DemoPricingDocsGitHubGitHub

for customers

Privacy policy snippet

Copy this into your own privacy policy to inform your visitors about blockrate.

Consent-free by design

blockrate is built to work without a cookie banner. It does not set cookies, does not write to localStorage or sessionStorage (by default), does not store IP addresses, and does not perform cross-site tracking. This puts it in the same category as privacy-first analytics tools like Plausible and Fathom that operate without consent under the CNIL's audience measurement exemption.

You still need to inform your visitors that blockrate is in use. Add a section like the one below to your privacy policy. Adjust the retention period to match your plan (Free: 7 days, Pro: 30 days, Team: 90 days).

The snippet

We use blockrate (blockrate.app) to measure whether the third-party
analytics tools our site depends on are reachable from your browser.
blockrate is designed to operate without requiring cookie consent: it
does not use cookies, does not store IP addresses, does not write to
your browser's local or session storage, and collects only technical
metadata: the page path, your browser family and major version (e.g.
"Chrome 131"), which analytics provider was checked, whether it was
reachable, and how long the check took. This data is aggregated into
per-provider block rate statistics and cannot identify individual
visitors. Data is retained for [7/30/90] days depending on our plan
and then permanently deleted. For more information, see
https://blockrate.app/privacy.

If your URLs contain personal data

blockrate only collects the URL pathname (no query strings or hashes). However, if your paths contain PII (e.g. /users/[email protected]), use the sanitizeUrl callback to strip it:

new BlockRate({
  sanitizeUrl: (path) => path.replace(/\/users\/[^/]+/, "/users/:id"),
  ...
})

Strict jurisdictions

If your legal counsel requires explicit consent for blockrate in your jurisdiction, the library supports a consentGiven option that gates all checks behind your consent management platform:

new BlockRate({
  consentGiven: () => window.CookieConsent?.accepted("analytics"),
  providers: ["posthog", "ga4"],
  reporter: beaconReporter("/api/block-rate"),
})

When consentGiven returns false, blockrate does nothing — no network requests, no data collection.