Statio / Privacy-first web analytics
open source Active GitHub Website
PHP PostgreSQL Docker JavaScript
Statio

What it does

Statio is a privacy-first, multi-tenant web analytics backend. One pixel, no cookies on your visitors, no cross-site tracking, no cookie banner. Built for people who want the depth of Google Analytics without the weight or the surveillance.

Its real differentiator is paid-ad attribution. Marketers forget UTM tags; Statio auto-detects paid traffic from the click identifier every ad platform adds to the URL (gclid, fbclid, ttclid, msclkid, twclid, li_fat_id) and normalizes it to a clean platform code. Manual UTM always wins; click-ID fills the gap when it is missing.

Multi-tenant from day one. One container, many users, ACL-filtered data. Works for a single personal site or a small agency. Self-host on your own server with docker compose up, or use the hosted cloud at statio.click.

Results & Impact

Live at statio.click. Open source under MIT on GitHub. Three themes, zero colour literals -- every colour lives in one tokens.css. ~3k lines of PHP, one JS pixel, Postgres. No build step for the dashboard, no plugin system, no SaaS lock-in.

Bot scoring is done server-side, where a bot cannot lie about it. Client hints are suggestions, not verdicts -- a bot can fake its User-Agent, it cannot fake its request rate.

Key Features

  • No fingerprint storage. No canvas, WebGL, audio, or font enumeration. If it is ever added, the project is broken by definition.
  • Server-side bot scoring. Bots are scored from request patterns, not from what they claim to be.
  • Multi-tenant from day 1. One container, many users. ACL-filtered data. Works for a personal site or a small agency.
  • No cookies on visitors. Per-site visitor ID lives in localStorage on the tracked domain only. Nothing follows a user across sites.
  • Paid attribution without UTM. Auto-detects click IDs from Google Ads, Meta, TikTok, Bing, X, LinkedIn. Normalizes to a clean platform code.
  • E-commerce events vocabulary. add_to_cart, checkout_start, purchase, product_view. Auto-tracks phone/email/outbound/chat-widget clicks.
  • Three themes, zero literals. All colours in one tokens.css. Navy, mesh, light -- or fork and ship your own.
  • Small on purpose. ~3k lines of PHP, one JS pixel, Postgres. Docker-first.

How it works

A single JavaScript pixel posts events to the Statio backend. The backend deduplicates by per-site visitor ID (held in localStorage on the tracked domain), scores the request for bot likelihood, extracts the referrer and click ID, and writes to Postgres.

The dashboard reads from the same Postgres. Row-level access by site, enforced in the query layer. No build step -- the dashboard is plain PHP + CSS tokens + vanilla JS. Change a colour, change one token; the whole dashboard rethemes.

IPs are truncated to /24 before storage. User-Agent is kept per session for bot scoring. UTM and referrer are kept for source attribution. Nothing else.

Stack: PHP (backend + dashboard), PostgreSQL (storage), Docker (deployment), JavaScript (pixel + dashboard interactions).

Quick Start

git clone https://github.com/klymentiev/statio.git
cd statio
cp .env.example .env
docker compose up -d
# open http://localhost:8090

Add the pixel to your site:

<script async src="https://your-statio.example.com/t.js" data-site="YOUR_SITE_ID"></script>

That is the install. Dashboard is at the Statio root, events begin flowing within seconds.

Use Cases

For privacy-aware site owners. You want real analytics but you do not want to show a cookie banner, you do not want Google collecting your visitors, and you do not want to pay Plausible per 100k pageviews. Statio is the tool that sits exactly where those three constraints meet.

For marketers running paid ads. You need to know which ad platform, which campaign, which ad group, which keyword actually produced the sale. Statio attributes down to the click ID even when UTM tags are missing -- which is most of the time in practice.

For small agencies. Multi-tenant from the first container. One deployment, many client sites, ACL-filtered views. Run it yourself, charge what you want, keep the margins.

For ecommerce. Standard event vocabulary (add_to_cart, checkout_start, purchase) wired to the Recent visits feed, so the full path from click to purchase is visible inline. No JOINs, no custom reports -- just the sequence of what a person actually did.

View on GitHub Website

See Also

Mesh / Multi-Agent Server Memory
Search by meaning. Professional semantic server memory for your infrastructure and your agents. Notes, decisions, worklogs, all searchable by intent.
Mesh
open source Active
Doci / Versioned Documents System
Write documents in Markdown, track every version with git, discuss with AI threads. Simple, versioned, searchable.
Doci
private Active
Entis / Entities Storage
AI-powered service that categorizes and enriches real-world entities. Feed it a name or URL, get back a structured profile with connections and context.
EN
private Active
← All projects