UK SaaS privacy analytics stack 2026: Plausible vs Umami vs Vercel Web Analytics for indie hackers

You are shipping a UK SaaS in 2026. You want web analytics. You do not want a cookie banner sitting in front of your sign-up flow at 1pm on launch day, killing the conversion rate. You want GBP pricing, EU or UK data residency, and a Next.js 16 wiring snippet that does not need a 30-page DPIA before you push.

Three real options for UK indie hackers in 2026: Plausible Cloud, self-hosted Umami, and Vercel Web Analytics. Each is cookieless, each is exempt from PECR + Data (Use and Access) Act 2025 cookie consent in the standard configuration, and each ships in a single line of Next.js. The differences are pricing, data residency, feature surface, and what happens at 100k pageviews a month.

This is the UK indie hacker decision frame. Pricing in GBP. Residency under UK GDPR Chapter V. Wiring for Next.js 16 App Router. A 30-minute ship-it for the path most UK indies should take.

TL;DR — pick one in 30 seconds

Stack	UK indie verdict	When to pick
Vercel Web Analytics	Friction-zero default if you already deploy on Vercel	Next.js, hosted on Vercel, want the lowest-effort path. Free up to 2.5k events/month on Hobby.
Plausible Cloud	The cleanest privacy story, EU-hosted, polished UI	Want a single dashboard you can show to a co-founder or accountant; need EU data residency under DUA Act.
Umami self-hosted	The cheapest at scale, MIT-licensed, no third-party data sharing at all	Want full control, run it next to your app on a Hetzner box or Railway, willing to do 30 minutes of ops.

If you hosted somewhere other than Vercel, Plausible Cloud is the default. If you have not shipped yet, Vercel Web Analytics is the default. If you are above 250k events a month and want to cap the spend, Umami self-hosted wins.

Pricing in GBP (April 2026)

Sticker prices keep changing. GBP is pegged to today's USD exchange (~1 USD = 0.79 GBP). Round numbers are deliberate.

Tool	Free tier	Paid starter	At 100k events/month	At 1M events/month
Vercel Web Analytics	2.5k events/mo (Hobby)	Pro: included	Pro: included up to 100k	Enterprise: bespoke
Plausible Cloud	30-day trial	GBP 7/mo (10k pageviews)	GBP 15/mo (100k)	GBP 60/mo (1M)
Umami Cloud	1M events/mo (community)	Free	Free	Free
Umami self-hosted	Free (MIT)	Free	Free + GBP 4/mo VPS	Free + GBP 4/mo VPS

The hidden cost of self-hosted Umami is not money — it is the 30 minutes of ops a month. A Hetzner CX22 at GBP 3.55/month or a DigitalOcean LON1 droplet at GBP 4.74/month will run Umami plus a small Postgres alongside your main app. Backups, SSL renewal, and a 5-minute monthly OS update is the operational tax.

For most UK indies under 100k events a month, the spend gap between Plausible Cloud (GBP 15/mo) and Umami self-hosted (GBP 4/mo) is GBP 11/month — a coffee and a half. Not enough to justify the ops tax unless you genuinely want full control of the data.

DUA Act 2025 cookie consent — what you get for free

The Data (Use and Access) Act 2025 brought UK rules closer to the EU's PECR-and-GDPR alignment. The headline change for analytics: cookieless tracking that does not use the device storage, does not fingerprint, and does not transfer personal data outside permitted jurisdictions is exempt from cookie consent in most cases.

All three of Vercel Web Analytics, Plausible Cloud, and Umami are designed to qualify for that exemption out of the box:

• No cookies stored on the user's device
• No persistent identifiers beyond a daily-rotating hash for unique-visitor counting
• No fingerprinting of the device (User-Agent + IP class, hashed daily, salted)
• No personal data in the strict UK GDPR sense once aggregated

What this means in practice: you can ship without a cookie banner blocking the page. The DUA Act exemption is conditional on the configuration — if you turn on session-level features that store identifiers (e.g. Plausible's outbound-link tracking with PII, or a custom Umami plugin that fingerprints the browser), you lose the exemption and need consent.

[!info] Privacy policy still required Even with cookie consent exemption, your privacy policy must list each analytics tool, the lawful basis for processing (legitimate interest is the standard pick), the data retention period, and the data residency. Plausible: 24-month retention default, EU. Umami: configurable, you set it. Vercel: 6-month retention default, edge globally with EEA-residency option.

See [[2026-04-23-dua-act-cookie-exemption-uk-saas-2026]] for the full DUA Act cookie-exemption decision tree.

