Countly is the only tool in this directory built mobile-first. Started in June 2012, incorporated as NIS Ltd in London early 2013 — predates virtually every other tool here by several years. 11+ official platform SDKs (iOS, Android, React Native, Flutter, Unity, Windows, C++, Node, Java, Dart, Web), tvOS / watchOS / ma
GDPR posture, sub-processors under DPA, per-jurisdiction stance, and encryption — everything a procurement team checks.
?GDPR✓ CompliantEU General Data Protection Regulation
EU's omnibus privacy law requiring a lawful basis for processing personal data (consent, legitimate interest, etc.). Applies to anyone handling EU-resident data. Countly's posture: Consent or legitimate interest. ?CCPA✓ CompliantCalifornia Consumer Privacy Act
California Consumer Privacy Act — rights for California residents (access, deletion, opt-out of sales). Triggered at $25M revenue or 50k+ CA-consumer records. ?UK PECR✓ CompliantUK Privacy and Electronic Communications Regulations
UK Privacy and Electronic Communications Regulations sit on top of GDPR specifically for cookies and electronic marketing. PECR Reg 6 governs analytics-cookie consent. ?SOC 2 · II✓ CompliantSOC 2 Type II
SOC 2 Type II — independent audit verifying security/availability controls operate effectively over 6+ months. Standard B2B procurement requirement. ?ISO 27001✓ CompliantISO/IEC 27001 information-security
ISO/IEC 27001 — international information-security management standard, certified by accredited bodies on a 3-year renewal cycle. ?HIPAA✓ CompliantUS HIPAA (with BAA)
US health-data law requiring a Business Associate Agreement (BAA) for any tool touching protected health information. Without BAA the tool cannot legally process PHI.
Per-jurisdiction posture
🇫🇷
FranceCNILBanner recommended
Default mode uses cookies + localStorage; consent typically required. Anonymous mode is configurable.
?France · CNIL
Default mode uses cookies + localStorage; consent typically required. Anonymous mode is configurable. 🇬🇧
United KingdomUK ICO / PECRBanner recommended
Default cookies trigger PECR Reg 6 consent.
?United Kingdom · UK ICO / PECR
Default cookies trigger PECR Reg 6 consent. 🇩🇪
ItalyGaranteBanner required
Italian Garante is strictest. Default mode requires consent banner.
?Italy · Garante
Italian Garante is strictest. Default mode requires consent banner.
Sub-processors (1)
GDPR Art. 28 disclosure — third parties under DPA that may receive data.
CL
Cloud provider (not disclosed)
Flex managed cloud — vendor markets per-customer private cloud in region of choice but does NOT name the underlying IaaS provider on public pages
● Collected
Device identifiers (cookie/localStorage-based device-id by default)
Session events with custom properties
User profiles with arbitrary metadata (per-user timeline)
Crash reports (mobile)
Heatmap interactions (web)
● Explicitly NOT collected
(in anonymous/temporary-id mode) persistent device identifiers
(when consent_required: true is set) any data without explicit user consent
Data retention
Configurable per tier. Specific defaults not disclosed publicly.
Encryption
In transit: HTTPS (Flex managed cloud)
At rest: Independently audited (ISO 27001 + SOC 2) but specific algorithms not published
DPAYes · manual
✦ AI & Modern Capabilities
How Countly works with AI agents
Tier 2 — AI add-ons — 2 available. Selective AI footprint vs full suite.
✓AI ChatAvailable
Conversational natural-language interface
"AI Agent Cee" — natural-language analytics concierge, builds cohorts/funnels from plain English Source ↗
Real plans, real numbers — pulled from count.ly (verified May 2026).
Lite
Free/free
Self-hosted only
✓ AGPL-3.0+brand-clause
✓ MongoDB
✓ You manage everything
✓ Some features gated
Flex Free
Free/mo
500 MAU
✓ Private cloud region of choice
✓ Core analytics
✓ No card
Flex paid
$40/mo
MAU-based scaling
✓ Private cloud
✓ Add-on features
✓ Custom add-ons
Enterprise
Custom
Custom
✓ Dedicated CSM
✓ On-prem option
✓ HIPAA self-attest
✓ Custom SLA
Tech specs
Stack, repo health, deployment options — for engineers evaluating self-host.
