Litlyx is the most permissive-licensed EU privacy-analytics tool — Apache 2.0 throughout. github.com/Litlyx/litlyx (1.7k stars, 405 commits, last push 2026-04-30). Self-host commercially without copyleft obligations — friendlier than Plausible/OpenPanel/Swetrix's AGPL or Matomo's GPL.
GDPR posture, sub-processors under DPA, per-jurisdiction stance, and encryption — everything a procurement team checks.
?GDPR✓ CompliantEU General Data Protection Regulation
EU's omnibus privacy law requiring a lawful basis for processing personal data (consent, legitimate interest, etc.). Applies to anyone handling EU-resident data. Litlyx's posture: Legitimate interest. ?CCPA✓ CompliantCalifornia Consumer Privacy Act
California Consumer Privacy Act — rights for California residents (access, deletion, opt-out of sales). Triggered at $25M revenue or 50k+ CA-consumer records. ?UK PECR✓ CompliantUK Privacy and Electronic Communications Regulations
UK Privacy and Electronic Communications Regulations sit on top of GDPR specifically for cookies and electronic marketing. PECR Reg 6 governs analytics-cookie consent. ?SOC 2 · II✕ Not heldSOC 2 Type II
SOC 2 Type II — independent audit verifying security/availability controls operate effectively over 6+ months. Standard B2B procurement requirement. ?ISO 27001✕ Not heldISO/IEC 27001 information-security
ISO/IEC 27001 — international information-security management standard, certified by accredited bodies on a 3-year renewal cycle. ?HIPAA✕ Not heldUS HIPAA (with BAA)
US health-data law requiring a Business Associate Agreement (BAA) for any tool touching protected health information. Without BAA the tool cannot legally process PHI.
Per-jurisdiction posture
🇫🇷
FranceCNILNo banner
Daily-rotated salt-hash + EU-only hosting align with CNIL guidance for analytics. No CNIL-specific endorsement.
?France · CNIL
Daily-rotated salt-hash + EU-only hosting align with CNIL guidance for analytics. No CNIL-specific endorsement. 🇬🇧
United KingdomUK ICO / PECRNo banner
PECR Reg 6 applies to cookies/storage; Litlyx uses neither.
?United Kingdom · UK ICO / PECR
PECR Reg 6 applies to cookies/storage; Litlyx uses neither. 🇩🇪
Real plans, real numbers — pulled from litlyx.com (verified May 2026).
Trial
Trial/30 days
Mini features
✓ No card required
Mini
$8/mo
10K pv/events
✓ 1y retention
✓ Limited AI
✓ Single member
✓ Funnels included
Business
$14/mo
100K
✓ 2y retention
✓ 50 AI msgs/mo
✓ Unlimited domains
✓ Team
Pro
$29/mo
350K
✓ 3y retention
✓ 200 AI msgs/mo
✓ Unlimited domains
Business 1M
$59/mo
1M
✓ 5y retention
✓ Unlimited AI
✓ White-label
Self-host
Free/free
Unlimited
✓ Apache 2.0
✓ Run own MongoDB
✓ You manage updates
Tech specs
Stack, repo health, deployment options — for engineers evaluating self-host.
Stack
Written inTypeScript
DBMongoDB self-hosted on Hetzner
HostingHetzner Nuremberg DE
AIOpenAI (sub-processor)
EmailBrevo FR
LicenseApache 2.0
Min specsMongoDB-backed; per-deployment specs
GitHub github.com/Litlyx/litlyx
Stars★ 1,712
Forks108
Open issues6
Last commit2026-04-30
Deploy
· Cloud SaaS
· Self-host via Docker (Apache 2.0 — most permissive)
Editor review
Independently reviewed by Mark Sutton, cross-checked against vendor documentation. Click any panel to expand.
+What it does well▾
Litlyx is the most permissive-licensed EU privacy-analytics tool — Apache 2.0 throughout. github.com/Litlyx/litlyx (1.7k stars, 405 commits, last push 2026-04-30). Self-host commercially without copyleft obligations — friendlier than Plausible/OpenPanel/Swetrix's AGPL or Matomo's GPL.
Italian Srl with disclosed registered address (Viale Tirreno 187, Roma 00141). Hetzner Germany hosting. MongoDB self-hosted on Hetzner (NOT MongoDB Atlas). Daily-rotated salt-hashing of IPs and User-Agents — same family as Plausible/Pirsch but with verbatim cryptographic guarantee in DPA.
Funnels included from €8.99 Mini up — no upsell wall. Plausible gates funnels behind $39 Business; Fathom and GoatCounter don't have funnels at all. Web + product + UTM marketing + SEO + AI chat in one tier ladder.
48-hour breach notification (stricter than GDPR's 72h). 60-day full purge from backups on account close. AI chat baked into the product (OpenAI-routed; quota-gated per tier).
−Weaknesses & gotchas▾
No permanent free Cloud tier. Only 30-day trial Mini. Compare to Umami Hobby (free SaaS tier), GoatCounter Cloud (free), Counter.dev (PWYW), Aptabase (free 20K), Databuddy (free 10K). Litlyx self-host is free — but you need to run MongoDB.
No third-party security certifications disclosed (no SOC 2 / ISO 27001 / HIPAA). Among directory peers, only Matomo Cloud, Piwik PRO, Countly hold third-party attestations.
No DNT honoring stated in privacy policy. Of directory peers, only Fathom honors browser DNT.
AI chat sends queries to OpenAI in US — adds a US-data-transfer hop on the otherwise EU-only path; mitigated by SCC but worth disclosing.
