Privacy-first carbon-aware analytics — built-in CO2 reporting per pageview, only directory tool with sustainability dashboard. UK solo-maintained Nic Mulvaney LTD
🇬🇧 United KingdomSince 2022Closed-source SaaS
Cabin is the only tool in this directory with built-in CO2 reporting. Per-pageview carbon estimate based on page weight + asset inspection (flags un-optimised images and scripts). For climate-conscious B Corps and sustainability-focused operators, this fills a unique niche.
GDPR posture, sub-processors under DPA, per-jurisdiction stance, and encryption — everything a procurement team checks.
?GDPR✓ CompliantEU General Data Protection Regulation
EU's omnibus privacy law requiring a lawful basis for processing personal data (consent, legitimate interest, etc.). Applies to anyone handling EU-resident data. Cabin's posture: Legitimate interest. ?CCPA✓ CompliantCalifornia Consumer Privacy Act
California Consumer Privacy Act — rights for California residents (access, deletion, opt-out of sales). Triggered at $25M revenue or 50k+ CA-consumer records. ?UK PECR✕ Not heldUK Privacy and Electronic Communications Regulations
UK Privacy and Electronic Communications Regulations sit on top of GDPR specifically for cookies and electronic marketing. PECR Reg 6 governs analytics-cookie consent. ?SOC 2 · II✕ Not heldSOC 2 Type II
SOC 2 Type II — independent audit verifying security/availability controls operate effectively over 6+ months. Standard B2B procurement requirement. ?ISO 27001✕ Not heldISO/IEC 27001 information-security
ISO/IEC 27001 — international information-security management standard, certified by accredited bodies on a 3-year renewal cycle. ?HIPAA✕ Not heldUS HIPAA (with BAA)
US health-data law requiring a Business Associate Agreement (BAA) for any tool touching protected health information. Without BAA the tool cannot legally process PHI.
Per-jurisdiction posture
🇫🇷
FranceCNILNo banner
No cookies + EU data + UK governing law align with cookieless-analytics positioning.
?France · CNIL
No cookies + EU data + UK governing law align with cookieless-analytics positioning. 🇬🇧
United KingdomUK ICO / PECRNo banner
UK GDPR + PECR — Cabin is UK-incorporated. Strong home-jurisdiction position.
?United Kingdom · UK ICO / PECR
UK GDPR + PECR — Cabin is UK-incorporated. Strong home-jurisdiction position. 🇩🇪
GermanyTTDSGNo banner
TTDSG §25 trigger avoided (no terminal-device storage).
Real plans, real numbers — pulled from withcabin.com (verified May 2026).
Free
Free/mo
Unlimited (fair use)
✓ 1 site
✓ 30-day retention
✓ Email reports
✓ Custom subdomain
Pro
$19/mo
Unlimited (fair use)
✓ Unlimited sites
✓ Unlimited retention
✓ Read-only JSON API
✓ Public dashboards
Tech specs
Stack, repo health, deployment options — for engineers evaluating self-host.
Stack
Written inClosed-source
HostingAWS Ireland + London backup
CDNBunny.net
PaymentsStripe
LicenseClosed-source SaaS
Min specsN/A — SaaS only
Deploy
· Cloud SaaS only
Editor review
Independently reviewed by Mark Sutton, cross-checked against vendor documentation. Click any panel to expand.
+What it does well▾
Cabin is the only tool in this directory with built-in CO2 reporting. Per-pageview carbon estimate based on page weight + asset inspection (flags un-optimised images and scripts). For climate-conscious B Corps and sustainability-focused operators, this fills a unique niche.
UK governing law + EU data residency. Nic Mulvaney LTD (#08625310, England) operates Cabin from the UK with data on AWS Ireland (primary) + AWS London (backup). For UK businesses post-Brexit, this combination is rare in the directory — Plausible is Estonian, Fathom is Canadian, Pirsch is German.
Generous free tier. $0 with 1 site, 30-day retention, unlimited pageviews under fair use — rare in directory peers. Among free SaaS tiers, Cabin's unlimited-pageview-fair-use is more generous than Umami Hobby's 10K cap or Aptabase's 20K event cap.
Cookieless via unusual last-modified caching technique. No cookies, no hashing, no salt, no IP fingerprint stored. Stateless from client perspective. Different from all other directory peers (Plausible/Pirsch use salted-hash; Simple Analytics uses referrer-only). Mechanism is original but harder to externally verify.
−Weaknesses & gotchas▾
Slow velocity is the soft spot. Last shipped feature March 2025 (13+ months stale at writing). Solo-maintained by Nic Mulvaney since Normally studio closure January 2025. Vendor explicitly committed to continued development in 'Cabin: The next episode' February 2025 post — but cadence is one-person and slow.
No published DPA. /dpa returns 404. For B2B EU customers requiring written DPA under GDPR Article 28, this is a procurement gap. Pro customers would need to request privately. Compare to Plausible/Fathom/Pirsch which publish DPAs.
No funnels, no A/B testing, no heatmaps, no error tracking, no session recording. Pure analytics + CO2 reporting. For conversion optimization or product experimentation, look at Swetrix (errors+funnels+A/B+flags), OpenPanel (funnels+session replay+A/B), or Humblytics (A/B+heatmaps+AI hypothesis).
