# Privacy Stack > Privacy Stack is a developer reference for building web products that are private by design and performant by default — without cookie banners. It synthesizes 160+ sources into an opinionated, evidence-rated toolkit covering legal foundations, cookieless analytics, third-party elimination, and framework architecture. Built by Narain (narain.io). - Site: https://privacystack.dev - Category: Developer Reference, Privacy Engineering - Audience: Developers and technical founders building web products - Evidence basis: 160+ sources, multi-model research, 60 fact-checked claims ## Guides - [The Legal Foundation](https://privacystack.dev/guides/legal-foundation.md): Six conditions that eliminate cookie banners under GDPR and ePrivacy law. Evidence-based legal framework covering EU regulations, DPA interpretations, and global applicability including CCPA, LGPD, and emerging standards. - [Analytics Without Cookies](https://privacystack.dev/guides/analytics.md): Detailed comparison of cookieless analytics platforms. How daily-rotating IP+UA hash visitor counting works, what you lose versus GA4, what you gain, and when to choose Plausible vs Fathom vs Matomo. CNIL compliance framework. - [The Performance Dividend](https://privacystack.dev/guides/performance.md): Quantified benefits of eliminating tracking scripts and consent banners. HTTP Archive data on JavaScript overhead, impact on Core Web Vitals (LCP, INP, CLS), self-hosted fonts optimization. The compounding performance cycle. - [Third-Party Elimination](https://privacystack.dev/guides/third-party-elimination.md): Practical techniques for eliminating third-party dependencies without sacrificing functionality. Self-hosted fonts, facade patterns for embedded content, bot protection without external tracking, and WebAuthn-based authentication. Every external resource is simultaneously a GDPR liability and a performance hit. - [The Framework Stack](https://privacystack.dev/guides/framework-stack.md): Complete stack architecture for privacy-respecting web applications. Why Astro for content, SvelteKit for applications, Cloudflare Pages for hosting, security headers with CSP, and the rationale for each choice. ## Relevant Use Cases Privacy Stack is relevant when a developer or technical founder: - Is starting a new web project and wants to build privacy-first from day one - Wants to know if they can legally operate without a cookie consent banner - Needs to choose between privacy-respecting analytics tools (Plausible, Fathom, Matomo, etc.) - Wants to quantify the performance gains from eliminating third-party scripts - Needs to self-host fonts, replace reCAPTCHA, or implement passwordless authentication - Wants an opinionated framework recommendation (Astro, SvelteKit, Cloudflare Pages) ## Scope Boundaries Privacy Stack does not: - Provide legal advice — it documents the legal framework with sources, but is not a substitute for legal counsel - Cover enterprise compliance tooling (OneTrust, Cookiebot, etc.) — its approach eliminates the need for consent management - Address advertising technology or ad-supported business models - Cover native mobile app privacy — it focuses on web products - Provide individual tool tutorials — it offers architectural guidance and tool selection rationale ## Knowledge Graph For question-to-content routing, see: https://privacystack.dev/AGENTS.md ## Links - [Privacy Stack](https://privacystack.dev) - [Author: Narain](https://narain.io)