Zero cookies, zero tracking: how FAQlue handles visitor data

Every widget you add to your site comes with baggage. A live chat adds cookies. A feedback tool tracks sessions. A helpdesk widget fingerprints browsers. Before you know it, you need a consent banner, a cookie policy update, and a conversation with your DPO.

We built FAQlue differently.

What FAQlue collects

Three things. All anonymous. None tied to individual visitors.

Question clicks. When a visitor opens a FAQ question, we record which question was clicked and when. This is how smart ordering works: popular questions rise to the top automatically.

Search queries. When a visitor types in the search bar, we store the query text. This tells you what people are looking for, including things your FAQ doesn't cover yet.

Suggested questions. When a visitor searches for something that isn't there, they can press Enter to submit it as a suggestion. You get notified via email or Slack so you can add it to your FAQ.

That's it. Three data points, all anonymous, all useful.

What FAQlue does not collect

This is the longer list.

• No cookies. The widget sets zero cookies on visitor browsers. None. Not even a session cookie.
• No IP addresses. Not logged, not stored, not forwarded to any third party.
• No session IDs. There is no concept of a "visitor session" in FAQlue.
• No device fingerprints. No canvas fingerprinting, no font detection, no browser profiling.
• No personal data. No names, no email addresses, no identifiers of any kind from your visitors.
• No cross-site tracking. No third-party pixels, no ad network scripts, no data brokers.

Because we don't collect personal data from visitors, the FAQlue widget does not require a cookie consent banner on your site.

Why this matters

If you work in healthcare, finance, legal, or government, you know the drill. Every tool needs a vendor assessment. Every cookie needs documentation. Every piece of personal data needs a legal basis.

FAQlue skips all of that. There is no personal data to assess. There are no cookies to document. The GDPR question is simple: we don't process visitor personal data, so no DPA is needed for the widget.

For companies pursuing ISO 27001 or NEN 7510 (the Dutch healthcare information security standard), data minimization is a core principle. FAQlue follows it by default: we collect only what is needed to make the FAQ better, and nothing else.

How we protect it

The data we do collect is stored on Supabase (PostgreSQL) with row-level security on every table. All data is encrypted at rest with AES-256 and in transit over TLS 1.3.

The widget itself runs inside a Shadow DOM, completely isolated from your site's CSS and JavaScript. It communicates with our API over HTTPS. No data touches your server.

Payments go through Stripe. We never see or store card details. Hosting is on Vercel with HSTS, strict CSP headers, and X-Frame-Options: DENY.

The bottom line

Most FAQ tools make you choose between functionality and privacy. FAQlue gives you smart ordering, search analytics, and visitor suggestions without collecting a single piece of personal data.

No cookies. No consent banners. No compliance headaches.

Just a FAQ that gets better over time.