Fathom Analytics
Proprietary (closed-source SaaS) SaaS only From $15/mo
Quiz
← All tools

Fathom Analytics Review (2026)

Cookieless privacy analytics with EU Isolation by default, founder-led since 2018

🇨🇦 Canada Since 2018 Proprietary (closed-source SaaS)

Founders' brand and trust. Built and run by Jack Ellis (developer) and Paul Jarvis (designer/author of *Company of One*) since 2018. Bootstrapped, customer-funded, no VC, profitable. The "we don't sell your data because we literally don't collect any" pitch is the whole product, and it's earned reviewer trust over five

— Mark Sutton, editor
Visit Fathom Analytics usefathom.com See pricing Privacy passport Feature matrix
Fathom Analytics single-pane privacy-first dashboard
Main dashboard view
Editor score 4.0/5
From $15/mo Cloud only
Hosting SaaS only EU hosted · US hosted
Privacy passport

Fathom Analytics compliance at a glance

GDPR posture, sub-processors under DPA, per-jurisdiction stance, and encryption — everything a procurement team checks.

GDPR Compliant EU General Data Protection Regulation EU's omnibus privacy law requiring a lawful basis for processing personal data (consent, legitimate interest, etc.). Applies to anyone handling EU-resident data. Fathom Analytics's posture: Legitimate interest.
CA
CCPA Compliant California Consumer Privacy Act California Consumer Privacy Act — rights for California residents (access, deletion, opt-out of sales). Triggered at $25M revenue or 50k+ CA-consumer records.
UK PECR Compliant UK Privacy and Electronic Communications Regulations UK Privacy and Electronic Communications Regulations sit on top of GDPR specifically for cookies and electronic marketing. PECR Reg 6 governs analytics-cookie consent.
SOC 2 · II Not held SOC 2 Type II SOC 2 Type II — independent audit verifying security/availability controls operate effectively over 6+ months. Standard B2B procurement requirement.
ISO27001
ISO 27001 Not held ISO/IEC 27001 information-security ISO/IEC 27001 — international information-security management standard, certified by accredited bodies on a 3-year renewal cycle.
HIPAA Not held US HIPAA (with BAA) US health-data law requiring a Business Associate Agreement (BAA) for any tool touching protected health information. Without BAA the tool cannot legally process PHI.

Per-jurisdiction posture

🇫🇷
France CNIL No banner CNIL has confirmed cookieless analytics with no PII does not require consent — Fathom qualifies.
France · CNIL CNIL has confirmed cookieless analytics with no PII does not require consent — Fathom qualifies.
🇬🇧
United Kingdom UK ICO / PECR No banner No cookies, no local-storage = PECR Reg 6 not triggered. UK ICO has not issued Fathom-specific ruling but PECR posture is defensible.
United Kingdom · UK ICO / PECR No cookies, no local-storage = PECR Reg 6 not triggered. UK ICO has not issued Fathom-specific ruling but PECR posture is defensible.
🇩🇪
Germany TTDSG Banner recommended TTDSG §25 stricter reading by some German DPAs — disclosure recommended even for cookieless tools.
Germany · TTDSG TTDSG §25 stricter reading by some German DPAs — disclosure recommended even for cookieless tools.
🇮🇹
Italy Garante Banner recommended Italian Garante is strictest in EU — many analytics deployments trigger consent regardless of cookie status.
Italy · Garante Italian Garante is strictest in EU — many analytics deployments trigger consent regardless of cookie status.

Sub-processors (4)

GDPR Art. 28 disclosure — third parties under DPA that may receive data.

Conva Ventures Inc Legal entity (data processor for customer's site visitors) Canada
BunnyWay d.o.o. (Bunny.net) CDN, DNS, EU-region edge (named in DPA Appendix 1) Slovenia
Amazon Web Services Cloud hosting for non-EEA traffic only (per Fathom DPA) United States
Stripe Payment processing (named in privacy policy) United States

Collected

  • URL of page visited
  • HTTP referrer
  • User-Agent (parsed to browser/OS)
  • Country (derived from IP, then IP discarded)
  • Session duration
  • Custom event labels (if configured)

Explicitly NOT collected

  • IP address (used in-memory only for hash, then discarded)
  • Device fingerprint
  • Cross-site tracking identifiers
  • Custom user IDs
Data retention

Per usefathom.com/pricing: 'Forever data retention' listed identically across every paid plan. CSV export and Stats API unlimited.

