Fyka WatchSign in

Heads up — this is a hobby project.

Fyka Watch is built and run by one person on the side. There are no uptime guarantees, no support contracts, and no SLA. Use it for fun personal sites; don't rely on it for anything where data loss or downtime would actually hurt.

Privacy

Last updated: May 2026

The short version

Fyka Watch is a privacy-friendly analytics tool. It does not use cookies, does not store IP addresses, does not build cross-site profiles, and does not sell anything to anyone. If you embed the tracking script on your site, your visitors stay anonymous.

What we collect from your site's visitors

When the tracking script loads on a page, we record:

  • The page path that was visited (e.g. /about)
  • The referring URL, if any
  • Country, derived from IP at request time
  • Device type, browser, and operating system, derived from the User-Agent
  • A short-lived anonymous visitor ID, computed as a hash of (site + IP + User-Agent + a daily-rotating salt)

The IP address itself is not stored. It's used only to derive the country and the rotating visitor hash, then discarded. The hash rotates every day, so there is no way to follow a visitor across days, let alone across sites.

No cookies are set on your visitors' browsers by the tracker. No banners are required.

What we collect from you (the dashboard user)

  • The email address you sign in with (via magic link or Google).
  • An optional display name you set in Settings (purely cosmetic — shown in the top-right of the app).
  • The names, domains, and tracking IDs of sites you create.
  • Standard auth session cookies, set by Supabase, on this dashboard only.

Where data lives

Everything is stored in a Supabase (Postgres) project. The dashboard is hosted on Vercel. Both are third-party services and have their own privacy practices.

Postgres row-level security restricts every query to its owner — another signed-in user cannot read your sites or your events.

Deleting your data

You can delete a site from the dashboard at any time, which cascades and deletes all events for that site. To delete your account entirely, sign in, open the user menu in the top-right, go to Settings → Danger zone, and pick Delete account— your auth row, all your sites, and every event we've recorded for them are removed in one go. There's no soft-delete or grace period, and no way to recover the data afterwards.

No guarantees

Again — this is a side project. Backups are best-effort. The service may go offline, change unexpectedly, or shut down. If that happens you'll get reasonable notice via email when practical, but you are responsible for keeping copies of anything that matters to you.

Contact

Questions or feedback: drop me a line at davidboissevain@proton.me.