Stack
Written inJavaScript / Node.js
DatabaseMongoDB
CloudFlex private-cloud (provider not disclosed)
Self-hostHelm chart / Docker
LicenseAGPL-3.0 with Section 7 brand restriction
Min specsMongoDB-backed; per-deployment specs
GitHub github.com/Countly/countly-server
Stars★ 5,856
Forks981
Open issues0
Last commitrecently
Deploy
· Lite self-host (free, AGPL+brand-clause)
· Flex managed cloud
· Enterprise on-premises
Editor review
Independently reviewed by Mark Sutton, cross-checked against vendor documentation. Click any panel to expand.
+What it does well▾
Countly is the only tool in this directory built mobile-first. Started in June 2012, incorporated as NIS Ltd in London early 2013 — predates virtually every other tool here by several years. 11+ official platform SDKs (iOS, Android, React Native, Flutter, Unity, Windows, C++, Node, Java, Dart, Web), tvOS / watchOS / macOS via the iOS umbrella.
AI Agent "Cee" — natural-language analytics concierge that builds cohorts and funnels from plain English. Plus AI-powered analytics generates reports, dashboards, and recommendations (countly.com/feature/ai-agent-cee). Two genuine AI capabilities, marked NEW on the Analyze section.
ISO 27001 + SOC 2 certified — third tool in this directory with formal third-party security attestations after Matomo Cloud and Piwik PRO. Serves enterprise mobile/IoT customers where audit-trail compliance is non-negotiable.
Countly's web SDK is the largest tracker among open-source peers — ~36 KB gzipped (~132 KB raw min) vs Plausible's 1 KB or Umami's 2 KB. It bundles content-testing, heatmaps, form analytics, error tracking, and scroll/click tracking in one file. For Core Web Vitals on slow connections this dents performance noticeably. Only Piwik PRO at ~86 KB is heavier in the directory.
The AGPL-3.0 license has a Section 7 modification that prohibits removing Countly's branding from any deployed UI — a real consideration for white-label SaaS plans. Pure-AGPL peers (Plausible, Rybbit, Swetrix, OpenPanel) don't have this restriction.
Pricing transparency is the worst in the directory's certified-tools cohort. Flex starts at $40/month MAU-based, but the exact per-MAU price curve and feature-by-add-on breakdown require expanding the calculator on /pricing or contacting sales. Compare to Matomo Cloud's published €29/mo entry with full ladder.
Sub-processor disclosure is minimal — the cloud provider behind Flex private-cloud, email/support tooling, and payment processor are NOT disclosed on public pages. Plausible publishes 8 sub-processors; Piwik PRO publishes 15+. Countly's DPA exists but doesn't list specific sub-processors publicly.
DNT browser-signal honoring not advertised. Default identity model uses cookies + localStorage; Anonymous mode is configurable but a deliberate downgrade.
★Best for▾
Best for: mobile-app-heavy organizations that want one analytics platform across native (iOS/Android/Flutter/RN/Unity), desktop (Windows/.NET), and web. Strong fit for app studios, gaming companies, IoT/embedded teams (C++ SDK), regulated industries that need ISO 27001 + SOC 2 attestations.
Real value at Flex paid ($40+/mo) or Enterprise tier: That's where you unlock private-cloud regional pinning, full feature set (push, A/B, heatmaps), and ISO 27001 + SOC 2 evidence. Lite (free self-host) gives you analytics + funnels but gates push, content testing, and some engagement features.
Not for: sub-5KB-tracker requirements (look at Plausible, Pirsch, GoatCounter, Rybbit, OpenPanel); pure web analytics where Matomo or Piwik PRO fit better; teams that need transparent published pricing across all tiers; DNT-honoring requirements (only Fathom does in this directory); white-label rebrand use cases (Section 7 brand-protection clause prohibits Countly-logo removal).
⚡Setup walkthrough▾
Cloud Flex: sign up at count.ly, choose region for private-cloud deployment (vendor doesn't publish underlying provider). Drop one snippet for web tracking; integrate one of 11+ SDKs for native apps.
