► Feature
Track AI bots, not your visitors
Crawlytics is built around a simple principle: we capture the minimum data needed to identify AI bots, and nothing more. No IPs are ever stored. No cookies are dropped. Authentication uses bcrypt password hashing, every request is encrypted in transit, and each site gets its own revocable tracking ID.
On a tracked request, Crawlytics writes one of three things to its aggregate table: (1) the bot name + company if the User-Agent matches a known LLM crawler, (2) the AI assistant + path if the Referer matches ChatGPT / Perplexity / Claude / Gemini / Copilot, or (3) nothing identifying about the visitor — just a request count on the day-level page-hit table. IP addresses, cookies, session IDs, and user identifiers are never retained.
Dashboard accounts use NextAuth with the Credentials provider. Passwords are hashed with bcrypt at cost factor 12 before being written to the database. Login session tokens are JWT-signed with a server-side secret. Each ingest endpoint is keyed to a specific site via its tracking ID — leaking one ID only exposes that one site, and you can rotate it from the Setup page in seconds.
Aggregate data lives in your account until you delete the site (which cascades-deletes all its rows). You own the workspace; we have no policy of selling or sharing data with anyone. There are no third-party SDKs embedded in the dashboard or the installer snippets.
// the trust layer
FAQ
No. Crawlytics doesn't set cookies, doesn't fingerprint visitors, and doesn't store IPs. The data we capture is bot identification and AI-assistant referrals — neither qualifies as personal data under GDPR or CCPA.
Crawlytics doesn't collect personal data, so most GDPR obligations don't apply by design. The few pieces of data we do hold (your account email, your site URLs, aggregated bot counts) can be exported or deleted on request — contact support if you need that done.
A leaked tracking ID lets a third party submit fake events for that one site — annoying but bounded. Open the Setup page for the affected site and click Regenerate. The old ID stops working immediately and your installer snippets can be updated with the new one.
Per-site delete is one click in the dashboard. Bulk export of the underlying aggregate tables will be available once the JSON/CSV export endpoint ships (planned).
This page is part of Crawlytics.app. View all pages: llms.txt · llms-full.txt