Swetrix

Privacy-first, cookieless web analytics with error tracking, session replays, and performance monitoring — self-host or use Cloud.

1.1Kstars
61forks
GNU AGPLv3
TypeScript

Swetrix is an open-source, GDPR-compliant web analytics platform that replaces Google Analytics without using cookies, consent banners, or cross-device tracking. It captures pageviews, traffic sources, user sessions, UTM campaigns, funnels, and geolocation — anonymising all data server-side and storing it entirely on infrastructure you control.

Beyond traffic stats, Swetrix bundles error tracking, real-user performance monitoring (TTFB, DNS, TLS, render times), and session replays into the same product. Custom events and goals let you track conversions, sales, and any key user action with your own semantics, while feature flags and A/B experiments (Cloud) let you ship and test incrementally.

The backend is a NestJS monorepo with two editions — a Cloud build with the full feature set and a Community Edition (CE) for self-hosters — both sharing the same core analytics engine backed by ClickHouse for event storage and MySQL for relational data. The lightweight JavaScript tracker (~5 KB) integrates with over 20 frameworks including Next.js, WordPress, and Shopify via official packages.

Swetrix has been bootstrapped and open-source since 2021, hosted on Hetzner in Germany, and funded entirely by cloud subscriptions. The self-hosted CE ships the same core analytics pipeline as the cloud offering, with premium features like session replays, revenue analytics, and AI-powered data queries reserved for the managed tier.

What You Get

  • Cookieless Traffic Analytics - Tracks pageviews, unique visitors, bounce rate, session duration, geolocation, and device data without cookies or localStorage, so no consent banner is needed.
  • Custom Events and Conversion Goals - Define and track any user action with custom event names and properties, then tie them to conversion goals to measure how many visitors complete key steps.
  • Session Replays - Record and replay full user sessions using rrweb to see exactly where visitors get stuck, rage-click, or abandon (Cloud edition; self-hosted CE receives this feature on a delayed release schedule).
  • Real-User Performance Monitoring - Capture TTFB, DNS resolution time, TLS handshake duration, and full page render time from actual visitor sessions to identify slow pages in production.
  • Error Tracking - Automatically capture and aggregate client-side JavaScript errors with browser, device, page URL, and stack trace details — no separate error monitoring tool required.
  • Funnels and User Flow Visualization - Build multi-step funnels to see drop-off rates across signup, checkout, or onboarding sequences, and visualise session-level navigation paths using an integrated Sankey chart.
  • Feature Flags and A/B Experiments - Roll out features to a percentage of users and run controlled experiments to measure conversion impact without a separate experimentation platform (Cloud).
  • Self-Hosting with Docker Compose - Deploy the full stack — NestJS API, MySQL, ClickHouse, Redis, and nginx reverse proxy — on your own servers using the provided compose files and migration scripts.
  • Privacy-First CAPTCHA - Protect forms using a Proof-of-Work mechanism that requires computational effort from bots without showing users image puzzles or harvesting behavioral data.
  • Developer API and CSV Export - Access all analytics data programmatically via the Statistics API or export it to CSV for external analysis and data portability.

Common Use Cases

  • GDPR-compliant analytics without a cookie banner - A SaaS startup deploys Swetrix on their marketing site to track traffic and conversion goals without triggering cookie consent requirements across EU visitors.
  • Self-hosted analytics for data residency compliance - A healthcare company runs Swetrix CE on their own EU servers so that visitor data never leaves their infrastructure, satisfying strict data residency policies.
  • Debugging production JavaScript errors - A frontend team uses Swetrix error tracking to aggregate client-side exceptions by browser and device, identifying a Safari-specific regression before it affects the majority of users.
  • Optimising a checkout funnel - An e-commerce operator builds a funnel from product page to order confirmation, identifies a 60% drop-off at the payment step, and uses session replays to watch exactly where users abandon.
  • Tracking custom events in a web app - A product team fires SIGNUP, UPGRADE, and FEATURE_USED events from their React app, then queries them in real time to monitor trial-to-paid conversion rates without a dedicated product analytics tool.