Web SDK: standard Countly snippet — Countly.q.push(['init', { app_key: '...', url: 'https://...' }]) then Countly.q.push(['track_pageview']). ~36 KB gzipped on first paint.
iOS / Swift: add Countly Cocoapod or SPM package. Countly.sharedInstance().startWithConfig(config). Crash reporting is automatic.
Android / Kotlin: Gradle dependency on ly.count.android.sdk. Init in Application.onCreate().
Self-host (Lite): clone github.com/Countly/countly-server, deploy via Helm chart (countly/helm) or Docker — MongoDB-backed. AGPL-3.0 + Section 7 brand-clause means you cannot remove Countly's logo from source or UI.
↔Migrating from GA4▾
From GA4 (web): Countly's web SDK supports event-based tracking similar to GA4 (custom events, custom segments, goals). Migration is fresh-tag — drop the GA4 snippet, install Countly snippet, redefine events using Countly's Countly.q.push(['add_event', {...}]) API. Funnels are recreated in Countly's UI.
From Firebase Analytics (mobile): Countly's mobile SDKs are deeper than Firebase's — crash reporting, push notifications, A/B testing, surveys all bundled. Migration: replace Firebase SDK with Countly SDK in your app, port event names + properties (Countly accepts arbitrary key-value maps).
From Mixpanel (product analytics): Countly's funnel/cohort/retention model maps closely to Mixpanel. Identity layer differs (Countly uses configurable device_id; Mixpanel uses identify()). Plan to re-implement user-identity bindings.
For ISO 27001 / SOC 2 procurement: request the audit reports under NDA from your account executive after signing the DPA at /dpa.
Help & FAQ
Where to get help with Countly and the questions buyers email us about.
Yes. Founded June 2012 as a mobile analytics SDK and incorporated as NIS Ltd in London in early 2013 — Countly predates virtually every other tool in this directory by several years. 11+ official platform SDKs (iOS, Android, React Native, Flutter, Unity, Windows, C++, Node, Java, Dart, Web), with tvOS / watchOS / macOS via the iOS SDK.
What are Countly's certifications?▾
ISO 27001 + SOC 2 per /security page. HIPAA self-attestation (BAA availability not explicitly confirmed on public pages — Enterprise tier likely required). This makes Countly the third directory tool with third-party attestations after Matomo Cloud (ISO 27001) and Piwik PRO (ISO 27001 + SOC 2 + HIPAA BAA).
What's the difference between Lite, Flex, and Enterprise?▾
Lite is free self-host (AGPL-3.0 with Section 7 brand restriction). Flex Free is $0 cloud for 500 MAU. Flex paid starts at $40/mo (MAU-based scaling). Enterprise is custom-quoted with private-cloud + dedicated CSM. Some advanced features (push, A/B, heatmaps) are gated to Flex/Enterprise — not all in Lite.
Where is Flex hosted?▾
Vendor markets per-customer 'private cloud in region of choice'. The specific underlying cloud provider (AWS / GCP / Azure / Hetzner / OVH) is NOT disclosed on public pages. This is a notable transparency gap vs Plausible (Hetzner DE, named) or Piwik PRO (Microsoft Azure multi-region, named).
Does Countly's AGPL license restrict me?▾
Yes — uniquely among the directory's AGPL tools. Countly's license is AGPL-3.0 with a modified Section 7 that prohibits removing Countly logo or branding from source code or UI. Pure-AGPL tools (Plausible, Rybbit, Swetrix, OpenPanel) don't have this restriction. Verify if you plan to fork or white-label.
Does Countly honor Do Not Track?▾
Not explicitly documented on public pages. The web SDK has a consent_required flag for opt-in tracking but DNT browser-signal auto-respect is not advertised. Among directory peers, only Fathom explicitly honors DNT.
What's the tracker size impact?▾
Countly's web SDK is ~36KB gzipped (132KB raw min) — the largest tracker among directory open-source tools. For comparison: Plausible 1KB, Pirsch 1.5KB, Umami 2KB, Matomo 22-25KB, Piwik PRO 86KB. Countly bundles content-testing, heatmaps, form analytics, error tracking, scroll tracking in one file.