No third-party security certs. Self-attested GDPR/CCPA only — no PECR claim, no ISO 27001, no SOC 2, no HIPAA. Among directory peers, only Matomo Cloud, Piwik PRO, Countly hold third-party attestations.
Carbon methodology not formally documented. Vendor doesn't cite Sustainable Web Design model or CO2.js library. Number's auditability is weak compared to vendors using public methodologies.
★Best for▾
Best for: climate-conscious bootstrappers and B Corps wanting a single tool that reports website carbon AND pageviews from the same dashboard. UK-based small businesses who want UK governing law + EU data residency together. Anyone wanting a permanently-free privacy analytics with unlimited pageviews for one site.
Real value at $0 free tier: 1 site with 30-day retention, unlimited pageviews fair use — covers most personal sites and small-business landing pages. At $19 Pro: unlimited sites + unlimited retention + read-only JSON API.
Avoid if: you need funnels, A/B testing, heatmaps, errors, a signed DPA out of the box, third-party security certs, or fast feature shipping. For active development at $19, Pirsch ships features regularly. For AGPL self-host, Plausible/Rybbit/Swetrix/OpenPanel are options. For carbon reporting + funnels combo, no directory tool exists yet — pick Cabin for carbon, layer Plausible for analytics depth.
⚡Setup walkthrough▾
1. Sign up at withcabin.com — Free tier (no card).
2. Add a site → grab the script tag from the dashboard.
3. Drop the snippet in : `html
`
Vendor claims "77x smaller than Google Analytics" — implying <1KB but specific size not publicly disclosed.
4. (Optional) Configure custom subdomain for ad-blocker bypass (both Free + Pro tiers).
5. Define custom events via JS API for goals/conversion tracking (no native funnel feature).
6. View CO2 reporting + pageviews in dashboard. Weekly email reports auto-enabled.
7. Pro features: unlimited retention + read-only JSON API (launched March 2025) for programmatic access.
SDKs / integrations: No official SDKs documented. Manual install for any framework. WordPress requires manual header injection (no native plugin).
↔Migrating from GA4▾
From GA4. Cabin is a fresh-tag tool — no historical import.
1. Export GA4 historical data first (BigQuery export or CSV) — Cabin imports nothing.
2. Install Cabin alongside GA4 for 2-4 weeks. Cabin counts ~10-25% lower than GA4 (no bot inflation, no cross-device joins).
3. Map GA4 conversions → Cabin custom events.
4. Drop GA4 + cookie banner — Cabin's cookieless last-modified mechanism + no PII storage typically removes consent-banner requirement.
5. CO2 dashboard auto-populates from page weight + asset inspection — bonus over GA4.
Watch out:
No funnel/conversion-flow visualization — if you used GA4 funnels, plan to recreate via simple events.
No published DPA — if your privacy team requires written Article 28 documentation, request privately from vendor before relying on Cabin in B2B context.
Single-region (AWS Ireland) — for US-only data residency requirement, look at Fathom AWS multi-region with US East option.
Help & FAQ
Where to get help with Cabin and the questions buyers email us about.
Support
HoursAsync (solo developer Nic Mulvaney)Europe/London
ChannelsEmail
LanguagesEnglish
Response SLA~48h
FAQ (7)
What does Cabin's CO2 reporting actually measure?▾
Per-pageview carbon estimate based on page weight (data transferred) plus asset inspection (images, scripts) flagging un-optimised resources. Underlying calculation model NOT explicitly disclosed (vendor doesn't cite Sustainable Web Design model or CO2.js library). Doesn't measure visitor browsing carbon end-to-end, doesn't disclose hosting-region carbon-intensity grid factor.
Is Cabin actually still active?▾
Yes but slow. Site loads, signup works, tracker serving. Last shipped feature March 2025 (over 13 months ago at writing). Solo-maintained by Nic Mulvaney since Normally studio closure January 2025 — explicitly committed to continued development in 'Cabin: The next episode' February 2025 post. Velocity is one-person and slow.
Does Cabin have a DPA?▾
NO public DPA — /dpa returns 404. For B2B EU customers requiring written DPA under GDPR Article 28, Pro customers would need to request privately. This is a gap for procurement-conscious buyers.
How does the visitor-counting work?▾
Unusual mechanism: server sets last-modified HTTP cache header to start of current day, increments by 1 second per visit. Uniqueness inferred from time differential the browser cache returns. NO hashing, NO IP fingerprint, NO salt. Stateless from client perspective. Different from all other directory peers (Plausible/Pirsch use salted-hash; Simple Analytics uses referrer-only).
Where is Cabin hosted?▾
AWS Ireland primary + AWS London backup. EU + UK jurisdictions, no US option. CDN via Bunny.net (Slovenia). UK governing law (Nic Mulvaney LTD #08625310, England).
Is there a free tier?▾
Yes — Free $0 with 1 site, 30-day retention, unlimited pageviews (fair use). Pro $19/mo for unlimited sites + unlimited retention. All features identical between tiers (data export, CO2 reporting, custom events, weekly email, custom subdomains, API on Pro).
What does Cabin lack vs Plausible or Fathom?▾
No funnels, no A/B, no heatmaps, no error tracking, no session recording, no published DPA, no third-party security certs. Slow velocity (last feature March 2025). What Cabin uniquely offers: built-in CO2/carbon reporting dashboard — no other directory tool ships this.
🇮🇪 