GA4 Conversion Setup From Scratch: Fixing the Data Integrity Lie No One Talks About

The guides are not wrong. The setup they describe is correct. And a correctly configured GA4 property can still be measuring garbage.

This is the lie nobody names: the setup is not the problem. The data flowing through the setup is the problem. Every tutorial assumes that if your tags fire correctly, the events arriving in GA4 represent real human behavior. That assumption broke in 2026. Getting it right means understanding why.

---

The ghost traffic problem nobody put in a setup guide

In early 2026, Cloudflare reported that bot traffic had reached 45% of all US internet traffic. The number matters less than the mechanism. The worst of that traffic never visits your site. It posts fabricated events directly to Google's servers using your public Measurement ID, which sits in your page source and is trivially readable by any script that loads your page once.

This is called ghost traffic, and it is architecturally immune to every defense the standard setup guide recommends. GA4's built-in IAB bot filter does not catch it because the events arrive looking like legitimate Measurement Protocol hits. Your Cloudflare WAF does not catch it because the request never touches your origin. Server-side GTM does not catch it because the event bypasses your server entirely. You configured everything correctly. The data arriving in your GA4 property still includes sessions from Lanzhou, Singapore, and Ashburn that show zero-second engagement, mechanically consistent scroll patterns, and purchase events that never matched a Stripe charge.

The practical consequence is that a site with a real 3% conversion rate can appear to have a 2% rate if a third of its sessions are bot-generated. That difference changes budget allocation. It changes the audience signals you send to Google Ads. It changes what bidding strategies look like they deserve. You solved the setup. Nobody solved the water.

ChatGPT Ads Manager launched May 5, 2026 with its own CAPI integration, and 70.6% of LLM traffic is currently misclassified as direct in GA4. You are not just counting bots. You are counting AI agents crawling your site and attributing their sessions to organic or direct. Your GA4 property is a beautifully configured instrument measuring a mix of humans, bots, and AI agents, and it cannot tell them apart.

That is what this guide actually addresses. The mechanics of correct GA4 setup matter. But they are table stakes. The question underneath every step in this guide is: what is the quality of the data reaching this correctly configured property?

---

Quick answers

Does GA4 filter bot traffic automatically?

GA4 filters known bots from the IAB/ABC International Spiders and Bots List. It does not catch headless browsers running Puppeteer or Playwright, residential proxies mimicking human behavior, or ghost traffic posted directly to the Measurement Protocol endpoint. Q1 2025 data shows 42% of non-human traffic now successfully mimics human mouse movements. The built-in filter is a starting line, not a finish line.

Does server-side GTM fix the data quality problem?

Partially. Server-side GTM moves tag execution off the browser, so ad blockers cannot intercept those requests. It also lets you validate and deduplicate events before forwarding them to GA4 and ad platforms. What it does not do: it cannot filter ghost traffic that bypasses your server entirely via the Measurement Protocol, and it does not have a bot IP database. You recover blocked events. You do not automatically remove fraudulent ones. The pipe is cleaner. The water is still mixed.

Is Consent Mode v2 mandatory in 2026?

For EEA traffic, yes. Google made it mandatory for all EEA advertisers running Google Ads as of June 15, 2026. CNIL fined Google 325 million euros in September 2025 for consent handling failures. The enforcement has teeth. Outside the EEA, Consent Mode is a best practice for ad measurement signal quality, not a legal requirement.

Why does my GA4 conversion data not match my ad platform numbers?

Several reasons compound each other. Your GA4 script is blocked by ad blockers on 25 to 35% of real human sessions. Your pixel-based conversions are blocked at the same rate. If you have not configured server-side CAPI for Meta and Google Ads separately from GA4, both platforms are seeing the same truncated client-side view. Meanwhile, bot sessions inflate your session denominator while contributing zero real conversions, suppressing your visible conversion rate. The numbers tell different stories because they are measuring different things.

What is the actual difference between a GA4 key event and a Google Ads conversion?

GA4 key events (formerly called conversions in the GA4 interface) are behavioral signals for analysis. Google Ads conversions are the events Google's bidding algorithm actively optimizes toward. You can import GA4 key events into Google Ads, but the signal quality of what arrives depends on how clean your GA4 data is. Importing bot-inflated events trains Smart Bidding to find more traffic that looks like your bots. The algorithm is only as good as what you feed it.

How much conversion data does standard client-side tracking miss?

The typical figure cited for server-side recovery is 20 to 40%. A skincare brand documented in DarwinApps' 2026 research recorded 4,512 GA4 purchases with server-side conversion tracking versus 1,724 with client-side tagging alone, a 162% increase in recovered events. The gap is real and large enough to materially change ROAS calculations.

Is GA4 being shut down?

No. GA4 is Google's current platform and is not being discontinued. The question is not whether GA4 works. It is whether the data inside your correctly configured GA4 property reflects reality.

---

The five places your GA4 setup actually breaks

Understanding these failure modes before touching a single tag setting saves debugging time later. Most GA4 setups fail at one or more of these points, and correctly identifying which one is breaking tells you what to fix.

