Privacy: your data never leaves your browser
Most online statistics tools upload your data to a server for processing. QuickStats doesn't — and this page explains how that guarantee works technically, not just as a promise.
How the analysis runs
- QuickStats uses WebR — the R statistical language compiled to WebAssembly — running entirely inside your browser tab.
- When you "upload" a file, it is read by JavaScript in your browser and handed to the local R engine. No network request carries your data.
- The site is served as static files from GitHub Pages. There is no application server or database that could receive or store your data.
- Closing the tab destroys everything: nothing is retained.
Technically enforced, not just promised
The site ships a Content-Security-Policy that restricts where the page is allowed to connect: only this site, the WebR package repository, and our analytics counter. Even if malicious content were somehow injected into the page, the browser itself would block any attempt to transmit your data elsewhere. You can verify this in your browser's developer tools (Network tab) — no request containing your data ever leaves.
Analytics
- We use GoatCounter, a privacy-respecting, open-source visit counter. It records a page view — not your data, not your identity.
- No cookies are set. No advertising or fingerprinting scripts are loaded.
- What GoatCounter sees: the page visited, referrer, browser type, screen size, and country-level location. Nothing else.
Sensitive and patient data
Because processing is local, using QuickStats is architecturally similar to running R or SPSS on your own machine — the data-leaves-the-institution concern of cloud tools does not apply. That said, your institution's data governance rules still apply to you; check them before analysing identifiable data on any device.
Open source
The complete source code is public at github.com/jimbono4-cpu/quickstats (MIT licence), so these claims are auditable. Questions or concerns — open an issue.