Blog

QR analytics without creepy tracking

4 min read

Scan analytics have a dirty default: log the raw IP address, the full user agent, and whatever else the request carries, and sort out the ethics later. We built Cue's pipeline the other way around — start from the questions teams actually ask, and store only what answers them.

What we store

  • A salted hash of the visitor fingerprint — enough to count unique scanners, impossible to reverse into an identity.
  • Coarse geography (country and city) derived at the edge; the raw IP is never written to disk.
  • Device class, OS, and browser family parsed from the user agent, then the raw string is discarded.
  • Timestamp and the code or campaign that was scanned.

What that gets you

Everything on the analytics dashboard — scans over time, unique visitors, geo breakdowns, device splits, A/B comparisons — comes from that minimal set. Campaign reports and CSV exports work the same way. There is no per-person profile because there is nothing to build one from.

Why it's also the pragmatic choice

Privacy-preserving analytics aren't just kinder; they're operationally simpler. Data-subject requests are trivial when you hold no subject data. GDPR reviews go faster. And your legal team stops being a bottleneck on every campaign brief. Good defaults compound.