Self-Hosted Control
Run HitKeep on-prem, on a low-cost VPS, or inside regulated environments. You keep direct control over data residency, backups, updates, and infrastructure policy.
Open Source · Managed Cloud · Self-Hosted · Governed MCP
Open-source sovereign web analytics you can run yourself.
HitKeep is privacy-first web analytics you can self-host as a single binary or run in managed EU/US cloud. It is cookie-free by default, keeps analytics portable with open exports, and can expose read-only MCP access through scoped tokens.
Single binaryZero external dependenciesCookie-free by defaultAutomatic eventsSearch Console importRestricted-network friendlyWebAuthn + 2FARead-only MCP for approved assistantsEU / US cloud regions
The main dashboard stays compact while still covering automatic events, goals, funnels, AI visibility, Search Console query data, audience context, and traffic trends in one place. Click around. It is a real product, not a mockup.
What HitKeep Is
Open-source analytics with dashboards, exports, and governed access.
HitKeep is open-source web analytics software you can self-host as one binary or run in managed EU/US cloud. It tracks pageviews, events, goals, funnels, ecommerce, AI crawler fetches, AI-referred visits, Google Search Console aggregates, and aggregate analytics for approved assistants. Tracking is cookie-free by default, and data can be exported in open formats.
Deployment Choice
Your Analytics. Your Deployment Model.
HitKeep is not SaaS-only. Run it on your own infrastructure when you need full operational control, or let us run the same product for you in managed EU or US regions when you want less operational overhead. The ownership model stays the same either way.
Managed Cloud Option
Use HitKeep Cloud when you want the same product without handling updates, backups, patching, or day-to-day operations yourself.
Open Exports, No Lock-In
Export your analytics history in JSON, CSV, or Parquet. Keep your data portable whether you self-host, migrate, or move between environments.
Security-First Access
Keep the operational model flexible without compromising on hardware-key authentication, team isolation, and infrastructure-level auditability.
Features
Everything Needed. Nothing Extra.
HitKeep focuses on the reporting and controls engineering teams actually need: automatic interaction coverage, conversions, traffic diagnostics, Search Console query data, AI visibility, security, and recurring reports without bolting on more infrastructure.
Conversions without plugin sprawl
Track goals, compare periods, and understand attribution from one dashboard instead of stitching together separate analytics and reporting tools.
Automatic events from the default tracker
Record outbound clicks, file downloads, and form submissions through hk.js without adding a second event pipeline or storing form contents.
Funnels and user flow context
See where traffic converts, where it drops off, and how landing pages perform without shipping your data to an external event pipeline.
Modern visibility signals built in
Track AI visibility and chatbot traffic alongside normal web analytics so teams can monitor how discovery is shifting without adopting a separate observability stack.
Search Console data beside site analytics
Import finalized Search Analytics rows from Google Search Console and review query, page, country, and device performance inside authenticated HitKeep dashboards.
Reports that do not depend on third parties
Built-in email digests and shareable dashboards keep stakeholders informed without external queue services, third-party cron infrastructure, or another reporting layer.
Governed access for internal tools
Scoped API clients and the optional MCP analytics server let approved assistants and reporting jobs query aggregate analytics without dashboard cookies or write access.
Use Cases
Start from the reporting problem.
HitKeep works best when the deployment choice follows the job: privacy-first reporting, cloud evaluation, self-hosting, WordPress tracking, AI visibility, MCP access, or conversion analytics.
Open-source privacy-first web analytics
Cookie-free default tracking, DNT support, retention controls, and exports for teams reducing ad-tech analytics exposure.
EU or US cloud analytics
Managed hosting with explicit region choice, backups, mail delivery, and the same core analytics surface as self-hosted.
Single-binary self-hosted analytics
Run analytics as one Go process with embedded DuckDB and NSQ instead of operating a separate analytics stack.
WordPress analytics
Install the first-party plugin and track pageviews, outbound clicks, downloads, and form submissions.
Cookieless event tracking
Measure outbound clicks, downloads, forms, custom events, goals, funnels, and ecommerce activity without analytics cookies.
Analytics for AI assistants
Use governed read-only MCP access when approved assistants need aggregate traffic, event, ecommerce, AI visibility, and Search Console answers.
Ecommerce and conversions
Use goals, funnels, ecommerce events, automatic events, UTM attribution, and reports in one place.
Compliance
Privacy Defaults. Clear About Trade-Offs.
HitKeep is built for privacy-conscious teams, but it does not pretend compliance is automatic. The product gives you sane defaults, infrastructure control, and documented boundaries so your legal and operational decisions stay explicit.
Cookie-free by default
Default tracking avoids cookies and unnecessary personal identifiers, helping teams reduce implementation overhead for privacy-first analytics.
Zero telemetry from the server process
HitKeep does not phone home. Traffic data, user accounts, and reporting data stay under your control unless you export it.
EU / US region choice or full self-hosting
Choose your jurisdiction based on your requirements instead of accepting a vendor-defined default region.
Controlled-network friendly
A single binary with no external services required for core analytics is easier to review, deploy, and operate inside tightly controlled environments.
WebAuthn, passkeys, and team controls
Security controls are part of the product instead of a paid upgrade, which keeps the deployment model aligned with the access model.
Open source auditability
The full codebase is MIT licensed, so procurement, security, and engineering teams can inspect what actually runs in production.
Architecture
One Binary. Everything Included.
The installation story should look as simple as the architecture actually is. One binary, embedded DuckDB and NSQ, and no external database or queue to provision before you can get value out of the product.
01
Download
One Linux binary for amd64 and arm64. No runtime. No package manager. No container required.
curl -L .../hitkeep-linux-amd64 -o hitkeep && chmod +x hitkeep02
Configure
Point HitKeep at your public URL and set a JWT secret. DuckDB and NSQ are already embedded, so there is no separate service provisioning step.
./hitkeep -public-url="https://analytics.example.com" -jwt-secret="..."03
Track and own the data
Add the lightweight tracking snippet, then keep analytics, retention, and exports under your own control from day one.
<script async src="https://analytics.example.com/hk.js"></script>Why HitKeep
Built Different. On Purpose.
HitKeep is opinionated about what a modern analytics stack should avoid: unnecessary infrastructure, hidden lock-in, and privacy features sold as enterprise upsells.
DuckDB and NSQ are embedded directly into the binary, so installation and operations stay compact from day one.
Your analytics live in a file you control. Export everything in open formats whenever you need to migrate, audit, or archive.
Track Search Console aggregates, crawler fetches, AI-referred visits, goals, funnels, and ecommerce outcomes without layering on separate analytics infrastructure.
Keep stakeholders informed with built-in reports instead of outsourcing the reporting layer.
Start on your own infrastructure, then choose managed cloud if you want the same product without managing updates, backups, and uptime yourself.
Passkeys, WebAuthn, RBAC, API clients, team controls, and optional read-only MCP access share the same permission model.
Human dashboards, Search Console imports, scheduled reports, REST API access, read-only MCP, and open exports all resolve through HitKeep’s site and team permissions.
Ready to own your analytics?
Start in managed cloud, or self-host the same product on infrastructure you control.