Table of content
The question arises in every marketing meeting in Switzerland since 2023: "Are we still allowed to use Google Analytics?"
Between the strict nFADP and uncertainties surrounding data transfer to the United States (Cloud Act), many Swiss companies are hesitant. Some are migrating to Matomo or Plausible, losing the power of the Google ecosystem (Ads, BigQuery).
For agencies, it's a puzzle. How to offer top marketing performance if the most powerful analysis tool on the market is taken away?
The answer is not to change tools. The answer is to change the data collection method.
At A-Track, we deploy GA4 Server-Side architectures that act as a decontamination chamber. We clean the data in Switzerland (or Europe) before it touches any American server. Here's how.
The Problem: Direct Connection (Client-Side)
In a classic setup (the one that 90% of agencies still use), the Google Analytics script runs in the visitor's browser.
The user visits votreclient.ch.
His browser sends a request directly to Google's servers (analytics.google.com).
The danger: Even if you anonymize the IP in the settings, Google technically receives the user's IP address (to establish the connection) and their "User Agent" (browser fingerprint). Legally, this is a transfer of personal data to the USA, potentially non-compliant without additional guarantees.
The Solution: The Server Proxy as a "Digital Customs"
The Tracking Server-Side introduces an intermediary that you fully control.
Instead of talking to Google, the browser talks to your server (e.g., data.votreclient.ch), hosted by our partner Stape.io on secure European instances.
This server acts like customs. It receives the data, inspects it, modifies it, and only then transmits it to Google. It is at this precise stage that we apply the "cleaning".
Tutorial: The 3 Steps of Data Cleaning (Sanitization)
Here is the technical procedure we apply at A-Track to "fortify" the GA4 accounts of your sensitive clients (Banks, Insurance, Health).
1. Removing the IP Address
This is the quintessential personal data.
On the Server: We configure the GA4 client to remove the IP address from the outgoing request.
Result: When Google receives the final data, the IP field is empty or replaced by a generic IP (that of the server). Google is unable to accurately geolocate the user or re-identify them via their IP.
2. Cleaning URL Parameters (PII)
This is a classic mistake: a user fills out a form and the confirmation URL contains their email in plain text (e.g., ?email=jean.dupont@gmail.com).
The Risk: Storing emails in plain text in GA4 is a serious violation of Google's terms of use (risk of account deletion) and the nFADP.
The Server-Side Solution: We add a transformation rule that scans incoming URLs. If an "email" pattern is detected, we replace it with [REDACTED] before sending it to Google.
3. Reducing the "User Agent"
The User Agent provides very precise information about the device (Exact iPhone model, OS version). Combined with other data, it allows for "Fingerprinting".
The A-Track Action: We can simplify this data to keep only the essentials (e.g., "Mobile" vs "Desktop"), making the user indistinguishable from the crowd.
The Infrastructure Stape.io: Why Is It Compliant?
Many agencies ask us: "But if the server is on Google Cloud, doesn't that change anything?"
That's why we use Stape.io Enterprise.
Sovereignty: The servers are located in the EU (Ireland, Germany, France), protected by the GDPR.
No Google Cloud: Stape uses European cloud providers (like Scaleway or Hetzner) for its "Own Cloud" offerings. This ensures that no American infrastructure sees the raw user data.
Business Argument: How to Sell This Security?
For your clients, this "cleaning" may seem abstract. Here's how to present it to them:
"Today, using Google Analytics in a classic way carries a legal risk, as data goes to the USA without control. With A-Track's Proxy Server-Side solution, we install a 'security filter'. We anonymize your users before sending the stats to Google. Benefit: You retain the power of Google for your marketing, but you comply with the nFADP and the principle of 'Privacy by Design'. You are invulnerable in case of an audit."
The A-Track Expert's Advice
Beware of Google Signals! If you enable 'Google Signals' in GA4 to get demographic data (age, gender), you force Google to re-identify the user via their connected Google account. This can undermine your anonymization efforts. For ultra-sensitive clients, we recommend leaving this option disabled.
Don't Take Risks with Your Clients' Data
The era of the "Wild West" of data is over. Secure the use of Google Analytics with Server-Side Tracking.
A-Track configures your data cleaning infrastructure for flawless nFADP compliance.