Strict EU-only privacy-first analytics on OVHcloud — German GmbH, external DPO, 50-100 sites per plan, $15 entry
🇩🇪 GermanySince 2021Closed-source SaaS
Wide Angle Analytics is the strictest German privacy-first option in this directory. Where Plausible runs Hetzner Germany with a Slovenian CDN and Fathom multi-regions through AWS EU + US, Input Objects GmbH plants its entire stack on OVHcloud's EU Public Cloud and refuses third-country transfers — which makes it one o
GDPR posture, sub-processors under DPA, per-jurisdiction stance, and encryption — everything a procurement team checks.
?GDPR✓ CompliantEU General Data Protection Regulation
EU's omnibus privacy law requiring a lawful basis for processing personal data (consent, legitimate interest, etc.). Applies to anyone handling EU-resident data. Wide Angle Analytics's posture: Legitimate interest. ?CCPA✓ CompliantCalifornia Consumer Privacy Act
California Consumer Privacy Act — rights for California residents (access, deletion, opt-out of sales). Triggered at $25M revenue or 50k+ CA-consumer records. ?UK PECR✓ CompliantUK Privacy and Electronic Communications Regulations
UK Privacy and Electronic Communications Regulations sit on top of GDPR specifically for cookies and electronic marketing. PECR Reg 6 governs analytics-cookie consent. ?SOC 2 · II✕ Not heldSOC 2 Type II
SOC 2 Type II — independent audit verifying security/availability controls operate effectively over 6+ months. Standard B2B procurement requirement. ?ISO 27001✕ Not heldISO/IEC 27001 information-security
ISO/IEC 27001 — international information-security management standard, certified by accredited bodies on a 3-year renewal cycle. ?HIPAA✕ Not heldUS HIPAA (with BAA)
US health-data law requiring a Business Associate Agreement (BAA) for any tool touching protected health information. Without BAA the tool cannot legally process PHI.
Per-jurisdiction posture
🇫🇷
FranceCNILNo banner
Cookieless + no PII pattern aligns with GDPR Recital 26. No CNIL-specific endorsement letter published; relies on legitimate-interest theory.
?France · CNIL
Cookieless + no PII pattern aligns with GDPR Recital 26. No CNIL-specific endorsement letter published; relies on legitimate-interest theory. 🇬🇧
United KingdomUK ICO / PECRNo banner
PECR Reg 6 applies to cookies/local storage; Wide Angle uses neither for visitor tracking.
?United Kingdom · UK ICO / PECR
PECR Reg 6 applies to cookies/local storage; Wide Angle uses neither for visitor tracking. 🇩🇪
GermanyTTDSGNo banner
TTDSG §25 applies to terminal-device storage; cookieless mechanism avoids the §25 trigger.
?Germany · TTDSG
TTDSG §25 applies to terminal-device storage; cookieless mechanism avoids the §25 trigger. 🇮🇹
ItalyGaranteBanner recommended
Italian Garante is strictest. No Garante-specific ruling. Conservative reading recommends disclosure.
?Italy · Garante
Italian Garante is strictest. No Garante-specific ruling. Conservative reading recommends disclosure.
Sub-processors (6)
GDPR Art. 28 disclosure — third parties under DPA that may receive data.
🇫🇷
OVHcloud
Hosting & backend infrastructure (EU Public Cloud, Open Trusted Cloud partner program)
France
🇬🇧
Paddle
Payment processing & merchant of record
United Kingdom
🇫🇷
Brevo (formerly Sendinblue)
Transactional + marketing email
France
🇨🇭
Infomaniak Network SA
Contact / messaging management
CH
🇮🇹
iubenda
Privacy policy hosting (marketing site only)
Italy
🇱🇺
dpo-consulting.com
External Data Protection Officer
Luxembourg
● Collected
URLs visited and page titles
HTTP referrer + UTM parameters
Browser, OS, device type
Country and region (derived from IP, then IP discarded)
Custom Actions (event tracking)
Daily-rotating anonymous session hash
● Explicitly NOT collected
IP addresses (used as hash input only, not stored)
Cookies or local storage entries on visitor devices
Cross-site tracking identifiers
Browser fingerprints (off by default; data-waa-fingerprint='true' opt-in)
Data retention
Plan-tied retention: Starter 12mo / Plus 24mo / Advanced unlimited (Forever). Default not separately specified outside plan tiers.