UK data residency table

Tool	Where data is stored	UK GDPR Chapter V status
Vercel Web Analytics	Edge globally, with an EEA-residency option on Pro+	Standard adequacy + IDTA cover for non-EEA edges
Plausible Cloud	EU (Frankfurt, Germany — Hetzner)	Adequacy regulation: full EU = no IDTA needed
Umami Cloud	EU (Frankfurt)	Adequacy regulation: full EU
Umami self-hosted on Hetzner Falkenstein	DE	Adequacy regulation
Umami self-hosted on DigitalOcean LON1	UK (London)	UK domestic = no transfer
Umami self-hosted on Render Frankfurt	DE	Adequacy regulation

For a UK SaaS holding personal data of UK users, the cleanest residency story is Umami self-hosted on DigitalOcean LON1 (UK domestic, no Chapter V transfer at all), followed by Plausible Cloud or Umami self-hosted on Hetzner Falkenstein (EU adequacy). Vercel Web Analytics needs IDTA cover in the standard global-edge configuration; the EEA-residency option resolves this for Pro+ accounts.

Next.js 16 App Router wiring (copy-paste)

Vercel Web Analytics

pnpm add @vercel/analytics

// app/layout.tsx
import { Analytics } from "@vercel/analytics/next"

export default function RootLayout({ children }: { children: React.ReactNode }) {
  return (
    <html lang="en-GB">
      <body>
        {children}
        <Analytics />
      </body>
    </html>
  )
}

That is it. Deploy. Dashboard appears under your Vercel project's Analytics tab in 30 seconds.

Plausible Cloud

// app/layout.tsx
import Script from "next/script"

export default function RootLayout({ children }: { children: React.ReactNode }) {
  return (
    <html lang="en-GB">
      <body>
        {children}
        <Script
          defer
          data-domain="yourdomain.co.uk"
          src="https://plausible.io/js/script.js"
        />
      </body>
    </html>
  )
}

If you want a custom subdomain (stats.yourdomain.co.uk) to bypass adblockers, point a CNAME at Plausible's edge and swap the src to your custom path.

Umami self-hosted (Docker on Hetzner CX22)

# On Hetzner CX22 (Falkenstein), GBP 3.55/month
ssh root@your-server
docker compose up -d  # umami-app + postgres on port 3000
caddy reverse-proxy --from analytics.yourdomain.co.uk --to localhost:3000

// app/layout.tsx
import Script from "next/script"

export default function RootLayout({ children }: { children: React.ReactNode }) {
  return (
    <html lang="en-GB">
      <body>
        {children}
        <Script
          defer
          src="https://analytics.yourdomain.co.uk/script.js"
          data-website-id="your-website-uuid"
        />
      </body>
    </html>
  )
}

Five lines of Next.js, 30 minutes of ops setup, GBP 4/month forever.

Decision matrix by stage

Stage	Recommended	Rationale
Pre-revenue, pre-launch	Vercel Web Analytics	Already on Vercel; zero config; free Hobby tier covers your traffic
First 100 users	Vercel Web Analytics or Plausible Cloud	Either fine; Plausible if you want a polished dashboard for early-stakeholder demos
100-1,000 users	Plausible Cloud (GBP 7-15/month)	Better outbound-link, goal, and event tracking than Vercel; cleanest privacy story
1k-10k users	Plausible Cloud (GBP 15-60/mo) or Umami self-hosted	Plausible for ease; Umami if you want full data control
10k+ users	Umami self-hosted	At scale, GBP 4/mo is unbeatable; you have the ops surface to absorb monitoring

Five UK failure modes to avoid

1. Defaulting to Google Analytics 4 — GA4 is not exempt from DUA Act / PECR cookie consent in the standard configuration. You will need a banner. Conversion rates drop 15-25% on banner-gated funnels. Do not default to GA4 for a UK SaaS.
2. Picking US-region Vercel Web Analytics with no IDTA — the standard global edge stores data in non-adequacy jurisdictions. Either upgrade to the EEA-residency option, put an IDTA in your data processing agreement, or pick Plausible/Umami.
3. Self-hosting Umami next to your production database — Umami's Postgres workload is small but spiky on writes. Run it in a separate database (or a separate VPS) so an analytics traffic spike does not slow your sign-up endpoint.
4. Forgetting to list each tool in your privacy policy — even with cookie consent exemption, the privacy policy must list the analytics tool, the legal basis (legitimate interest), the retention period, and the residency. See [[2026-04-26-uk-saas-legal-pages-template-2026]] for a copy-paste UK template.
5. Custom server-side event tracking that re-introduces personal data — when you send custom events from your API routes (e.g. "user_signed_up"), do not include the user's email or IP in the event properties. Plausible and Umami both reject events with PII; Vercel Web Analytics does not enforce this. Use a hashed user ID instead.

30-minute ship-it: Plausible Cloud on Next.js 16

The path most UK indies should take. Trade GBP 7-15/month for zero ops surface and the cleanest privacy story.

