Umami
Privacy-first web analytics that respects your users — self-hosted, cookieless, and GDPR compliant out of the box.
Umami is an open-source, privacy-focused web analytics platform built as a modern alternative to Google Analytics, Mixpanel, and Amplitude. It collects no personal data, sets no cookies, and anonymizes all visitor information — making GDPR, CCPA, and PECR compliance a default rather than an afterthought. Operators retain complete ownership of their data because everything runs on infrastructure they control.
Now at version 3.1.0, Umami has matured into a full-featured analytics suite. Beyond basic pageview tracking, it supports custom event tracking, funnel analysis, user journey mapping, cohort retention, UTM attribution, revenue tracking, real-time dashboards, and session replay. A lightweight tracking script under 2KB means zero measurable impact on site performance. An optional ClickHouse backend enables high-volume deployments handling billions of events.
The platform is built on Next.js 16 with React 19, Prisma ORM, and PostgreSQL as the default database. Deployment is straightforward via Docker Compose — the official image bundles everything needed to be running in minutes. For teams, Umami supports multiple users, role-based permissions, shared workspaces, and a full REST API for programmatic access to all analytics data.
What You Get
- Cookieless Privacy Tracking - Collects pageviews, sessions, and custom events using anonymized, non-personal identifiers that comply with GDPR, CCPA, and PECR without requiring consent banners.
- Lightweight 2KB Tracking Script - The tracker script built with Rollup is under 2KB compressed, avoiding any measurable performance impact on the sites it instruments.
- Custom Event Tracking - Track user interactions — button clicks, form submissions, purchases — via
data-umami-eventHTML attributes or theumami.track()JavaScript API with optional payload data. - Funnel & Journey Analysis - Visualize multi-step conversion paths and user journeys natively in the dashboard without configuring external tools or writing custom queries.
- Cohort & Retention Analysis - Measure how visitor cohorts return over time with built-in retention reports segmented by acquisition date.
- Revenue Tracking - Track e-commerce revenue events and view aggregated revenue metrics, session-level breakdowns, and trend charts alongside traffic data.
- Session Replay - Review individual user sessions as activity timelines powered by rrweb — capturing interactions without recording personal identifying information.
- Customizable Boards - Build drag-and-drop dashboards with widgets for different metrics, websites, and date ranges, shareable with team members or publicly.
- ClickHouse & Kafka Support - Optionally route event ingestion through Kafka and store data in ClickHouse for deployments requiring sub-second queries over billions of events.
- Full REST API - Retrieve all analytics data programmatically — websites, sessions, events, metrics, and reports — via a complete authenticated REST API.
Common Use Cases
- Privacy-compliant SaaS product analytics - A startup team tracks feature adoption, onboarding funnels, and user journeys in their web app without sending behavioral data to third-party services.
- Content publisher audience insights - A media site operator monitors article engagement, referrer sources, and reader retention across multiple properties from a single self-hosted Umami instance.
- Agency multi-site reporting - A digital agency deploys one Umami instance, adds each client website, creates per-client team workspaces, and delivers analytics dashboards without data co-mingling.
- Enterprise intranet traffic analysis - An organization tracks usage of internal documentation or intranet portals with strict data residency requirements that prohibit sending data to external services.
- E-commerce conversion optimization - An online store uses Umami’s funnel reports and revenue tracking to identify where shoppers drop off during checkout and measure the impact of UX changes.
Under The Hood
Architecture
Umami follows a layered Next.js App Router architecture where server components handle data fetching and client components own interactivity, with zero prop drilling thanks to Zustand stores and React context providers. Data ingestion flows through a single /api/send endpoint that validates every payload with Zod schemas, resolves the visitor’s session via JWT-based caching, and writes to either PostgreSQL via Prisma or ClickHouse via a dedicated client — the runtime selects the query path based on environment variables. A separate Rollup build produces the standalone script.js tracker and recorder.js session capture script as self-contained IIFE bundles with no shared code from the main application, preventing supply chain issues. SQL queries are organized into purpose-built modules under queries/sql/ covering events, sessions, reports, replays, and performance metrics, each exported through a clean index. This separation allows the same business logic to route to either the Prisma path or the ClickHouse path without duplication.
