MuroDocs

Privacy

What Muro collects, how visitor identity works, and why you don't need a cookie banner.

Muro is built to track useful behavior without tracking people. There are no cookies, no cross-site identifiers, and no personal data in our database. This page explains what we actually capture and why it's safe to use without a consent banner for most operators.

What we collect on every event

Each event sent by muro.js contains exactly these fields:

  • A project ID. Identifies which site the event belongs to. Public.
  • An event ID. A random UUID generated in the browser. Used to deduplicate retries.
  • An event type. Either pageview, conversion, or custom.
  • The URL path. /pricing?ref=ph. The origin is stripped before the event leaves the browser.
  • The referrer hostname. reddit.com, not the full referring URL. Stripped to the domain on the client.
  • UTM parameters if they exist in the URL.
  • Visitor ID. A 64-character hash. See below for how this is generated.
  • Session ID. A random UUID for the current browser tab session.
  • Device type, browser, and OS. Derived from navigator.userAgent and screen.width on the client.
  • A timestamp. When the event happened.
  • Custom props. Only present on events you fire with window.muro.track().

When the event reaches Muro's servers, we add one more thing:

  • Country, region, and city. Resolved from the request IP by Cloudflare at the network edge. The IP itself is never stored.

That's the entire dataset. No name, no email, no IP, no fingerprint stored, no cross-site identifier.

How visitor identity works

This is the part most analytics tools handle badly. Here's how Muro does it.

When a visitor lands on your site, muro.js computes a SHA-256 hash of:

user_agent | screen_width | screen_height | language | timezone | daily_salt

The result is a 64-character hex string. That's the visitor ID for the rest of the day.

Two important details:

  • The daily_salt rotates every 24 hours. It's stored in the visitor's own localStorage, never sent to Muro. When the salt changes, the visitor ID changes. The same visitor returning tomorrow looks like a new visitor.
  • The hash is computed entirely in the browser. Muro never sees the raw user agent, screen size, or language. We see only the final hash.

This means:

  • You can't reverse-engineer who a visitor is from their visitor ID. There's no PII in the hash.
  • Two visitors with identical devices, browsers, languages, and timezones (and the same daily salt, on the same site) will hash to the same ID. This collision is intentional and very rare in practice.
  • Returning visitors look "unique" again every day. We don't track long-term identity. This is a feature, not a bug, given the privacy goal.

Cookies

Muro does not use cookies. We never set Set-Cookie, never read a cookie, and never store anything that could be classified as a cookie under GDPR or ePrivacy.

The script uses two browser storage keys, both first-party and both client-side:

  • muro_s in localStorage. The 24-hour visitor salt described above. Never transmitted.
  • muro_i and muro_t in sessionStorage. The session ID and timestamp, used to detect when a new session starts. Cleared when the tab closes.

Neither is a cookie. Neither is shared with any third party. Neither identifies a person.

This isn't legal advice. Talk to your lawyer about your specific situation. That said:

The reason most analytics tools require a consent banner is that they use cookies, fingerprint visitors, or share data with advertising networks. Muro does none of those things. The data we collect is anonymous, scoped to your site, and not used for any purpose other than analytics for you.

In practice, most operators using Muro alone don't show a cookie banner. If you also run Google Analytics, Meta Pixel, or anything else that does require consent, then yes, you'd show a banner for those, but Muro doesn't add to that requirement.

GDPR, CCPA, and other regulations

Muro is designed to be compliant by default for the common privacy regulations:

  • GDPR (EU). No personal data is collected. No cross-site profiling. No transfer of PII.
  • CCPA / CPRA (California). No sale of personal data. No personal data to sell.
  • PECR (UK). No tracking cookies, no cookie consent needed for Muro alone.
  • LGPD (Brazil). No personal data. No data transfer outside what's required to render the dashboard.

Visitor IPs are processed (briefly) at the edge to resolve country, region, and city, then discarded. Resolved geographic data is stored at the country, region, and city level only.

What we don't do

Worth saying clearly:

  • We don't fingerprint visitors beyond the daily-rotating hash.
  • We don't sell or share data with anyone.
  • We don't run ad networks, retargeting, or attribution against this data.
  • We don't track visitors across different sites.
  • We don't have a "data export to ad partners" feature.

The data belongs to you. It only ever helps you understand your own site.

What's next

Settings

Troubleshooting

Settings

Everything you can change about a project, your account, and what Muro emails you.

Troubleshooting

Common reasons Muro looks broken, and how to fix each one in under a minute.

On this page

What we collect on every eventHow visitor identity worksCookiesDo I need a consent banner?GDPR, CCPA, and other regulationsWhat we don't doWhat's next