WooCommerce stores, your real revenue and margin — entirely server-side. No cookies, no JavaScript snippet, no consent banner slowing your pages down. You read the reports in your Trackless account dashboard.

How visitors are counted (privacy by design):

• The visitor key is a daily-rotating HMAC-SHA256 hash of IP + User-Agent + day, keyed with a secret salt that exists only on your server. It cannot be reversed and changes every day.
• The raw IP address is never stored and never transmitted — only a keyed hash.
• Global Privacy Control (the Sec-GPC browser signal) is honoured: opted-out visitors are not tracked at all.
• No data is written to the visitor’s browser — no cookies, no localStorage, no fingerprinting scripts.

What it measures:

• Visits and sessions with source / medium / campaign and a GA4-style channel group
• Page views and events: product view, category view, search, add to cart, cart, checkout, 404
• Device, browser, OS, country and language (one row per visitor per day)
• With WooCommerce: orders, revenue, refunds, payment and shipping methods, first-order flag, order attribution (WooCommerce 8.5+ Order Attribution), ordered items — including per-unit purchase cost for margin reporting if you store it (_wc_cog_cost, _alg_wc_cog_cost, _cost or the trackless_wholesale_price filter)

Events are collected into a small queue table in your own database and flushed once a day via WP-Cron (or manually with the “Send now” button). The delivery is HMAC-SHA256 signed and idempotent, so retries are safe.

WooCommerce is optional: on a plain WordPress site you get cookieless web analytics; with WooCommerce you also get the e-commerce metrics.

External service: Trackless (please read)

This plugin is a connector for Trackless (https://trackless.cz), a hosted analytics service. It is not a standalone statistics plugin — the reports live in your Trackless account, and the plugin sends data to the service’s ingest endpoint at https://trackless.cz/ingest.

When data is sent: only after you enter your API key and explicitly tick the Data Processing Agreement (DPA) consent checkbox in the plugin settings. Until you do both, the plugin collects and sends nothing.

What is sent (once a day, HMAC-signed):

• Anonymous traffic aggregates: hashed visitor identifiers (keyed HMAC, daily-rotating), hashed IPs, page URLs, referrers, UTM parameters and click IDs, device/browser/OS, country code, language
• With WooCommerce: order data including order ID, totals and refunds (amounts), currency, payment method, shipping method, order status, attribution, and line items with prices and (if configured) per-unit purchase costs
• Site metadata: site name, domain, timezone, currency, order statuses, product categories, carriers, payment gateway names

Terms and pricing: Trackless is a paid service with a 30-day free trial; you need a Trackless account and API key to use this plugin.

• Terms of Service: https://trackless.cz/en/obchodni-podminky
• Data Processing Agreement (DPA): https://trackless.cz/en/zpracovatelska-smlouva