Under The Hood

Architecture Swetrix is structured as a NestJS monorepo containing two parallel API applications — a Cloud edition with the full feature set and a Community Edition that ships the core analytics pipeline. Each edition follows NestJS module boundaries, with every domain (analytics, auth, user, project, goal, feature-flag, experiment, session replay) living in its own module with a controller-service split. Data flows from an Express-compatible HTTP layer through NestJS controllers into services that route writes to ClickHouse for event-level analytics and MySQL via TypeORM for relational account and configuration data. WebSocket gateways handle real-time heartbeat tracking. The dual-database architecture is a deliberate design choice that matches ClickHouse’s columnar OLAP strengths against the relational needs of user management, enabling analytics queries that scan billions of events without affecting transactional throughput.

Tech Stack Node.js 22 powers the backend through NestJS with TypeORM for MySQL and the official ClickHouse client for time-series storage, with Redis via IORedis for unique session deduplication and caching. The web frontend is a React Router v7 application in framework mode using server-side rendering, Tailwind CSS v4, billboard.js for real-time charts, D3 for geolocation map rendering, and @nivo/sankey for user flow diagrams. Tracker packages are published as independent TypeScript modules on npm — the browser tracker integrates rrweb dynamically for session recording, and a Node.js server-side tracker handles backend event collection. GitHub Actions runs comprehensive CI jobs covering TypeScript compilation, ESLint, Prettier, and Knip dead-code detection across backend, web, tracker, and captcha packages. Docker Compose is the canonical self-hosting deployment target.

Code Quality Test coverage exists in the tracker-js package, where extensive Jest tests with JSDOM cover pageview tracking, custom events, session replay lifecycle, experiment APIs, and error capture — using clean Arrange-Act-Assert patterns and mock class injection. The backend services, which contain the most complex logic including the ClickHouse ingestion pipeline and bot detection system, lack automated test files entirely. CI compensates with strict TypeScript compilation, ESLint enforcement, Prettier formatting checks, and Knip dead-code validation on every pull request. Error handling across the backend uses typed NestJS HTTP exceptions consistently, and Sentry is integrated for production error monitoring. The codebase applies class-validator DTOs for all inbound API data, providing a strong validation boundary at the HTTP layer.

What Makes It Unique Swetrix’s most distinctive technical characteristic is its dual-database event pipeline: raw analytics events go into ClickHouse for sub-second columnar aggregation across millions of rows, while relational user and project data lives in MySQL — a separation that keeps analytics queries from competing with transactional operations and eliminates sampling at scale. The cookieless session model uses a salted SHA-256 hash of non-identifying signals regenerated on a rotating schedule, maintaining session continuity for legitimate users while making cross-session profiling computationally irreversible. The bot detection pipeline layers user-agent matching, headless browser pattern detection, suspicious header analysis, probe path filtering, and optional datacenter IP range blocking — configurable per project at multiple sensitivity levels. The self-hosted CAPTCHA uses a Proof-of-Work mechanism rather than image recognition, eliminating the privacy cost of traditional CAPTCHA solutions while remaining effective against automated submissions.

Self-Hosting

Swetrix is released under the GNU Affero General Public License v3.0 (AGPLv3). This means you can use it, modify it, and self-host it for commercial purposes without paying a license fee, but if you distribute a modified version or run it as a network service for others, you must release your modifications under the same AGPLv3 terms. For an internal deployment serving your own organisation, the copyleft requirement does not extend to your proprietary application code — only to changes you make to Swetrix itself.

Running the Community Edition requires orchestrating five services: the NestJS API, MySQL, ClickHouse, Redis, and an nginx reverse proxy. Docker Compose files and migration scripts are provided, but each version upgrade requires running database migration commands manually before restarting the stack. You are responsible for backups of both the MySQL relational data and the ClickHouse analytics data, for configuring TLS termination, and for capacity planning as event volume grows — ClickHouse is horizontally scalable but requires operational expertise to tune at high ingest rates. The CE release schedule is periodic and trails the cloud version, so the newest features arrive later.

The Cloud edition eliminates all infrastructure management and adds capabilities not available in CE: session replays, revenue and MRR analytics, AI-powered natural language queries over your data, advanced alert channels (Slack, Telegram, Discord, webhook, web push), weekly and monthly email reports, premium GeoIP databases with ISP and connection-type breakdowns, and continuous deployment of new features as they ship. Support for CE users is community-driven via Discord; cloud subscribers receive direct support from the team. Pricing starts at /month, and subscription revenue directly funds open-source development — making the cloud tier both a convenience purchase and a way to sustain the project.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search