The tracking script

One small script, dropped in your page’s <head>. No cookies, no configuration, ~2 KB gzipped. Here’s exactly what it does and what it records.

Coming from another tool? See how Bearing compares to Plausible, and import your history so you don’t start from zero.

Install

Add a site in your dashboard, then paste this into the <head> of every page (swap in your domain):

<script defer data-domain="yourdomain.com" src="https://bearing.sidecar.services/js/script.js"></script>

That’s the whole setup. The script figures out where to send data from its own src, so there’s nothing else to wire up. See it working on the demo dashboard.

Wix & Squarespace

No-code site builders don’t let you edit the raw HTML, but both have a place to paste a header snippet. Use the exact snippet from your site’s settings page (it has your domain baked in).

Squarespace (Business plan or higher):

  • Settings → Advanced → Code Injection.
  • Paste the snippet into the Header box and save. It now loads on every page.

Wix (paid plan with a connected domain):

  • Settings → Custom Code (under Advanced) → + Add Custom Code.
  • Paste the snippet, set Add Code to Pages to All pages and Place Code in to Head, then apply.

Either way, publish the site, then load it in a normal browser (not the editor preview), and your visit should appear on the dashboard within a few seconds.

How it works

  • No cookies, no local storagefor tracking, so nothing is written to the visitor’s browser, so no consent banner.
  • SPA-aware: it patches the History API, so client-side route changes count as pageviews automatically.
  • Privacy at the edge: your server parses the user agent, derives approximate location (country, region, city) from network headers, and identifies a visitor as a one-way hash of a daily-rotatingsalt + domain + IP + user agent. The IP is used only to geolocate and to compute the hash, never stored, and the hash can’t follow a visitor across days or sites.
  • Localhost is ignoredby default, so your own dev traffic doesn’t pollute the numbers.

What it captures

Pageviews, automatically, and with each one: the page path, the referrer and a friendly source name, approximate location (country, region, city), browser, operating system, device type, UTM campaign parameters, and screen width.

Engagement & conversions, automatically, with no tagging required:

  • Outbound link clicks: which external links visitors follow, and the link text.
  • File downloads: clicks on PDFs, docs, zips, media, etc.
  • Form submissions: including the call-to-action (the button that submitted the form).
  • Calls, texts & emails: clicks on tel:, sms:, and mailto: links, which for many local businesses are the real conversion. The button label is recorded; the number and address are not.
  • Button & link clicks: every <button>, role="button" element, and in-site <a> link click, labelled by its text, or aria-label/title for icon buttons. In-site links also record their destination path. Add data-bearing-cta="…" to set the label yourself. Submit buttons are counted once, as the form submission above; links that leave your site or download a file are counted as those events instead.
  • Engagement: time on page and scroll depth, one reading per pageview.
  • Time to action: how long a visitor was on the site before a conversion, computed server-side (no browser storage).

Custom events

Track anything else, like a signup or an add-to-cart, by calling window.bearing with an event name and optional properties:

window.bearing("Signup", { props: { plan: "growth" } })

Custom events count toward your plan’s monthly events, the same as pageviews and conversions. The one exception is the passive engagement beacon (time on page and scroll depth). That’s an internal measurement, so it never counts against your quota.

The Heading

Capturing the data is half of it. The Heading is the brief at the top of your dashboard: the analysis a growth consultant would write, researched and written by AI from your own numbers. Tell it what the site is for and it frames the whole read around that: it reads your live analytics (including how people actually behave, not just whether they bounced), searches the web to understand your business and market, reviews your real pages (even on mobile), and writes a brief the way a consultant would: a one-line verdict, then where you stand across four dimensions (acquisition, conversion, web performance, and SEO), each with the number that frames it and what to do about it, plus the on-page problems it found and the prioritised moves, each tied to a measured number or a source it checked.

The numbers stay deterministic: the AI is handed your measured analytics and isn’t allowed to invent a statistic, so every figure traces to a real measurement, and every brief lists the exact searches and pages it used, so you can see where each point comes from. It refreshes on a schedule (weekly on Starter, every couple of days on Growth) or on demand, and is on the Starter and Growth plans. The guide walks through how to act on it.

Configuration

Set these as attributes on the script tag:

AttributeEffect
data-domainRequired. The site domain you added in Bearing.
data-excludeComma-separated path prefixes to never track, e.g. "/admin,/account".
data-track-localhostPresent → also track localhost / 127.0.0.1 (off by default).
data-apiOverride the ingestion endpoint (defaults to the script's own origin).
data-bearing-ctaOn a button/link → use this text as the CTA label instead of its content.

A visitor can opt out of tracking entirely by setting localStorage.bearing_ignore = "true" in their own browser. Site owners can exclude their own devices with one click from Settings → Exclude your own visits, or by visiting any page with ?bearing_ignore=true (and ?bearing_ignore=false to undo).

Privacy

Bearing is built to be GDPR-, ePrivacy-, PECR-, and CCPA-friendly without a cookie banner: no cookies, no cross-site tracking, and no IP storage. Location is approximate (country, region, city), derived from the IP at the edge and never stored, and visitors are counted with an anonymous hash that resets daily, so nothing identifies a visitor personally. As a safeguard, captured labels are scrubbed of obvious personal data: email addresses and long number sequences (phone, account, or order numbers) are redacted in the browser, before anything is sent. Full detail is in the privacy policy.