Encryption
In transit: HTTPS via Let's Encrypt; internal SSL between services
At rest: AES-XTS for storage volumes, AES-256 for password vaults; XSalsa20+Poly1305 for backups; HSM-managed keys
DPAYes · manual
✦ AI & Modern Capabilities
How Wide Angle Analytics works with AI agents
Tier 3 — no AI yet — vendor focuses on classic privacy-first analytics; no AI/MCP features advertised.
✕AI ChatNot yet
Conversational natural-language interface
Not advertised by vendor
✕MCP ServerNot yet
Model Context Protocol — Claude / Cursor / Codex
Not advertised by vendor
✕Agent APINot yet
Programmatic AI-agent endpoints
Not advertised by vendor
✕AI InsightsNot yet
Anomaly detection / hypothesis / summaries
Not advertised by vendor
✕Export for AINot yet
Structured export formatted for LLM ingestion
Not advertised by vendor
Strengths & weaknesses
What makes Wide Angle Analytics worth a look — and where it falls short.
Strengths 8
Strictest EU-only data plane — OVHcloud Open Trusted Cloud
Independently reviewed by Mark Sutton, cross-checked against vendor documentation. Click any panel to expand.
+What it does well▾
Wide Angle Analytics is the strictest German privacy-first option in this directory. Where Plausible runs Hetzner Germany with a Slovenian CDN and Fathom multi-regions through AWS EU + US, Input Objects GmbH plants its entire stack on OVHcloud's EU Public Cloud and refuses third-country transfers — which makes it one of the cleanest Schrems II answers you can buy without going self-host.
The cookieless mechanism is also unusually well-documented. Most rivals say "we hash visitors" and stop there. Wide Angle publishes the literal formula: SHA-256(site + IP + User-Agent + Daily-Salt) — and explains that the daily salt lives in transient memory and rotates every 24 hours, which means yesterday's session ID cannot be reconstructed even by them. That kind of transparency is what your DPO actually wants to read.
You also get an external DPO from dpo-consulting.com signing off on the legitimate-interest legal theory, which is rare at the $15/mo entry tier and matters when you have to defend the "no banner" decision to procurement. And the per-plan site allowances are generous: 10 sites on Starter, 20 on Plus, 100 on Advanced — agencies and portfolio operators get more sites for less than per-site rivals.
−Weaknesses & gotchas▾
The team is tiny, the source is closed, and the price floor is high. Input Objects GmbH does not publish a team page, a Crunchbase profile, or any funding announcements — the support page openly admits "you may chat with the CEO, developer, or designer," which is delightful when it works and a bus-factor problem when it doesn't. There is no public status page; outages are documented after the fact on the blog.
The product is closed-source. The github.com/inputobjects organization is empty; only thin SDK wrappers (Nuxt, Vue) are published. If your compliance team requires auditable code, Matomo, Umami, GoatCounter, or Plausible (AGPL) all win here.
There is no free tier — Starter is $15/mo, which is the highest entry price among the major privacy-first names ($9 Plausible, $10 Simple Analytics, free GoatCounter/Umami self-host). Funnel reports, GSC connector, Slack webhooks, public dashboards, email digests, and a published tracker script weight are all either missing or undisclosed. And the canonical sub-processor list is gated behind the DPA — only the marketing-site iubenda policy is public.
★Best for▾
Best for: EU SMBs and agencies with a German/French DPO who must rule out third-country transfers entirely; portfolio operators running 5-50 sites who hate per-site billing; teams that already trust OVH for hosting.
