Umami is a self-hosted web analytics tool designed for developers and privacy-conscious businesses seeking an alternative to Google Analytics. It provides real-time insights into website traffic—such as pageviews, sessions, and referrers—without tracking users across sites or storing personal data. Built to be GDPR compliant out of the box, Umami ensures data ownership remains with the user.
Built with TypeScript and Next.js, Umami uses PostgreSQL as its database and offers deployment options via Docker, Docker Compose, or direct Node.js installation. The platform includes a REST API, customizable dashboards, and integrations with modern web tracking standards, making it ideal for teams that need full control over their analytics infrastructure.
What You Get
- Privacy-First Tracking - No cookies, no fingerprinting, no personal data collection. All analytics are anonymized and GDPR compliant by default.
- Self-Hosted Data Ownership - Deploy on your own server or infrastructure; your analytics data never leaves your control.
- Lightweight Tracker Script - The tracking script is under 2KB, ensuring no measurable impact on page load performance.
- Custom Event Tracking - Track button clicks, form submissions, and custom interactions using data attributes or JavaScript calls (e.g.,
umami.track('button-click', { id: 'signup' })).
- Advanced Analytics Dashboards - View funnels, user journeys, retention analysis, cohort breakdowns, UTM campaign tracking, and goal conversions in real time.
- Session Replay & Analysis - Explore individual user sessions with detailed activity timelines without identifying personal information.
- Team Collaboration - Create teams, assign roles, and share website access with colleagues using role-based permissions.
- REST API Access - Programmatically retrieve all analytics data including websites, events, sessions, and metrics via a full-featured REST API.
- Multi-Platform Deployment - Deploy via Docker, Docker Compose, or direct Node.js installation with support for Vercel, Railway, and DigitalOcean.
Common Use Cases
- Running a privacy-compliant blog - A blogger uses Umami to track pageviews and referrers without violating GDPR or using third-party trackers.
- Product teams analyzing user behavior - A SaaS startup tracks feature usage via custom events and funnels to optimize onboarding without exposing user data.
- Agency reporting for clients - A digital agency deploys Umami on client websites to provide transparent, self-hosted analytics reports with no data sharing.
- Enterprise internal analytics - A company hosts Umami internally to monitor intranet or documentation site traffic while complying with strict data residency policies.
Under The Hood
Architecture
- Next.js App Router enforces strict separation between server and client components, with API routes isolated in dedicated handlers using Zod for validation and Prisma for type-safe data access
- Dependency injection is implemented via React context and custom hooks to eliminate prop drilling in complex UI hierarchies
- Prisma ORM serves as the single source of truth for database operations, with generated clients and automated migrations ensuring consistency across the stack
- Modular structure cleanly separates UI components, business logic, permissions, and API handlers into dedicated directories with clear boundaries
- Tracker scripts and geo data are built as standalone assets using Rollup, decoupling client-side analytics from the main application server
- Comprehensive TypeScript enforcement with custom type declarations and Prisma-generated types eliminates runtime data errors
Tech Stack
- Next.js 14 with TypeScript and Turbopack for server-side rendering and optimized build performance
- Prisma ORM with PostgreSQL and custom migration scripts for type-safe database interactions
- Rollup and tsup for bundling lightweight tracker scripts and component libraries with ES module support
- Docker-based deployment using multi-stage builds with Node.js Alpine for minimal runtime footprint
- Biome as the unified linter and formatter for TypeScript, JavaScript, and CSS with strict quality enforcement
- Cypress for end-to-end testing and Netlify integration for seamless cloud deployment
Code Quality
- Extensive test coverage for core utilities including number formatting, IP detection, and chart rendering with parameterized edge case validation
- Clean, modular code organization following Next.js conventions with clear separation of concerns across API routes, queries, hooks, and components
- Strong type safety enforced via TypeScript interfaces and Zod schemas to ensure consistency across API boundaries
- Consistent naming conventions with PascalCase for components, camelCase for functions, and explicit ‘use’ prefixes for hooks
- Centralized error handling utilities standardize HTTP responses and prevent unhandled exceptions
- Comprehensive type declarations for third-party modules and robust localization support via JSON language files
What Makes It Unique
- Native browser-based tracking script with zero dependencies and minimal footprint, avoiding third-party analytics bloat while maintaining accuracy
- Event-driven data pipeline that captures user behavior without cookies, using privacy-first fingerprinting and session-based identifiers
- Built-in funnel and cohort analysis directly in the UI, enabling conversion path visualization without external tools or complex queries
- Role-based team and website permissions with fine-grained access control for multi-property governance
- Fully self-hosted analytics platform with no data externalization, ensuring complete ownership and out-of-the-box GDPR/CCPA compliance
- Extensible dashboard system with customizable charts and real-time aggregation, designed for both non-technical users and enterprise needs