You claim that using your analytics doesn't require user consent:
> "Plausible does not use cookies and does not collect any personal data. This makes us compliant with the different cookie laws and privacy regulations. It means that you are not required to annoy your visitors with a cookie notice if you’re using Plausible analytics." [1]
> "Compliant with privacy regulations: Google Analytics places cookies and collects a lot of data from your visitors. You’re required to have a privacy policy, to show a cookie banner and to obtain consent for GDPR. Plausible Analytics doesn’t use cookies and doesn’t track personal data so you don’t need to annoy your visitors or worry about those prompts." [2]
It would seem you are collecting PII and processing it server side (?), e.g. calculate_fingerprint here [3].
Care to explain how that doesn't require user consent?
Instead of setting a cookie with a unique user ID, we simply count the number of unique IP addresses that accessed your website to determine the visitor count.
To enhance the visitor privacy, we don’t actually store the raw visitor IP address in our database or logs. We run it through a one-way hash function to scramble the raw IP addresses and make them impossible to recover.
To further enhance visitor privacy, we add the website domain to their IP hash. This means that the same user will never have the same IP hash on two different websites. If we didn’t do this, the hash would effectively act like a third-party (cross-domain) cookie.
Network Address Translation allows many unique users to share the same public IP address. For this reason we also add the User-Agent string to the hash, although we don’t store the actual User-Agent string.
> "Plausible does not use cookies and does not collect any personal data. This makes us compliant with the different cookie laws and privacy regulations. It means that you are not required to annoy your visitors with a cookie notice if you’re using Plausible analytics." [1]
> "Compliant with privacy regulations: Google Analytics places cookies and collects a lot of data from your visitors. You’re required to have a privacy policy, to show a cookie banner and to obtain consent for GDPR. Plausible Analytics doesn’t use cookies and doesn’t track personal data so you don’t need to annoy your visitors or worry about those prompts." [2]
It would seem you are collecting PII and processing it server side (?), e.g. calculate_fingerprint here [3].
Care to explain how that doesn't require user consent?
[1] https://plausible.io/data-policy#plausible-is-compliant-with...
[2] https://plausible.io/blog/blog-post-changed-my-startup#new-p...
[3] https://github.com/plausible-insights/plausible/blob/master/...