Cookie-free revenue attribution — how it works

Hey PH 👋

We launched EngageTrack today — privacy-first analytics that connects your traffic sources to Stripe revenue in real time.

The question we get most is: how does attribution work without cookies?

Here's the honest answer:

We use session-scoped attribution. When a visitor lands, we capture their traffic source, UTM parameters, and referrer and store them in sessionStorage — not localStorage, not a cookie. That token lives for the duration of the browser session and disappears when the tab closes or the browser restarts.

When a Stripe webhook fires, we match the transaction back to the session that triggered it. No cross-session tracking. No persistent identifiers. No fingerprinting.

What this means in practice:

• A visitor clicks your Google ad → lands on your site → subscribes → EngageTrack attributes that €X to Google Ads. Done.

• A visitor comes back three days later in a new session → it's a new attribution window. We don't follow them across sessions.

It's a deliberate trade-off. You lose some multi-touch visibility, but you gain GDPR compliance by default, no consent banner, and a model that EU DPAs don't have a problem with.

What we're shipping next: Paddle and LemonSqueezy webhooks are already built — going live this week. WooCommerce is next. Multi-touch attribution is on the roadmap but won't ship until we're confident the model is privacy-safe.

Happy to answer questions about the technical implementation, the privacy model, or anything else. What would you want to see in v0.2?

engagetrack.net — 14-day free trial, no credit card.