datascale
DE EN
Contact

Services

Datascale-led

Measurement & Privacy Engineering

Client-side tracking loses 30 to 40 percent of signals. We build the EU-hosted server-side architecture that stops it.

  • GA4
  • GTM Server-Side
  • stape.io
  • BigQuery (Frankfurt)
  • Consent Mode V2
  • Usercentrics
  • OneTrust

✓ Certified stape.io Partner

Request an Audit Sprint →

Safari ITP 2.3. Third-party cookies deprecated in Chrome. ML-based adblockers. Ad algorithms then optimise against noise.

We build the server-side architecture that replaces it. 100 percent server-side via stape.io, routed into BigQuery Frankfurt. GDPR-compliant and aligned with the EU AI Act from August 2026.

kaputt

Legacy

  • Browser
  • Client-Side GTM
  • Safari ITP 2.3
  • ML adblockers
  • 3P cookies (Chrome) deprecated
  • 30 to 40% signal loss

resilient

Datascale

  • Browser
  • First-party subdomain
  • Server GTM (stape.io)
  • Consent Mode V2 + PII filter
  • BigQuery (Frankfurt)
  • GA4 + Meta CAPI

Architecture: EU-first data routing with strict PII separation. BigQuery in the Frankfurt region sidesteps US CLOUD Act transfers before any anonymisation.

What we build

Most analytics problems don't start when you analyse data. They start when you collect it. A misnamed event, a missing parameter, a consent layer that throws data away before it arrives, these are the foundations every analysis stands or falls on.

Measurement & Privacy Engineering covers the full lifecycle: strategic definition, technical implementation, ongoing QA. For web, mobile, and apps. With the right tool for the context. GDPR-compliant. No vendor lock-in.

We follow a clear model: spec from us, code from your dev team, QA back to us. The detailed breakdown lives further down under "The Measurement Blueprint".

Who it's for

Product & Engineering

Teams building a new app or website who want analytics set up correctly from day one, not as an afterthought in sprint 12.

Marketing

Teams who know their GA4 setup is broken but don't know how broken or why. Or teams realising post-UA-to-GA4 migration that their numbers are being internally questioned.

CMO / VP Marketing

Facing a budget decision and need to be confident their conversion data is correct, and able to defend that internally.

CTO / Tech Leads

Need an analytics partner who talks to the dev team as peers. Who delivers spec docs that are actually implementable. And who doesn't disappear after launch.

The three modules

01

Web Analytics Setup & Audit

Full implementation or technical audit of an existing web analytics setup. Tool-agnostic, we recommend what fits the use case, not what pays the highest license commission.

What we do specifically:

  • Setup or audit of GA4, Plausible CE, or Matomo
  • Server-side tracking via stape.io for adblocker resilience and GDPR compliance
  • Structural cleanup post UA-to-GA4 migration and validation against typical issues (pre-consent events, cross-domain breaks, sampling distortions)
  • Cross-domain tracking, bot filters, referral exclusions, internal access exclusions

Tools: GA4, Plausible CE, GTM, GTM Server-Side, stape.io

Server-side hosting fully managed via stape.io, no GCP burden on the client side.

02

Mobile & App Analytics (Firebase)

Analytics for native apps and hybrid mobile products. Firebase as the foundation, properly configured, with an event schema that fits the web strategy and merges into BigQuery cross-platform.

What we do specifically:

  • Event schema for iOS and Android per the Measurement Blueprint
  • GDPR-compliant Firebase configuration (data residency, retention, consent defaults)
  • App consent architecture: Firebase + enterprise-CMP integration with correct state handover
  • Firebase ↔ GA4 BigQuery export for cross-platform analysis + in-app purchase tracking

Tools: Firebase Analytics, GA4, BigQuery, Usercentrics, OneTrust

Experience includes MedTech app analytics under Article 9 GDPR (health data) and a global retail app stack with enterprise CMP. We don't write app code, we define what gets measured, the dev team implements, we validate.

03

Cookie Consent Management & Consent Engineering

Consent layers aren't formality checkboxes. Misconfigured, they destroy data. Configured properly, they protect users while letting analysis run reliably.

What we do specifically:

  • CMP selection based on company size, traffic volume, and jurisdiction
  • Full Usercentrics or OneTrust setup including cookie scanning, categorisation, banner design, geolocation rules
  • Google Consent Mode V2 (Basic / Advanced) with GTM integration for conversion modelling despite consent restrictions
  • Firebase + enterprise-CMP integration for health apps and other Article 9 data categories
  • Pre-consent scan: full audit of which cookies fire when

Tools: Usercentrics, OneTrust, Cookiebot, Google Consent Mode V2

How we work

The Measurement Blueprint

Every engagement starts with the Measurement Blueprint. Not a 2-page concept doc, a complete technical spec.

What the Blueprint contains:

  • KPI definition: what do we want to measure and why? Alignment with company goals
  • Event schema: all events, naming convention, all parameters with data types and expected values
  • Tracking guide: concrete implementation guide for the dev team, directly actionable
  • Tool recommendation with reasoning: which analytics tool, which CMP, whether server-side makes sense
  • Consent architecture: which events run pre-consent, which post-consent, how state is passed

After the Blueprint: dev team builds against spec. We review pull requests for tracking relevance and prepare QA.