Single-region (Nuremberg DE) — no US/AP option for latency-sensitive customers.
Founders/leadership not named on website. No /team or /about page; /about returns 404. Corporate transparency below directory peers like Plausible (Marko Saric named) or Fathom (Jack Ellis + Paul Jarvis).
★Best for▾
Best for: EU founders / SMBs who want cookieless web analytics + AI chat in one product, billed in euros, with Apache 2.0 self-host as fallback. Solo operators who'd otherwise stitch Plausible + ChatGPT — Litlyx bundles both at €8.99.
Real value at €8.99 Mini (10K pv): small portfolio sites, hobby projects, blogs. Limited AI may feel thin if you actually want chat. At €14.99 Business (100K pv, 50 AI msgs): sweet-spot for B2B SaaS marketing sites and small e-commerce — funnels + AI chat + multiple domains. At €59.99 Business 1M: unlimited AI kicks in here.
Not for: anyone who needs ISO 27001 or SOC 2 evidence (use Matomo or Piwik PRO); teams who need session replay, A/B, error tracking, or feature flags (use OpenPanel, Swetrix, or Databuddy); buyers who want a permanent free Cloud tier (use Umami / GoatCounter / Aptabase / Databuddy); workloads where US data transfer for AI-chat is unacceptable (turn off AI usage or pick Pirsch / Plausible — no AI hop).
⚡Setup walkthrough▾
1. Sign up at dashboard.litlyx.com/register (no card, 30-day Mini trial).
2. Add your domain → grab the script tag from the dashboard.
3. Drop the snippet in (any framework: vanilla JS, Next, Nuxt, Vue, React, Astro, Svelte, plus WordPress/Shopify via plugins).
4. UTM-tag your campaign links — Litlyx's marketing module is UTM-driven.
5. Wire up litlyx.event('signup', {...}) for custom events from your front-end.
6. (Optional) Self-host: git clone github.com/Litlyx/litlyx, run via Docker, point your script to your own endpoint via a forwarded data variable.
7. Talk to the AI analyst from the dashboard — quotas reset monthly; queries are sent to OpenAI per DPA.
↔Migrating from GA4▾
The cookie-banner removal lift is the obvious win — Litlyx is cookie-free and the privacy-policy explicitly removes the consent-banner requirement. Practical migration steps:
1. Export GA4 historical data first (BigQuery export or CSV) — Litlyx imports nothing from GA4, history starts at install time.
2. Install Litlyx alongside GA4 for 2-4 weeks to cross-check (Litlyx counts ~10-25% lower because no bot inflation, no cross-device joins).
3. Map GA4 conversions → Litlyx custom events (one-line litlyx.event(name, props)).
4. Set up funnels in Litlyx (replaces GA4 funnel exploration).
5. Recreate UTM-based campaign reports — Litlyx documents the 'ethical UTM' approach explicitly. Make sure all paid-traffic links carry consistent utm_source/medium/campaign.
6. Remove GA4 + Google Tag Manager + cookie banner from the site.
7. Update privacy policy: replace GA4 paragraph with Litlyx DPA reference; flag US-AI-transfer if you use the AI chat, or disable AI for full EU isolation.
8. Tell the AI analyst: 'What changed in conversions vs last month?' — replaces hand-built GA4 explorations.
Help & FAQ
Where to get help with Litlyx and the questions buyers email us about.
Support
HoursAsync (Italian Srl)Europe/Rome (UTC+1/+2)
ChannelsEmail
LanguagesEnglish, Italian
Response SLA~48h
FAQ (7)
What's the cookieless mechanism?▾
Daily-rotated salt-hashing of IP + User-Agent. Per DPA verbatim: 'No raw IP addresses are stored. We apply a daily salt to ensure data cannot be linked across sessions or days.' Same family as Plausible/Pirsch/Fathom (NOT referrer-only like Simple Analytics).
Is Litlyx really €4/mo as some directories claim?▾
No — entry tier is €8.99/mo Mini (yearly billed) for 10K pageviews/events. The €4 figure circulating in some directories is incorrect. OpenPanel still holds the cheapest paid entry in this directory at $2.50/mo for 5K events.
Where is my data stored?▾
Hetzner servers in Nuremberg, Germany. MongoDB self-hosted (not Atlas) on Hetzner. Per DPA: '100% renewable energy.' Backups encrypted and stored within the EU.
Can I avoid the GDPR cookie banner?▾
Yes — vendor markets explicitly as 'No More Cookie Banners.' Daily-salt cookieless tracking + EU-only hosting + Italian Srl jurisdiction puts Litlyx in clean GDPR/PECR/CCPA territory. AI chat sends queries to OpenAI US (covered by sub-processor disclosure).
Is Litlyx open-source?▾
Yes — Apache 2.0 (most permissive license among EU privacy-analytics tools). github.com/Litlyx/litlyx (~1.7k stars, 405 commits). Self-host fully free with own MongoDB.
How does Litlyx AI compare to Seline AI?▾
Both are conversational AI (you ask, it answers). Litlyx routes queries to OpenAI; Seline does too. Litlyx's AI is gated by msg count: limited Mini / 50 Business / 200 Pro / unlimited Business 1M+. Seline's Pro plan ($14 flat) has higher AI limits. For heavy AI usage, Seline's flat pricing is cheaper than Litlyx's €59.99 Business 1M.
Are there third-party security certifications?▾
No. GDPR/CCPA/PECR self-attested. 48-hour breach notification (stricter than GDPR 72h). For ISO 27001 / SOC 2 / HIPAA in this directory, only Matomo Cloud, Piwik PRO, or Countly hold third-party certs.
