@jtr thanks for waiting for my reply to this, and I want to blog about it soon.
Tinylytics doesn’t see or store IP addresses, in fact the IP address is stripped away before it comes inbound. This is provided by Cloudflare. On top of this, they give me which country the request was from.
Next up, tinylytics takes only the user agent string and processes this data for the page “hit”. That’s the data the browser gives when requesting data. That means it can work out what browser and device it was from. So it’s then easy to say this was “desktop” and made in “Safari”. There is no user identifying data stored here at all. For now, I will store the user string for 14 days just to make sure it has everything during development. The user agent string will then automatically be deleted in the background if older than 7 days. 7 days gives me enough time to check it’s not being abused (as I could get thousands of the same requests from the same browser at the same time).
And that’s really it.