Encryption
  • In transit: TLS
  • At rest: Encrypted at rest
DPA Yes · click through
AI & Modern Capabilities

How Fathom Analytics works with AI agents

Tier 3 — no AI yet — vendor focuses on classic privacy-first analytics; no AI/MCP features advertised.

AI Chat Not yet

Conversational natural-language interface

Not advertised by vendor

MCP Server Not yet

Model Context Protocol — Claude / Cursor / Codex

Not advertised by vendor

Agent API Not yet

Programmatic AI-agent endpoints

Not advertised by vendor

AI Insights Not yet

Anomaly detection / hypothesis / summaries

Not advertised by vendor

Export for AI Not yet

Structured export formatted for LLM ingestion

Not advertised by vendor

Strengths & weaknesses

What makes Fathom Analytics worth a look — and where it falls short.

Strengths 8

  • Founder-led brand (Jack Ellis + Paul Jarvis, bootstrapped since 2018)
  • EU Isolation by default — Schrems-II posture done-for-you
  • Forever data retention (vs GA4's 14-mo cap)
  • Built-in custom-domain proxy (no nginx config)
  • Free GA4 importer regardless of volume
  • Cookieless with daily salt rotation
  • Real logos: GitHub, IBM, HashiCorp, New York Times, Bootstrap, Laravel
  • 50 sites included on every plan

Weaknesses 6

  • No free tier — 30-day trial only
  • Pricing scales aggressively past 1M pv ($60→$200 at 10M)
  • No funnels, cohorts, heatmaps, session recording
  • Country-level geo only (no city)
  • No HIPAA / no BAA
  • No mobile SDKs

Feature matrix

All 38 verified checks across 4 categories. Hover any row for the editor's note.

Tracking & Reporting 15

  • Pageviews & visitors Yes
  • Live visitor count Yes
  • Top pages report Yes
  • Top referrers Yes
  • UTM campaign tracking Yes
  • Country & city breakdown ~Partial
  • Device, browser, OS Yes
  • Bounce / engagement Yes
  • Time on site Yes
  • Custom events Yes
  • Goals / conversions Yes
  • Funnels No
  • Outbound link tracking Yes
  • File download tracking Yes
  • 404 / error tracking No

Privacy & Compliance 9

  • Cookieless by default Yes
  • No personal data collected Yes
  • GDPR-compliant out of the box Yes
  • Data hosted in EU Yes
  • Data hosted in US Yes
  • Self-hostable No
  • Open source No
  • Data retention period Forever
  • Bot & spam filtering Yes

Setup & Integrations 10

  • Script weight (KB) 2
  • Single-snippet install Yes
  • WordPress plugin Yes
  • Proxy / first-party domain Yes
  • Public API Yes
  • Data export (CSV/JSON) Yes
  • Google Search Console connector No
  • Email digests Yes
  • Slack / webhook alerts ~Partial
  • Public shareable dashboard Yes

Pricing & Plans 4

  • Free tier exists No
  • Entry price ($/mo) $15/mo
  • Price at 100k pageviews $15/mo
  • Unlimited sites on entry plan Yes

Fathom Analytics vs alternatives

How it compares to the closest 3 rivals on key buyer-decision fields.

Compare Fathom Analytics against

Side-by-side comparisons with other tools in the directory.

Fathom Analytics vs Matomo Fathom Analytics vs Plausible Fathom Analytics vs Simple Analytics Fathom Analytics vs Umami

Pricing tiers

Real plans, real numbers — pulled from usefathom.com (verified May 2026).

