engineeringanalyticsprivacydjangobuilding-in-public
Privacy-First Analytics Without Third-Party Scripts
29 Mar 2026 · Data Druid Tech
· Updated 29 Mar 2026
Why not Google Analytics?
Google Analytics is a 45KB JavaScript payload that tracks users across the web. For a product lab site, that is overkill. We wanted to know which pages get visited, how many unique visitors we have, and which blog posts perform well. That is it.
Our approach
A Django middleware that runs after each response:
- Tracks only public pages — excludes /lab/, /admin/, /static/
- Rate-limited — one view per path per session per 5 minutes
- IP hashing — SHA256-hash truncated to 16 chars, impossible to reverse
- No extra cookies — uses Django existing session cookie
- No JavaScript — server-side tracking, zero client overhead
The analytics dashboard aggregates into daily views, top pages, unique visitors, and blog engagement. The entire middleware is 40 lines of Python. Sometimes the simplest solution is the right one.