Building a GDPR-Friendly Analytics Package: The Tech Behind Findle

22 Sep 2025 | Ayoub EZZINI

Laravel's ecosystem is packed with analytics solutions, but most either store too much personal data or fail to filter out bot traffic effectively. That's why we built Findle - a page view tracking package that respects privacy while delivering accurate data.

Dual Tracking Methods

Findle offers two tracking approaches depending on your needs:

Server-side middleware tracking runs automatically on every GET request. It's simple and works immediately after installation, but catches all traffic including bots.

Client-side JavaScript tracking is more sophisticated. It generates temporary tokens, validates them server-side, and only tracks genuine user interactions. The JavaScript runs after DOM load with bot detection built-in:

'tracking_method' => env('FINDLE_TRACKING_METHOD', 'middleware'),

Both methods normalize URLs consistently and handle query parameters intelligently.

Advanced Bot Detection

The middleware includes comprehensive bot filtering with multiple layers:

  1. User agent patterns: Matches against 80+ bot signatures including search engines, social crawlers, and security scanners
  2. Header analysis: Flags requests missing standard browser headers or containing bot-specific headers
  3. Behavioral patterns: Detects automated request patterns like missing referrers on deep URLs
  4. Rate limiting: Per-IP request limits prevent spam and automated scraping

The detection covers everything from Googlebot to academic crawlers to security scanners. We even catch fake user agents that are too short, too long, or follow suspicious patterns.

Privacy-First Architecture

GDPR compliance is built into the core design:

  1. No IP storage: We generate SHA-256 hashes using IP + User Agent + App Key
  2. No personal data: Visitor identification is cryptographic, not biographical
  3. Configurable retention: Set data expiration or keep forever
  4. Minimal data: Only URL, visitor hash, and basic request metadata
protected function generateVisitorHash(Request $request): string
{
$ip = $request->ip();
$userAgent = $request->userAgent() ?? '';
$salt = config('app.key');
return hash('sha256', $ip . $userAgent . $salt);
}

Performance Optimizations

The package includes several performance features:

  1. Upsert strategy: Updates visit counts on existing records instead of creating duplicates
  2. Rate limiting: Prevents duplicate tracking within 10-second windows
  3. Query optimization: Uses raw SQL for statistics aggregation
  4. Efficient indexing: Database indexes on URL and visitor hash columns

API-First Statistics

The statistics dashboard is built as an API first with Blade views on top. This makes it easy to embed analytics in admin panels or build custom dashboards:

GET /admin/statistics?embedded=1&content_only=1
GET /admin/statistics?headless=1

The controller methods return JSON when requested, making integration straightforward. The headless mode strips away the container styling, perfect for embedding in existing admin interfaces without layout conflicts.

Real-World Usage

We've kept the configuration minimal but flexible. Most users can install and run with zero configuration:

composer require dennenboom/findle
php artisan migrate

For custom setups, everything is configurable - from excluded routes to authorization logic to CDN assets.

The result is a analytics package that gives you clean data without privacy concerns or bot pollution. Sometimes the best solution is the one that just works.

Check out the full package and documentation on GitHub: github.com/ben-dennenboom/Findle

Ayoub EZZINI

Ayoub EZZINI

I'm a Software Engineer!