QA & sign-off: event-by-event testing, consent-flow validation, sign-off. From there everything runs under datascale ownership.

The end of internal ping-pong

Marketing wants data. The DPO blocks. Both are right.

The ping-pong only ends when the infrastructure forces the separation at server level, not in the analysis spreadsheet. We build architectures the DPO can sign off and that return to marketing the conversion signals lost in the browser.

Server-side forces data flows that client-side can barely deliver: PII filtered before it reaches Google. Consent state propagated server-side. Full audit log over every outbound tag, internally queryable by the DPO.

Datascale works without account managers as a firewall. You talk to the engineers who build the system, and to the DPO directly when data flows are on the table.

Deliverables

Scope varies by engagement type. Full engagement includes:

Strategy & Planning

  • Measurement Blueprint (event schema, naming convention, parameter documentation)
  • Tracking guide for the dev team (directly implementable)
  • Tool recommendation with written reasoning
  • Consent architecture documentation

Technical Implementation

  • GTM container setup (tags, triggers, variables, folder structure)
  • Server-side GTM setup via stape.io (when relevant)
  • Firebase Analytics configuration (when an app project)
  • CMP setup and configuration (Usercentrics / OneTrust / Cookiebot)
  • Google Consent Mode V2 integration
  • Enhanced Conversions setup (Google Ads)
  • Meta Conversion API (CAPI) setup (when relevant)

QA & Validation

  • Event testing against the Measurement Blueprint spec (each event individually)
  • Consent flow validation (pre-consent / post-consent state)
  • Data quality report (sampling, data loss, bot traffic, internal access)
  • Sign-off document

Handover & Documentation

  • Handover documentation for the internal team
  • GDPR compliance proof of the setup
  • 30-day post-launch support

Scope in detail

Tag implementation

  • GTM container structure: workspace, naming convention, versioning
  • All tags, triggers, variables per Measurement Blueprint
  • Server-side setup (stape.io): containers, clients, tags, first-party cookie migration

Event tracking

  • Custom events per schema (web + app)
  • E-commerce: GA4 purchase flow, Firebase in-app purchases
  • Form, scroll, video tracking (YouTube, Vimeo)
  • App events per Firebase best practice (iOS + Android)
  • Deep link tracking (when an app project)

Conversion tracking

  • Google Ads Enhanced Conversions (first-party data)
  • Meta CAPI: server-side event matching
  • Offline conversion import (when CRM is available)
  • App conversions: Firebase → Google Ads / Meta

Consent & GDPR

  • CMP: selection, implementation, configuration, scanning
  • Google Consent Mode V2 (Basic / Advanced) with GTM
  • Pre-consent scan: what loads before consent?
  • GDPR conformity check across all integrated tools
  • App consent: Firebase + CMP integration

Data quality

  • Bot and spam filters (GTM and GA4 level)
  • Internal IP exclusions
  • Cross-domain tracking (when multiple domains)
  • Referral exclusion lists
  • Sampling strategy (GA4 360 / BigQuery export)

Mobile & app

  • Firebase SDK configuration (iOS + Android)
  • Event schema iOS & Android per Blueprint
  • Firebase ↔ GA4 property linking
  • Firebase BigQuery export
  • In-app purchase tracking (revenue events)

Engagement depths

Three depths. Clear scopes.
No retainer trap.

Start here →

Audit Sprint

We audit what's wrong. Report + prioritised action plan.

Duration
10 working days
Price
€2,400 net

plus statutory VAT · fixed price for a clearly bounded scope

Included in the fixed price

  • 1 domain
  • 1 analytics property
  • 1 tag manager / tracking setup
  • 1 CMP
  • up to 5 core conversions
  • 10 working days
  • PDF report + 90-min walkthrough

What you get

  • Full analysis of your existing setup
  • Prioritised report with concrete action items
  • Walkthrough call with the team (90 min)
  • No follow-up contract, no retainer obligation

When it fits

When the setup works but the numbers are being argued about internally. Or you're unsure what from a UA→GA4 migration still holds.

For e-commerce, multiple domains or App + Web: Audit Sprint Plus, €3,900 net fixed price. Bonus: 50 % of the Audit Sprint credits toward a Build Sprint commissioned within 30 days.

Request an Audit Sprint

Build Sprint

Fresh build or restructure of a tracking setup.

Duration
4–8 weeks
Price
from €7,500 net

plus statutory VAT · final fixed price after scope definition

Typical scope

  • 1 domain (multi-domain on request)
  • 1 analytics property (GA4 or Piwik PRO)
  • server-side container (Stape or own cloud)
  • 1 CMP with Consent Mode V2
  • up to 15 events / conversions
  • 4–8 weeks delivery
  • Blueprint, QA sign-off, handover docs

What you get

  • Measurement Blueprint for your dev team
  • GTM + server-side setup incl. CMP integration
  • Full QA against the blueprint with sign-off
  • Handover docs + 30-day post-launch support

When it fits

When analytics is structurally broken and fixing it in-flight costs more than a clean rebuild.