Real value at $40/mo (Plus): 1M events, 20 sites, 24-month retention, 10 users, live chat — this is the sweet spot. Below 50k events/mo Starter is fine, but most operators will outgrow it within a quarter.
Not for: US-only customers (no US hosting); hobbyists wanting a free tier (none); engineering teams that need self-host or open source (closed); marketers needing funnel reports, GSC integration, or Slack alerts (not shipped).
⚡Setup walkthrough▾
Install is a single async-defer tag — there's no SDK to bundle. WordPress, Wix, Squarespace, Webflow, Ghost, Carrd are documented as one-click integrations.
The interesting setup option is the first-party proxy via custom domain — point a subdomain (e.g., analytics.yoursite.com) at Wide Angle's tracker host so the script and beacon hit your origin, which side-steps ad-blockers and content-security-policies.
Per-script tracking flags are configurable inline: data-waa-fingerprint='true' enables canvas-fingerprint mode (off by default), data-waa-cid='...' injects a logged-in customer ID, data-waa-inc-params='id,session' whitelists URL params, data-waa-exc-paths='/wp-admin/*' excludes paths. All of this is server-validated against the per-site config in the dashboard.
↔Migrating from GA4▾
There is no GA4 importer. Migration is re-tagging-only: drop the GA4 tag, drop in the Wide Angle script, restart from zero. There is no historical-data ingest path, which is the same posture as Plausible/Fathom.
The banner-removal lift is meaningful: because Wide Angle ships under legitimate-interest with no PI collection, EU sites can typically retire their analytics-purpose cookie banner entirely (marketing/ad cookies remain a separate question). Belt-and-braces operators may want their counsel to validate the legitimate-interest balancing test, though Wide Angle's blog post makes the standard case publicly.
Custom-event mapping requires planning. GA4 has 1000s of automatic events; Wide Angle ships with pageviews + outbound + downloads + named "Custom Actions." You'll need to inventory which GA4 events you actually use, then wire each one to Wide Angle's waa('track', 'event_name', {...}) call. UTM tracking is automatic.
For agencies migrating multiple sites: the 10-site Starter tier or 20-site Plus tier supports portfolio-style migration without per-site billing — replicate the script across all clients, then audit each dashboard.
Help & FAQ
Where to get help with Wide Angle Analytics and the questions buyers email us about.
Support
HoursAsync (small team — CEO/dev/designer self-described)Europe/Berlin (UTC+1/+2)
ChannelsEmail · Live chat
LanguagesEnglish, German
Response SLA~48h
FAQ (7)
Is Wide Angle Analytics actually banner-free in France/Germany/Italy?▾
Vendor claims EU-wide banner-free deployment under legitimate-interest legal basis with no PI collection by default. They do not name CNIL, TTDSG, or Garante endorsement letters — the legal theory is shared with Plausible/Fathom-style cookieless analytics. External DPO from dpo-consulting.com signs off on the approach.
Where is my data physically stored?▾
OVHcloud Public Cloud, EU-only. Vendor explicitly states all services reside within OVH EU datacenters. No US edge nodes for analytics data.
Is there a free plan?▾
No. Only a 14-day trial. Starter at $15/€10 monthly is the entry tier.
Can I self-host Wide Angle?▾
No. SaaS only — closed-source. The github.com/inputobjects organization page is empty; only thin SDK wrappers (Nuxt, Vue) are public.
What's the cookieless mechanism?▾
Daily-salted SHA-256 hash of (site + IP + User-Agent + Daily-Salt). The daily salt rotates every 24h and never persists, so unique-visitor counting works only inside a 24h window — by design.
Is there a public API?▾
Yes — events ingestion API documented at wideangleanalytics.github.io/wideangle-api. Read-API for pulling reports is implied via the same spec.
How big is the tracker script?▾
Vendor does not publish a KB number. Independent measurement required.
