Back to Blog
6 min read

Scout: Privacy-First Tracking Infrastructure

privacy first-party data GDPR KVKK server-side tracking privacy by design
TL;DR

Scout combines privacy and performance with its first-party data collection approach, EU-hosted infrastructure, and lightweight <10KB SDK.

Key Takeaways
  • Scout SDK at <10KB gzip is 3-4x lighter than GA+GTM
  • First-party CNAME bypasses ad blockers and ITP
  • Persistent data storage in the EU, Hetzner Germany
  • Analytics mode requires no cookie banner
  • Data ownership: your data in your database, export anytime

Overview

When choosing a tracking infrastructure, privacy and compliance are just as critical as performance and feature lists. iOS 14.5+ restrictions, the spread of ad blockers, and GDPR/KVKK regulations directly impact data collection strategy.

Scout, a lightweight CDP developed by DNOMIA, solves these problems at the architectural level: first-party data collection, EU-hosted infrastructure, cookieless analytics mode, and consent-aware destination management.

For detailed information about Scout’s features and e-commerce integrations, read Scout: Stop E-Commerce Data Loss with Server-Side Tracking.

First-Party Data Collection

Traditional tracking tools (GA, Meta Pixel, GTM) load scripts from third-party domains and send data to their own servers. This creates two fundamental problems:

  1. Ad blockers block third-party requests
  2. ITP (Intelligent Tracking Prevention) limits third-party cookies to 7 days

Scout’s approach is different:

MethodTraditional TrackingScout
Script sourceanalytics.google.com, connect.facebook.netyourdomain.com (CNAME)
Data transmissionTo third-party serversTo your own subdomain
Cookie settingJavaScript (client-side)HTTP header (server-side)
Ad blocker impactBlockedNot blocked
ITP cookie lifetime7 daysUnlimited (first-party)

Scout allows you to connect your own subdomain via CNAME record. All data collection traffic flows through your own domain. From the browser’s perspective, this is a first-party request.

Privacy by Design

Scout treats privacy not as an afterthought feature, but as a principle embedded in its architectural decisions.

Every event is processed according to consent state:

  • analytics: Only anonymous analytics data is collected. No personal data.
  • full: With user consent, personal data (email, phone) is included and can be forwarded to ad platforms.
  • denied/pending: No personal data is collected, only cookieless ping.

Data Deletion

The /v1/forget endpoint allows you to delete all data for a specific user from the system. This satisfies GDPR’s “right to be forgotten” requirement.

Data Minimization

Scout collects only the necessary data based on consent state. In analytics mode, IP addresses are hashed and personal identifiers are not stored.

EU-Hosted Infrastructure

Scout infrastructure is hosted in Hetzner data centers in Falkenstein, Germany.

  • Persistent data (database, file storage) is stored in the EU
  • GDPR Articles 44-49 “adequate protection” requirements are automatically met
  • No issues with KVKK’s restrictions on international data transfers

For comparison: Google Analytics transfers data to the US, Segment transfers data to the US, Stape transfers data to Google Cloud (region selectable but defaults to US).

Lightweight SDK: <10KB

Page speed directly affects both user experience and ad performance. Google uses Core Web Vitals metrics as a ranking factor.

ScriptSize (gzip)
Google Analytics 4~45KB
GTM Container (average)~35-60KB
GA4 + GTM total~80-100KB
Meta Pixel~25KB
Scout SDK<10KB

Scout SDK is 3-4x lighter than the GA4 + GTM combination. Here’s why:

  • A single SDK sends data to all destinations (no separate scripts per platform)
  • Event batching minimizes HTTP requests (3-second window)
  • Aggressive minification with Rollup + Terser
  • Tree-shaking eliminates unused code

Result: Lower LCP (Largest Contentful Paint) and TBT (Total Blocking Time), better Core Web Vitals, lower bounce rate.

GDPR and the ePrivacy Directive require user consent for tracking tools that collect personal data or write information to the device (cookies). This is why every site using GA4 or Meta Pixel must display a cookie banner.

Scout’s analytics mode eliminates this requirement:

  • Works without cookies, writes nothing to the device
  • Anonymous page views and traffic data
  • No personal identifiers stored
  • Compliant with GDPR Article 89 (statistical purposes) exemption
  • Cookie-based tracking with full user identification
  • CAPI data delivery to ad platforms
  • Identity resolution and customer profiles
  • CMP integration (OneTrust, Cookiebot, Iubenda) required

With this two-tier structure: no cookie banner needed for basic analytics, full tracking with user consent for ad optimization.

Data Ownership

With most tracking platforms, your data stays on the platform’s servers. Exporting is limited or costs extra.

Scout is different:

  • Your data in your database: Each store’s event data is stored separately
  • Export anytime: Bulk export via R2 (Cloudflare)
  • No platform lock-in: Your data stays with you even if you leave Scout
  • API access: Programmatic access to all your data

Scout vs Server-Side Tracking Alternatives

FeatureScoutStapeGTM Server-SideElevarTracedock
InfrastructureManaged (SaaS)Managed / self-hostSelf-host (GCP/AWS)ManagedManaged
EU hostingHetzner, GermanyGoogle CloudUser-dependentAWSEU option available
First-party CNAMEYesYesManual setupYesYes
Cookieless analyticsYesNoNoNoNo
Event Merge (client+server)AutomaticNoNoPartialNo
Turkish platform supportShopier, Ticimax, Tsoft, IdeasoftNoNoNoNo
SDK size<10KB gzipGTM-dependentGTM-dependent~30KB~15KB
Consent managementBuilt-inExternal CMPExternal CMPBuilt-inExternal CMP
Data ownershipFull (export + API)LimitedFull (self-host)LimitedLimited

GDPR and KVKK Compliance

Scout is designed to comply with the following regulations:

RegulationScout Implementation
GDPR Article 5 (data minimization)Only necessary data collected based on consent tier
GDPR Article 17 (right to be forgotten)/v1/forget endpoint
GDPR Articles 44-49 (data transfers)Persistent data storage in the EU
GDPR Article 89 (statistical exemption)Cookieless analytics mode
KVKK Article 9 (international transfers)Data in EU, Hetzner Germany
ePrivacy DirectiveNo cookies used in analytics mode

Audit Logs

Via Scout Dashboard:

  • Consent state reports
  • Event-level consent status tracking
  • Destination-level data flow auditing
  • Deletion request logs

Next Step

To try Scout’s privacy-first tracking infrastructure, sign up for free at dnomia.app.

For questions or custom integration needs, contact us.

Frequently Asked Questions

Does Scout require a cookie banner?
No. Scout's analytics mode works without cookies and does not require a cookie banner. User consent is only needed when sending data to ad platforms (CAPI).
Where is my data hosted?
Scout database and persistent storage are hosted in Hetzner data centers in Germany.
Is Scout GDPR and KVKK compliant?
Yes. Scout is designed with consent management, a data deletion endpoint, audit logs, and data minimization principles.
Does Scout SDK slow down my site?
Scout SDK is <10KB (gzip). It is 3-4x lighter than the GA + GTM combination and does not negatively impact Core Web Vitals metrics.
What does first-party data collection mean?
It means collecting data through your own domain (via CNAME) instead of third-party servers. This prevents ad blockers and ITP restrictions from blocking data collection.

Keep Reading