Self-hosted web analytics. Privacy-focused. Single binary.
curl -sSL https://raw.githubusercontent.com/ibero-data/yaat/main/install.sh | bashOr with systemd service (Linux):
curl -sSL https://raw.githubusercontent.com/ibero-data/yaat/main/install.sh | bash -s -- --with-systemd- Single Binary - Go backend with embedded UI, no external dependencies
- SQLite Storage - WAL mode for fast, reliable analytics storage
- Privacy-First - Server-side session computation, no third-party cookies
- Multi-Domain - Track multiple websites from one installation
- Real-Time Analytics - Pageviews, visitors, referrers, and more
- Bot Detection - Identify and filter automated traffic
- Core Web Vitals - LCP, FCP, CLS, INP, TTFB metrics (Pro)
- Error Tracking - Capture JavaScript errors with deduplication (Pro)
- Ad Fraud Detection - Detect suspicious traffic patterns (Pro)
- Dark Mode - Beautiful UI that respects your system preference
# Download the binary (or use the install script above)
# Then run:
./yaat serve
# Open http://localhost:3456
# Complete the setup wizard to create your admin account# Stop and disable the service
sudo systemctl stop yaat
sudo systemctl disable yaat
# Remove service file
sudo rm /etc/systemd/system/yaat.service
sudo systemctl daemon-reload
# Remove binary
sudo rm /usr/local/bin/yaat
# Remove data (WARNING: deletes all analytics data!)
sudo rm -rf /var/lib/yaat
# Remove yaat user (optional)
sudo userdel yaat# Just remove the binary and data
rm ./bin/yaat
rm -rf ./dataRequires Go 1.22+ and Bun.
git clone https://github.com/ibero-data/yaat.git
cd yaat
make all
./bin/yaat serveCopy the example config:
sudo cp nginx.conf.example /etc/nginx/sites-available/yaat
sudo ln -s /etc/nginx/sites-available/yaat /etc/nginx/sites-enabled/
# Edit the file and replace 'your-domain.com' with your domain
sudo nano /etc/nginx/sites-available/yaat
sudo nginx -t && sudo systemctl reload nginx
# Add HTTPS with Let's Encrypt
sudo certbot --nginx -d your-domain.comEnvironment variables (or .env file):
| Variable | Default | Description |
|---|---|---|
YAAT_PORT |
3456 |
HTTP server port |
YAAT_DATA_DIR |
./data |
Database storage directory |
YAAT_JWT_SECRET |
(random) | JWT signing secret (auto-generated if not set) |
YAAT_SECURE_COOKIES |
false |
Set to true only if running HTTPS directly (not behind proxy) |
- Log in to YAAT
- Go to Settings > Domains
- Click Add Domain and enter your site name and domain
Add this snippet to your website's <head>:
<script defer src="https://your-yaat-instance.com/s.js"></script>The tracker automatically collects:
- Pageviews with SPA navigation support
- Unique visitors (fingerprint-based, no cookies)
- Referrer information
- Core Web Vitals (LCP, FCP, CLS, INP, TTFB)
- JavaScript errors
- Scroll depth (25%, 50%, 75%, 100%)
- Outbound link clicks
- Engagement time
- Bot detection signals
- Do-Not-Track: Honors the browser's DNT setting by default
- No Cookies: Uses server-side fingerprinting, no client-side storage
- Data Ownership: All data stays on your server
- GDPR Friendly: No personal data collection
| Feature | Community | Pro | Enterprise |
|---|---|---|---|
| Core Analytics | ✓ | ✓ | ✓ |
| Unlimited Domains | ✓ | ✓ | ✓ |
| Bot Analysis | ✓ | ✓ | ✓ |
| Core Web Vitals | - | ✓ | ✓ |
| Error Tracking | - | ✓ | ✓ |
| Data Export | - | ✓ | ✓ |
| Ad Fraud Detection | - | - | ✓ |
| Multi-User | - | - | ✓ |
| Priority Support | - | - | ✓ |
| Price | Free | €99/year | €299/year |
All API endpoints (except /api/auth/setup and /api/auth/login) require authentication via HTTP-only cookie.
POST /api/auth/setup - Initial admin account creation (first run only)
POST /api/auth/login - Login with email/password
POST /api/auth/logout - Clear session
GET /api/auth/me - Get current user info
POST /api/auth/password - Change password
GET /api/domains - List all registered domains
POST /api/domains - Add a new domain
DELETE /api/domains/{id} - Remove a domain
GET /api/domains/{id}/snippet - Get tracking snippet for a domain
GET /api/stats/overview - Summary stats
GET /api/stats/timeseries - Pageviews over time
GET /api/stats/pages - Top pages
GET /api/stats/referrers - Top referrers
GET /api/stats/devices - Device breakdown
GET /api/stats/geo - Geographic breakdown
GET /api/stats/vitals - Core Web Vitals (Pro)
GET /api/stats/errors - JavaScript errors (Pro)
GET /api/stats/bots - Bot traffic breakdown
GET /api/stats/fraud - Fraud analysis (Enterprise)
Query parameters: ?from=2024-01-01&to=2024-01-31&domain=example.com
POST /i - Receive tracking events (NDJSON format)
GET /s.js - Serve tracker script
# Start development server with hot reload
make dev
# Run tests
make test
# Build for all platforms
make release
# Clean build artifacts
make cleanyaat/
├── cmd/yaat/ # CLI entry point
├── internal/
│ ├── api/ # HTTP handlers and router
│ ├── auth/ # JWT authentication
│ ├── database/ # SQLite with migrations
│ ├── enrichment/ # GeoIP, bot detection
│ └── licensing/ # License verification
├── ui/ # React frontend (Vite + shadcn)
│ ├── src/
│ │ ├── components/
│ │ ├── hooks/
│ │ └── pages/
│ └── dist/ # Built UI (embedded in binary)
└── data/ # SQLite database (created at runtime)
- Fork the repository
- Create a feature branch
- Make your changes
- Run
make test - Submit a pull request
YAAT is licensed under the GNU General Public License v3.0.
You are free to use, modify, and distribute this software under the terms of the GPL-3.0 license. If you distribute modified versions, you must also make the source code available under the same license.
- Issues: github.com/ibero-data/yaat/issues
- Website: ibero.dev/yaat
Built with Go and React. Privacy-focused analytics for everyone.