Client-side script blocking. Your GA4 tag is a third-party script served from google-analytics.com. uBlock Origin, Brave Shields, and Pi-hole know its exact URL and block it by name. Between 25 and 35% of real human visitors never fire a single GA4 event. This is invisible in your reports because blocked sessions do not appear at all. Your session counts are understated. Your bounce rates are distorted. Your funnel data has holes.

Consent Mode signal loss. If you have Consent Mode v2 configured and a visitor declines cookies in the EEA, GA4 receives modeled data rather than observed events. Modeling is better than nothing. It is not the same as actual data. How much of your reported EU conversion data is modeled versus observed depends entirely on your consent acceptance rate, and most GA4 properties have no idea what that rate is.

CMP script blocking. Your consent management platform is almost certainly a third-party script served from a vendor CDN. OneTrust loads from cdn.cookielaw.org. Cookiebot loads from consent.cookiebot.com. uBlock Origin and Brave block those domains 30 to 40% of the time. When the CMP script fails to load, no consent banner appears. No consent is recorded. Tracking never fires for that session, and you never see the failure in your data because the session was never recorded.

Ghost traffic injection. Covered above. Fabricated events posted to the Measurement Protocol endpoint using your public Measurement ID. No visit required. Every defense you built sits between your server and the browser. Ghost traffic goes around both.

Bot conversion signal contamination. Bot sessions that do reach your site fire real events. If a bot completes a checkout flow, GA4 records a purchase. If you import that purchase event into Google Ads, Google's algorithm uses it as a training signal. Project Andromeda, fully deployed October 2025, now acts on contaminated bidding signals within hours. Feed it bot conversions and it finds more traffic that looks like your bots. This is not a theoretical problem. PillarlabAI documented 4,560 signups across four weeks, of which only 730 were real humans, with 650 fraudulent accounts traced back to a single laptop. Those fake signups were firing real events. If they had been flowing into a CAPI, they would have been training the algorithm to find more of the same.

---

The correct GA4 conversion setup, step by step

The mechanics below are correct. Do them in this order. Then read the section after them on what the mechanics cannot fix.

Step 1: Choose one installation method and do not double-tag.

GA4 installs via the Google tag directly in your site code, or via Google Tag Manager. The Shopify Google channel installs GA4 natively if you use it. Pick one. If your CMS plugin also injects GA4 and you add GTM, you will see duplicate page_view events in your Realtime report. Duplicate events corrupt every downstream report. Check your Realtime report immediately after installation. One page_view per page load. If you see two, one installation needs to come out.

Step 2: Configure your data stream and turn off Enhanced Measurement for events you will track manually.

Enhanced Measurement auto-fires events for scrolls, outbound clicks, file downloads, video engagement, and form interactions. That sounds good. The problem is that auto-fired events are not parameterized. If you need purchase events to carry revenue, currency, and item data, Enhanced Measurement will not do that for you. Turn off Enhanced Measurement for any event you intend to configure manually through GTM or your data layer, then build it properly. Enable it for events you genuinely want auto-tracked and do not need parameterized data for.

Step 3: Build your ecommerce data layer before any tag fires.

GA4 ecommerce tracking requires a structured data layer push for every funnel event: view_item, add_to_cart, begin_checkout, add_payment_info, and purchase. The purchase event must carry currency, transaction_id, value, and an items array with at minimum item_id, item_name, and price. Missing currency parameter is the most common cause of zero-revenue reporting. The event fires. The revenue shows as null. Every downstream report that depends on revenue is broken. Build the data layer structure before configuring a single tag in GTM.

On Shopify, the native checkout funnel changed on January 13, 2026 when Shopify silently switched App Pixel defaults to "Optimized" mode. This throttles pixel firing when iOS strips fbclid parameters. If you have a Shopify store and your mid-funnel event data dropped in January without explanation, that change is why.

Step 4: Mark events as key events intentionally, not by default.

In GA4 you can mark any event as a key event, and Google Ads will let you import any key event as a conversion. The danger is marking upstream events, like page_view or add_to_cart, as key events and then importing them into Google Ads. Google's bidding algorithm optimizes toward whatever you tell it is a conversion. Optimize toward page views and you will get cheaper traffic with no purchase intent. Only mark events that represent genuine business outcomes. For most ecommerce setups: purchase. For lead gen: qualified_lead or form_submission at a meaningful point in the funnel, not every form interaction.

Step 5: Configure Consent Mode v2 for EEA traffic.

Every EEA-facing setup needs a CMP that correctly signals consent to GA4. The consent signals GA4 needs are analytics_storage and ad_storage. If both are denied, GA4 receives modeled data. If your CMP is not correctly integrated with Consent Mode, GA4 behaves as if consent was never configured and you are running without legal cover in the EEA.

The June 15, 2026 Google Ads deadline made Consent Mode v2 mandatory for all EEA advertisers. If you are running Google Ads to any EEA country without a properly integrated Consent Mode v2 setup, your campaigns are out of compliance and your conversion data for those markets is unreliable.

Step 6: Implement server-side GA4 and Google Ads Enhanced Conversions.

