Cosmic Logo

FAQ

Is the tracker GDPR-compliant?

Yes by default. No cookies, no localStorage, no fingerprinting. The raw IP is dropped server-side after we derive a salted hash; the visitor identifier mixes the day into its hash input, so it resets every day at UTC midnight. No cookie banner is required.

What is bounce rate?

Bounce rate is the percent of sessions where the visitor showed up, viewed a single page, and did nothing else before leaving. Lower is better: a visitor who scrolls to a second page, clicks a tracked button, or fires a custom event is "engaged" and doesn't count as a bounce.

Concretely, a session bounces in Cosmic Insights when all of the following are true:

  • exactly one pageview event in the session,
  • zero non-pageview events (no data-cosmic-event clicks, no window.cosmicInsights(...) calls, no conversions or revenue events).

The number on the Overview tile is bounced_sessions / sessions for the selected date range, and the chart (when you click the tile) plots that ratio per day or per hour. A session that crosses midnight is classified once, in the bucket where its first pageview landed.

We do not currently use session duration in the bounce definition (GA4's stricter "engaged session" model excludes long single-page reads from bounces). That's a future enhancement; for now, a 10-minute read on a single page still counts as a bounce.

Industry rules of thumb: 30-60% is healthy for most marketing sites and blogs; 60-80% is normal for content where the goal is "land, read, leave"; below 30% usually means tracking is double-firing and is worth investigating before celebrating.

Where is the data stored?

In Tinybird (managed ClickHouse), US region in v1. EU residency lands in v2.

Can I block ad-blockers from breaking it?

The tracker is served from insights.cosmicinsights.dev, which may appear on some ad-block lists. v1.5 ships a customer-subdomain proxy (analytics.{your-domain}) that bypasses ad-blockers entirely.

Does it slow my site down?

The tracker is under 4KB gzipped, loads with defer, and posts events with fetch({ keepalive: true }) (falling back to sendBeacon only when the page is being unloaded), so events never block rendering or navigation. No measurable impact on Core Web Vitals.

Does the project id need to be secret?

No. It's the same _id your dashboard URL exposes. Worker validates per-project rate limits, allowed origins, and active billing status, so a leaked id can't cost you money or pollute your data.

Where do I find my project id and bucket id?

In the dashboard:

  • Project ID: open your project and go to Settings, Basic settings. The PROJECT ID is shown under the description with a copy button.
  • Bucket ID: open the bucket and go to Settings, Basic. The BUCKET ID is shown under the bucket title with a copy button.

Both values are also reachable from the dashboard URL. See where to find your IDs for the full walkthrough.

Can I use it with my own backend events?

Server-side log ingestion lands in v2. For v1, fire events from the client; for backend-driven conversions (webhooks from Stripe, etc.), proxy them through your client by triggering a window.cosmicInsights('order_paid', ...) call on the relevant page.

How long is data retained?

Per plan:

  • Free: 30 days
  • Builder: 90 days
  • Team: 365 days
  • Business: 365 days
  • Workspace (Small / Large): 365 days

Multi-year retention with cold storage is on the v3 roadmap.

What if I exceed my event allotment?

You'll see a soft-cap warning in the dashboard at 80% and a hard cap at 200% of your monthly allotment. Between 100% and 200% you're in overage at $10 per additional 1M events. At 200% the ingest gateway starts dropping events until the next billing cycle or a plan upgrade.