1. Sign up at plausible.io with your founder email — 5 minutes. EU-hosted by default.
2. Add your site — enter the domain (yourdomain.co.uk), choose currency (GBP for goal-revenue tracking), pick the EU data centre.
3. Install the script — paste the <Script> tag from above into app/layout.tsx. Push to Vercel. Verify the script is loading from your custom subdomain (run curl https://yourdomain.co.uk/_pls/script.js to confirm).
4. Set up goals — sign-up form submit, pricing-page CTA click, and any conversion event you care about. Plausible's UI handles this in five clicks.
5. Update your privacy policy — add the line: "We use Plausible Analytics, a privacy-friendly EU-based service that does not use cookies or personal data. Data is retained for 24 months and stored in Frankfurt, Germany under EU adequacy regulation."
6. Verify cookie consent exemption — open your site in an incognito browser and check that no Cookie: request header is set by Plausible's script. If it is clean, you are exempt under DUA Act 2025.

That is it. 30 minutes. GBP 7-15 a month. Privacy story you can show a stakeholder without three pages of caveats.

Key Takeaways

• All three options are cookieless and exempt from DUA Act 2025 cookie consent in the standard configuration. Vercel Web Analytics is the default if you ship on Vercel; Plausible Cloud is the default for clean privacy story; Umami self-hosted wins on cost at scale.
• GBP pricing 2026: Vercel free up to 2.5k events on Hobby; Plausible Cloud GBP 7 to 60 per month at 10k to 1M pageviews; Umami self-hosted GBP 4 per month forever on a Hetzner CX22.
• UK data residency: Umami on DigitalOcean LON1 is UK domestic with no Chapter V transfer at all. Plausible Cloud and Umami on Hetzner Falkenstein are EU adequacy. Vercel global edge needs IDTA cover or the EEA-residency option.
• Next.js 16 App Router wiring is one Script tag for each option. Keep custom server-side events PII-free; use hashed user IDs not emails.
• Privacy policy must list each tool, legal basis (legitimate interest), retention, and residency. The cookie banner is not required if you stay in the standard configuration.

FAQs

Q: I am already on Vercel and Hobby tier. Should I just use Vercel Web Analytics and stop here? A: For pre-launch and the first 100 users, yes. The Hobby tier gives you 2.5k events a month free, which covers most launch traffic. The moment you cross 2.5k events you will need to upgrade to Pro (GBP 16/month plus usage), at which point Plausible Cloud becomes more attractive on price. The Vercel Web Analytics dashboard is also less polished than Plausible's; if you ever want to show analytics to a co-founder or accountant, Plausible's UI is easier to read.

Q: Does Plausible Cloud need a cookie banner under UK DUA Act 2025? A: No, in the standard configuration. Plausible does not use cookies, does not fingerprint, and does not store personal data beyond a daily-rotating salted hash for unique-visitor counting. That qualifies for the cookie consent exemption under PECR + DUA Act. Your privacy policy must still list it, the legal basis (legitimate interest), the retention (24 months default), and the residency (Frankfurt, EU).

Q: I want to self-host Umami next to my Next.js app on Vercel. How do I do that? A: You cannot run Umami inside Vercel itself. Run it on a small VPS next to your app: a Hetzner CX22 at GBP 3.55 per month, a DigitalOcean LON1 droplet at GBP 4.74, or a Render Frankfurt starter at GBP 5.53. Wire your Next.js layout's Script tag to the Umami subdomain (analytics.yourdomain.co.uk), and front the box with Caddy or Nginx for SSL. Backups: a daily Postgres dump to S3 takes 30 seconds. See [[2026-04-27-uk-indie-hacker-vercel-vps-sidecar-2026]] for the wider sidecar pattern.

Q: I am sending custom events from my API routes. Is that still cookieless? A: Yes, as long as the event payload does not include personal data. Plausible and Umami both reject events with PII in the properties. Vercel Web Analytics does not enforce this — you must avoid including emails or raw IPs yourself. Use a hashed or pseudonymised user ID. The cookieless guarantee is about the browser side; server-side events from your API are processed server-to-server with no cookies involved.

Q: I host on Cloudflare Pages, not Vercel. Does Vercel Web Analytics work? A: No. Vercel Web Analytics is tied to Vercel hosting. On Cloudflare Pages, your options are Plausible Cloud or Umami self-hosted. Cloudflare Web Analytics is also available and free, but its dashboard is thinner than Plausible's and it does not export raw events. For a UK SaaS on Cloudflare Pages, Plausible Cloud is the cleanest pick.

---

Want a UK-first business idea you can build with this stack in a weekend? Read this week's free report on IdeaStack — keyword volumes, competitor intel, SERP analysis, and copy-paste builder prompts for Claude Code.