Discuss the build after the audit

Managed Evolution

Ongoing partnership. Analytics as a product, not a one-off project.

Duration
3-month minimum
Price
from €3,500 / month net

plus statutory VAT · monthly cancellation after the minimum term

Included in the monthly price

  • up to 3 domains under active care
  • GA4 + server-side stack maintenance
  • monthly roadmap + sprint planning
  • QA on every release deploy
  • Slack channel, < 4 h response (Mon–Fri)
  • monthly report + executive summary
  • 3-month minimum, then monthly

What you get

  • Monthly development + feature rollouts
  • Ongoing QA on every deploy
  • Executive reports + dashboard evolution
  • Slack support with guaranteed response times

When it fits

When analytics has to grow with you (new campaigns, new products, new data sources) and you don't want to build that team internally.

Discuss ongoing support

All prices net, plus statutory VAT. For companies in Germany, Austria and Switzerland.

  • Q01
    Is GA4 still legally usable in 2026 without server-side tracking?

    GA4 itself remains usable, but running it GDPR-compliantly without server-side gets harder every quarter. Three forces effectively make server-side mandatory: Safari ITP 2.3 caps client-side cookies at 7-day TTL, ML-based adblockers filter 25 to 40 percent of all GA4 calls, and Google Consent Mode V2 expects a server-validated consent state. Without sGTM you are optimising on filtered data.

  • Q02
    How do you bypass adblockers without breaking privacy?

    A first-party subdomain (analytics.client.com) routes requests to a stape.io server container. Tags run server-side, the browser only sees your own domain. This is not a trick, it is an architectural shift: PII is filtered before it reaches Google, Consent Mode V2 runs in front, the audit log stays with you.

  • Q03
    Is GA4 with Google Consent Mode V2 actually GDPR-compliant?

    Consent Mode V2 controls how Google tags react to the consent state, it does not replace a fully GDPR-compliant CMP implementation. Used correctly they work together: the CMP owns the consent decision, Consent Mode V2 transmits the state correctly to Google services. Without a CMP behind it, Consent Mode V2 is just an API.

  • Q04
    What changes for my tracking when the EU AI Act applies in August 2026?

    Pure event tracking is not affected. The Act becomes relevant the moment analytics data drives automated decisions: BigQuery ML for lookalike audiences, custom LLMs for content personalisation, predictive scoring in the CRM. From August 2026 those pipelines need risk classification, data-provenance documentation and, in the high-risk case, an external audit. We document this in the Measurement Blueprint from day one.

  • Q05
    Why BigQuery in Frankfurt and not in the US?

    The Frankfurt region on Google Cloud means data does not leave the EU legal space. That sidesteps the US CLOUD Act transfer problem before any anonymisation step. Standard Contractual Clauses then exist for the exceptions, not the default. This is the reading EU DPOs sign off on without discussion.

  • Q06
    What is a Measurement Blueprint?

    A complete technical spec doc that defines what gets measured, how events are named and which parameters carry which values. The foundation for dev-team implementation and downstream QA validation. Not a concept paper for the drawer.

  • Q07
    Who implements the tracking in the app or on the website?

    Your dev team, against our Measurement Blueprint. We write the spec, stay available for questions, and take over full QA and everything after implementation. Deliberate stance against vendor lock-in: the code stays with you.

  • Q08
    Do I need a different approach for an app than for a website?

    Yes. Apps use Firebase Analytics as the foundation, websites use GA4 or Plausible. Event schemas differ, consent architecture differs (app consent vs. browser consent), and QA methodology is technically different. We cover both worlds.

  • Q09
    What does an analytics audit cost?

    Audit Sprint at a fixed price of €2,400 net, 10 working days delivery. Includes prioritised defect list, concrete action plan and a 90-minute walkthrough call. Complex setups across multiple brands or app + web + shop run through Audit Sprint Plus at €3,900. No follow-on contract.

  • Q10
    Do you also work with OneTrust for smaller companies?

    OneTrust is technically usable at any company size, but the license cost and configuration overhead are usually oversized for SMBs. For smaller companies we typically recommend Usercentrics (DACH market leader) or Cookiebot. We recommend what fits, not what we happen to know best.

  • Q11
    We already have a setup from another agency, can we migrate?

    Standard case. We usually start with an Audit Sprint: inventory of the current setup, prioritised defect report, migration plan. Depending on the depth of the existing issues, we decide together whether cleanup or rebuild is more economical. Vendor lock-in is never an argument: all GTM containers, BigQuery exports and CMP configurations stay in the client's ownership.

Further reading

Articles on this service

Free Want to try it yourself first?

Measurement Health Check

One URL. One scan. Measurement and privacy in one report. 20+ checks across GA4, Consent Mode V2, pre-consent cookies, performance, and security, free, no account.

Open tool

Next step

Tracking that survives the next three years.

Audit Sprint at a fixed €2,400 net, 10 working days delivery. Prioritised report, 90-minute walkthrough call. No follow-on contract, no forced retainer.

Request an Audit Sprint → hello@datascale.de