Tech Stack
Umami runs on Next.js 16 with React 19 and Turbopack, using the App Router for both the dashboard UI and the analytics API. Prisma 7 with a @prisma/adapter-pg driver handles PostgreSQL access for standard deployments, while an @clickhouse/client integration serves high-scale write-heavy deployments that need columnar storage. KafkaJS provides optional event streaming for deployments that decouple ingestion from storage. The tracker and session recorder are built with Rollup targeting IIFE output and compressed with Terser. Vitest with jsdom and React Testing Library covers unit and component tests; Cypress handles end-to-end testing. Biome 2 replaces ESLint and Prettier as the unified linter and formatter. TanStack Query manages server state throughout the dashboard UI, and Zustand handles local UI state.
Code Quality
The codebase maintains targeted test coverage across critical utility modules — format helpers, IP detection, board logic, chart calculations, path matching, and URL utilities — using parameterized Vitest test cases that cover edge cases explicitly. Type safety is comprehensive: Prisma generates typed query clients, Zod validates all API inputs at runtime, and TypeScript strict mode is enforced. Biome enforces consistent naming and formatting across the entire TypeScript and JavaScript surface. Error handling is standardized through shared response helpers (badRequest, forbidden, serverError) that prevent inconsistent HTTP status codes across API routes. The tracker script intentionally avoids TypeScript to stay dependency-free at build time, but the main application maintains strict typing throughout.
What Makes It Unique Umami’s dual-backend architecture — standard PostgreSQL for typical deployments, ClickHouse for high-volume installations — is unusual for open-source analytics tools and lets the same application scale from a single site on a $5 VPS to an enterprise installation processing billions of monthly events. The cookieless session model derives visitor identifiers from a daily rotating salt hashed with IP, user agent, and hostname — providing accurate session tracking without persisting any individual’s data across days. Native revenue tracking, session replay via rrweb, customizable board dashboards, and Kafka ingestion are typically found only in commercial analytics platforms, making Umami’s feature parity with paid tools while remaining fully MIT-licensed a genuine differentiator.
Self-Hosting
Umami is released under the MIT License, which is one of the most permissive open-source licenses available. Self-hosters can use it commercially, modify the source code, incorporate it into proprietary products, and redistribute it — with no copyleft obligations, no attribution requirements beyond preserving the license notice, and no restrictions on the number of websites, users, or events tracked. There is no open-core model hiding features behind a paid tier: every capability in the repository, including ClickHouse support, session replay, revenue tracking, and the REST API, is available to self-hosters.
Running Umami yourself requires a PostgreSQL 12+ database, Node.js 18.18+, and enough compute to serve the Next.js application. The official Docker Compose file packages everything — application container and PostgreSQL — so a single docker compose up -d is sufficient to start. For production, operators need to add a reverse proxy (nginx or Caddy), configure TLS, plan PostgreSQL backups, set a strong APP_SECRET, and decide on database sizing. High-traffic deployments that outgrow PostgreSQL can switch to ClickHouse; those needing ingestion decoupling can add Kafka. Ongoing maintenance means pulling new Docker images for releases, running database migrations via prisma migrate deploy, and monitoring the Node.js process. There is no auto-update mechanism — operators are responsible for staying current.
Umami Cloud (umami.is) is the managed version run by Umami Software, Inc. It adds subscription-based plans with features like higher website limits, team management at scale, and managed infrastructure with no operational burden. Self-hosters give up the automatic security patches, managed backups, high-availability infrastructure, and official support SLAs that come with the cloud offering. The cloud tier is particularly relevant if your team lacks DevOps capacity or if data residency requirements are flexible — otherwise the self-hosted path gives complete control with no recurring costs beyond infrastructure.
Related Apps
Grafana
Monitoring · Analytics
The open-source observability platform that unifies metrics, logs, and traces from any data source into dynamic, queryable dashboards.
Grafana
AGPL 3.0OpenBB
Databases · Analytics · Invoicing Finance
The AI Workspace for Finance: Connect Data, Run AI Agents, Build Analytics
OpenBB
OtherClickHouse
Databases · Analytics · Data Engineering
Open-source column-oriented database that delivers real-time analytical queries on petabyte-scale data with millisecond latency.