Cool product, I think I've seen it pop up on HN before. How do you balance user privacy while collecting data on usage? Do you have your own privacy-friendly event tracking system, maybe something self hosted?

Are you referring to the analytics tracking (a la Google Analytics) or enforcing limits on user activity?

For a GA alternative there are many and what you should look for is an analytics provider (if you don't want to self host) that rotates salts. Basically user ip hashed with a random salt that changes every 24 hours is good enough to protect user privacy while allowing you to not count every page view as a unique session.

Of course everyone is counted as a new visitor after 24 hours.

On the rate limiting side, great question. I'm currently writing a series of blog posts around creating your own privacy friendly products (Part 1 is targeted at apps, part 2 will be SaaS) where I'll cover this in detail.

Here's a few key takeaways, if you can provide something without collecting any user data, do it. However for anything involving payment you need to at least know the users email (leaving aside cryptocurrency, I'm a big fan but it's difficult to accept as a bootstrapped business). Additionally rate limiting based on usage (which you therefore need to track) is kind of a given. The best we can do here is make sure user data is encrypted.

Thanks for the detailed answer, I was refering more to the analytics and tracking side of things, seeing how often a certain feature was used for instance while maintaining a users privacy and anonyminity. But I was interested to read how you implemented the rest too and the overall approach.