Trial

Trial/30 days

Full access

  • ✓ No credit card
  • ✓ Unlimited usage
  • ✓ Run alongside existing
100k pv

$15/mo

100k pv

  • ✓ 50 sites
  • ✓ Email reports
  • ✓ EU Isolation
  • ✓ Forever retention
1M pv

$60/mo

1M pv

  • ✓ 50 sites
  • ✓ All features
  • ✓ Unlimited exports
5M pv

$140/mo

5M pv

  • ✓ Same features
  • ✓ Just more pageviews
10M pv

$200/mo

10M pv

  • ✓ Same features
25M+

Custom

25M+

  • ✓ Contact sales

Tech specs

Stack, repo health, deployment options — for engineers evaluating self-host.

Stack

  • Written inClosed-source SaaS
  • HostingAWS multi-region (EU + US)
  • EdgeCloudflare (DNS/WAF)
  • LicenseProprietary (closed-source SaaS)

Deploy

  • · SaaS only — no self-host
  • · WordPress plugin (10,000+ active installs)

Used by

Companies and projects that publicly trust Fathom Analytics.

GitHub
IBM
HashiCorp
The New York Times
Bootstrap
Laravel
Mark Sutton

Editor review

Independently reviewed by Mark Sutton, cross-checked against vendor documentation. Click any panel to expand.

+ What it does well

Founders' brand and trust. Built and run by Jack Ellis (developer) and Paul Jarvis (designer/author of Company of One) since 2018. Bootstrapped, customer-funded, no VC, profitable. The "we don't sell your data because we literally don't collect any" pitch is the whole product, and it's earned reviewer trust over five years.

EU Isolation by default. EU IP traffic is routed to AWS Frankfurt and processed entirely in-region — only aggregated stats leave the EU boundary. Built-in for all paid plans, no setup, no separate tier. Schrems-II posture done-for-you.

Forever data retention. No 14-month GA4 cap, no archival cliff. CSV export and Stats API are unlimited. You own the data, full stop.

Built-in custom-domain proxy. Route stats through stats.yourdomain.com to dodge ad-blockers — no nginx/Caddy config required, it's a setting in the dashboard.

Free GA4 importer. Pulls historical Google Analytics data into Fathom regardless of volume. UA import is now disabled because Google deleted UA data on 2024-07-01.

Single-pane dashboard. No funnels to build, no events to wire, no training docs. The whole product fits on one screen — exactly the appeal for agencies handing dashboards to non-technical clients.

Weaknesses & gotchas

Pricing scales aggressively past 100k pageviews. $15/mo at 100k, $60 at 1M, $200 at 10M. At 5M+ you're paying noticeably more than self-hosted Plausible/Umami. No discounts ever, even on Black Friday (vendor explicit).

No free tier. 30-day trial only; after that, you pay. Compared to Umami's permanent free Hobby (100k events/mo) or Plausible's 30-day trial, Fathom is purely paid.

Limited depth. No funnels, no cohorts, no segmentation, no custom dimensions, no heatmaps, no session replay. Reviewers consistently flag this — "great for vanity metrics, useless if you need to debug a checkout drop-off."

Country-level geo only. No city breakdown — privacy choice but limits regional optimization.

No mobile SDKs. Web-tracking only; mobile-app analytics requires posting to the Tracking API manually.

No HIPAA / no BAA. Fathom does not sign Business Associate Agreements. Healthcare-adjacent customers need to look elsewhere.

Event tracking feels bolted-on. G2 reviewers describe the events API as workable but "nowhere near GA4 or Mixpanel" for product-led teams.

Best for

Best for indie hackers, bootstrapped SaaS under ~500k pageviews/mo, agencies serving privacy-sensitive clients (legal, healthcare-content), content-led blogs, and build-in-public founders sharing public dashboards. Real customers span GitHub, IBM, HashiCorp, NYT, Bootstrap, Laravel, Buffer, Alpine.js — both ends of the market.

The founders' brand is a real factor. Reviewers explicitly cite trust in Jack Ellis + Paul Jarvis as "the pair you actually trust with your data" — rare in the analytics space.

