Self-Hosted Ads Analytics

Admaxxer is a DTC analytics platform with built-in Meta + Google ad ops. The self-hosted edition gives you the full product — first-party pixel, 33+ analytics pipes, Meta and Google ad-platform connectors, and the Claude-powered AI agent — running on infrastructure you control, with credentials you encrypt, and a database you own.

What it does

• Runs on your own infra: Replit Deploy for a managed path, or self-host on any Node-compatible host.
• Stores every ad-platform credential encrypted at rest with AES-256-GCM, keyed per workspace.
• Issues HTTP-only, signed session cookies — no bearer tokens floating around the frontend.
• Scopes every query to a workspace: one customer's data never touches another customer's dashboards.
• Ships the full analytics stack: first-party pixel, 33+ analytics pipes, a primary database, and a managed job queue.

How it works

The deployment topology is intentionally simple. A single Express + TypeScript server renders the React frontend (Vite build), exposes /api/v1/* for programmatic clients, and handles webhooks for Stripe and ad-platform callbacks. The primary database is portable by default, and the schema runs on any standard SQL database. A managed job queue handles insight syncs and token-expiry crons over an encrypted (TLS) transport. A first-party analytics warehouse stores the pixel events.

Credentials — Meta user access tokens, Google refresh tokens, developer tokens, GA4 API secrets — never hit the database in plaintext. The credential-encryption module wraps AES-256-GCM with an ENCRYPTION_KEY you configure as an environment variable. Rotating that key is a documented operation; losing it is recoverable only by re-connecting the accounts, which is deliberate.

Sessions are HTTP-only, signed cookies keyed with SESSION_SECRET. The frontend never stores a user's token in localStorage or sessionStorage. This is a boring, deliberate choice — the most common way AI-era dashboards leak credentials is putting long-lived tokens in browser storage. We do not do that.

Data scoping is enforced at the database query layer. Every request resolves a workspace from the session cookie, and every query that reads ad-platform data, pixel events, or chat sessions is filtered on that workspace ID. Cross-workspace reads are impossible by construction, not by policy. The workspaceMembers table controls who in a workspace can do what, with owner and member roles.

The first-party pixel fires client events to an ingestion endpoint that forwards to the analytics warehouse over Conversions API. Thirty-three-plus pipes compute visitors, revenue, cohorts, blended MER, CAPI match rate, cohort LTV at 7/30/90 days, 1-day and 7-day click attribution, MMM contribution, forecast, and incrementality — all queryable under the workspace.

Why it matters

Hosted analytics vendors promise data portability and usually deliver CSV exports. Admaxxer's self-hosted edition delivers actual data ownership: the database instance is yours, the analytics workspace is yours, the pixel fires to your domain. If Admaxxer disappears tomorrow, your data does not.

That matters for DTC brands who have been burned by attribution vendors shutting down or pivoting. It matters for agencies who cannot contractually put client data in a shared multi-tenant warehouse. It matters for operators who want to pipe Admaxxer's analytics pipes directly into their existing BI stack without going through a vendor API that may rate-limit, deprecate, or charge per call.

Encryption at rest with AES-256-GCM, HTTP-only sessions, workspace-scoped queries, and TLS-only transport add up to a posture that passes a reasonable security review on day one. We do not claim SOC 2 out of the box — that is a company-level commitment — but the product is architected so a self-hosted instance can be audited without surprising the auditor.

Finally, the 33+ analytics pipes are designed for DTC operators, not for a generic analytics audience. Cohort LTV, blended MER, CAPI match rate, MMM contribution, and attribution windows are the primitives; everything else composes from there. That is the data shape a DTC CFO asks for, and it is the shape Admaxxer ships.

Who it's for

DTC brands with $500k to $50M ARR who want data ownership without hiring a data team. Agencies managing multi-brand portfolios who need hard per-brand data boundaries. Technical operators who read a schema-migration command without flinching and prefer infrastructure they can grep.

Setup in 15 minutes

Deploy on Replit with one click, or self-host on any Node host by cloning the repo, setting your database, job-queue, encryption, session, Anthropic, Stripe, and app-URL environment variables, then running the schema migration against your database. Full walkthrough in the install guide. To see what the stack powers, read Meta Ads Manager, Google Ads Manager, and AI Ads Agent. For the pixel deep dive, see the analytics guide.

Pricing

Self-hosted is included in every plan. Starter is $9/month, Pro is $79/month, Scale is $199/month. Every plan starts with a 7-day free trial and no credit card is required. See pricing for workspace and seat quotas.

FAQs

Where exactly is my data stored? In your database instance and your analytics workspace. Ad-platform credentials are AES-256-GCM encrypted at rest with an ENCRYPTION_KEY you control.

Can I export my data? Yes. Because the database schema is the single source of truth and the analytics warehouse exposes SQL endpoints, you can export or mirror to any warehouse at any time. There is no vendor lock-in layer in between.

Does self-hosting change the feature set? No. The self-hosted edition ships the full product — Meta + Google connectors, the Claude AI Ads Agent, all 33+ analytics pipes, billing, workspaces, API keys, and webhooks. It is the same codebase.