Think about the last time you visited a website for the first time. You probably dismissed a cookie banner within half a second — or clicked “Accept All” just to make it go away. That banner exists because somewhere, a company decided that tracking you across the web was worth the friction it created for you.
That trade-off was never yours to make. It was made for you.
When I built Witnes, I kept thinking about that. Not as a compliance exercise — but as a basic question: does this thing actually respect the people using the products it runs on?
We built a monitoring tool, not a surveillance tool
Most analytics products were designed in an era when the business model was advertising. Collect everything. Build profiles. Monetize the aggregate. It worked well enough that it became the default. The side effect was an internet that felt increasingly like it was watching you.
Witnes has a different job. We exist to help developers fix performance problems — slow pages, janky interactions, real-user bottlenecks that only show up in production. That’s it. We don’t need to know who your users are. We don’t need to follow them from session to session. We don’t need any of that to do our job well.
So we didn’t build it.
Your users are not data points
When someone visits your app, Witnes sees a performance fingerprint — how fast things loaded, whether the page was smooth, what device they were on. It does not see their name, their email, what they typed, or what they were looking for.
If you want to associate performance data with a specific user for debugging purposes, you call window.Witnes.identify() with an opaque ID — a hashed value, a session token, whatever you control. We receive that token. We never receive the person behind it.
If you never call identify() at all, sessions are anonymous by default. Either way, there’s nothing in our system that could tell you who visited your site. That’s not a limitation — it’s the point.
No cookies. Really.
We don’t use cookies. Not session cookies, not persistent ones, not the kind that follow people around the web.
The only thing Witnes stores in the browser is the original landing source — the URL that brought someone to your site — and it lives in sessionStorage. The moment a user closes the tab, the browser wipes it automatically. It’s gone. It never existed beyond that single session.
This isn’t a technicality. It means your users don’t need to see a consent banner for Witnes. There’s nothing to consent to.
The script doesn’t speak back
Here’s something worth understanding about third-party scripts in general: most of them are bidirectional. They send data to a server, but they can also receive instructions from it. That means if something goes wrong — a compromised CDN, a supply-chain incident — a script that was quietly observing your page could suddenly be doing something else entirely.
Witnes was designed to only go one direction. It observes, it collects, it sends. Our server never sends commands back. There’s no remote configuration, no dynamic code execution, no mechanism to do anything to a user’s browser except listen.
It sounds like a small thing. It’s not. It’s the difference between a one-way mirror and a two-way door.
Why this actually matters
The people using your product didn’t ask to be tracked. They just wanted to use your product. When you install a monitoring tool that respects them — one that collects only what it needs, keeps nothing it doesn’t, and never follows them past the session — you’re making a quiet promise on their behalf.
We think that promise is worth keeping.
Witnes is funded by the teams that use it. Not by data brokers, not by advertisers, not by investors who need us to find new ways to monetise your users. Just subscriptions, from teams who want their products to be fast.
That’s a business model we can build something honest around.
One more concrete thing: all Witnes data is stored and processed on servers in the EU. Not because a lawyer told us to, but because if you’re building a product for European users, you shouldn’t have to wonder where their data ends up.
If you want to go deeper on the technical specifics — data retention, infrastructure, what exactly gets stored — the Trust & Security page has all of it. If you’re ready to try Witnes, the integration guide takes about five minutes.