Real value at the $60/mo (1M pv) tier and below. Past 5M pageviews, the price ladder gets uncomfortable vs self-hosted alternatives.

Not for e-commerce stores needing checkout funnel forensics (Shopify + GA4 / Matomo wins), product-led SaaS that lives on cohort retention (PostHog / Mixpanel territory), marketing teams running multi-touch attribution, high-volume publishers (>2M pv/mo where unit economics break), or healthcare contexts needing a BAA.

Setup walkthrough

1. Sign up at usefathom.com → 30-day free trial, no credit card.
2. Add a domain → get a single async tag (~2 KB).
3. Paste in of every page. WordPress users: install Fathom Analytics for WP v3.3.1 (102k+ downloads, rating 4.8).
4. Optional: turn on the custom-domain proxy in dashboard settings (stats.yourdomain.com CNAME) to dodge ad-blockers — built-in, no server config.
5. EU Isolation is on by default — nothing to configure.

Total: ~3-8 minutes per most reviewer reports.

Migrating from GA4

Free GA4 importer for all customers. No charge regardless of data volume — vendor explicitly: "We don't even charge for historical data imports (regardless of the amount of data)."

What does not migrate: GA4 custom dimensions and audiences (Fathom's data model is intentionally flat — URL, referrer, country, device, custom event metadata). Universal Analytics import was offered, but Google permanently deleted UA data on 2024-07-01, so it's no longer available.

Recommended: parallel tracking for ~30 days. Don't expect identical numbers — Fathom's salt-rotated daily hashing produces a stricter privacy profile than GA4's persistent Client-ID, so "uniques" can drift by a few percent.

Help & FAQ

Where to get help with Fathom Analytics and the questions buyers email us about.

Support

HoursMon-Fri 09:00-17:00PST/PDT (UTC-8/-7)
ChannelsEmail · Twitter
LanguagesEnglish
Response SLA~24h

FAQ (6)

Is Fathom really cookieless and GDPR-compliant?

Yes. Fathom does not set cookies, does not collect IP addresses (uses an in-memory hash discarded daily), and routes EU traffic through AWS Frankfurt by default (EU Isolation). CNIL France has confirmed cookieless analytics with no PII does not require a banner. Germany (TTDSG) and Italy (Garante) take stricter readings — most teams in those markets still mention Fathom in their privacy policy but no banner is needed.

What is EU Isolation and is it the default?

EU Isolation routes EU IP traffic to AWS Frankfurt and processes it in-region — only aggregated, anonymized stats leave the EU boundary. It's enabled by default on all paid plans at no extra cost. This sidesteps the Schrems II concerns about US data transfer.

How does Fathom pricing work?

Fathom uses pageview tiers — $15/mo for up to 100,000 pageviews (50 sites included), scaling to $60 for 1M, $140 for 5M, $200 for 10M. There's no free tier — only a 30-day trial. The portfolio model (50 sites at $15) makes it cheaper than per-site competitors if you operate multiple small sites.

Can I migrate from Google Analytics to Fathom?

Yes — Fathom ships a free GA4 Importer that pulls historical aggregate data from Google Analytics 4. There's no volume cap on the importer. Custom dimensions and BigQuery exports don't migrate — those are GA-specific. Recommended pattern: install Fathom alongside GA4 for 30 days to validate parity, then drop GA4.

Why is Fathom closed-source if it's privacy-first?

By design — Jack Ellis and Paul Jarvis chose to keep Fathom closed-source and bootstrapped (no VC). Their thesis: open-source analytics tools tend to fragment between hosted and self-host editions, slowing development. Fathom focuses entirely on the SaaS experience. The trade-off: you can't audit the code or self-host.

What's the difference between Fathom and Plausible?

Fathom is closed-source SaaS with EU Isolation, unlimited sites per plan ($15 covers 50 sites), and forever data retention. Plausible is open-source AGPL with explicit per-plan retention (3-5 years), self-hostable Community Edition, and includes funnels on the $39 Business plan. Plausible is cheaper at low volume; Fathom is cheaper at portfolio scale.