Client-side GA4 is blocked by ad blockers on 25 to 35% of real human sessions. Server-side GA4 moves the measurement endpoint to a domain you control. Ad blockers do not know your domain, so they cannot block it. You recover blocked sessions. Enhanced Conversions for web hashes first-party customer data at purchase and matches it to signed-in Google accounts, recovering attribution that ITP and browser restrictions otherwise lose.

Neither of these eliminates bot traffic. They recover human traffic that was previously invisible. Both are necessary. Neither is sufficient on its own for clean conversion data.

Step 7: Exclude internal traffic and define referral exclusions.

GA4 will record your team's browsing and test purchases unless you exclude them. Under Admin, Data Streams, Configure tag settings, Define internal traffic, add your office IP ranges. Then create a Data Filter in Admin that excludes internal traffic. Also add your payment processors and checkout domains to referral exclusions. Stripe, PayPal, and any third-party checkout that redirects back to your site will appear as referral traffic and break attribution on every purchase if you do not exclude them.

Step 8: Link GA4 to Google Ads and import clean key events.

Go to Admin, Google Ads Links, and link your property. Then in Google Ads, go to Tools, Conversions, Import, Google Analytics 4 Properties, and import only the key events you intentionally marked in step 4. Set a conversion window appropriate to your product. Do not set it to 90 days for a product with a 24-hour purchase cycle. You will attribute purchases to clicks that had nothing to do with them.

---

What the correct setup cannot fix

You have done everything above. Your tags are clean. Your events are properly named and parameterized. Your Consent Mode v2 is integrated. Your server-side container is running. Your key events are imported. Your conversion windows are calibrated.

Here is what none of that changes.

GA4 has no bot IP database. It knows the IAB list of declared crawlers. It does not know the 361 billion IP addresses that have been identified as datacenter infrastructure, residential proxies operating as bot networks, VPN endpoints, and proxy/anonymizer services. When a bot with a residential IP that is not on the IAB list visits your site, fires a purchase event, and leaves, GA4 records a purchase. Your setup is perfect. The record is fabricated.

GA4 Measurement Protocol events are unauthenticated. Any script that reads your public Measurement ID from your page source can post arbitrary events to Google's collection endpoint without touching your site. Server-side GTM is irrelevant to this attack vector because the events are constructed externally and sent directly to Google. You cannot solve this by moving your GTM server.

The conversion data you import into Google Ads trains the algorithm on whatever you give it. If your correctly configured GA4 property is feeding bot purchases into Google Ads, Google's bidding algorithm is being trained on those events. It will find more traffic that looks like the bots that generated them. This feedback loop means data quality problems compound over time. A dirty dataset gets dirtier because the algorithm seeks out more of the same.

These are not hypothetical risks. They are the current operating environment for any business running paid search or paid social without a layer that filters events before they reach GA4 and ad platforms.

---

The tools that actually affect data quality

The tools below are evaluated on whether and how they address the failure modes described above, not just whether they implement the standard setup steps correctly.

DataCops

DataCops sits upstream of GA4 and ad platform CAPIs as a first-party data layer. It filters every event against a 361 billion IP database covering datacenter IPs, residential proxy networks, VPN endpoints, and known fraud email domains before any event fires to GA4, Meta CAPI, Google Ads Enhanced Conversions, TikTok Events API, or LinkedIn Insight CAPI. Bot traffic is removed before it reaches any destination. Fabricated events from ghost traffic that would normally reach GA4 through the Measurement Protocol do not make it past the IP validation layer.

The setup is one script tag and one CNAME record. Your analytics endpoint moves to datacops.yourdomain.com, which is a first-party subdomain not on any ad blocker filter list. Events that were previously blocked by uBlock Origin or Brave because they were headed to google-analytics.com now reach your server first. You control what gets forwarded. DataCops also includes a first-party CMP that loads from your subdomain, not a third-party CDN, so the consent banner actually appears on sessions where OneTrust or Cookiebot would have been silently blocked.

The CAPI layer is available from Business plan at $49 per month and covers Meta CAPI, Google Ads Enhanced Conversions, TikTok Events API, and LinkedIn Insight CAPI from one pipeline. The Free plan at $0 covers 2,000 sessions with first-party analytics and the CMP but no CAPI. Growth at $7.99 per month covers 5,000 sessions, also without CAPI. The distinction matters because every tool in this space makes CAPI look available at entry pricing. At DataCops, CAPI starts at Business.

What DataCops does not replace: GA4 as a reporting and exploration layer. It cleans and routes the event data; GA4 or Plausible or any analytics tool you choose still receives and reports on it. DataCops also does not have SOC 2 Type II certification yet, which matters for enterprise procurement. If your legal team needs that certification today, that is a legitimate blocker.

Right for: ecommerce and SaaS businesses running paid Meta or Google campaigns who need to remove bot traffic from their conversion data before it reaches ad algorithms. Value 9/10. Pricing: Free, $7.99/month, $49/month (CAPI), $299/month, Enterprise.

Stape

Stape is the most popular managed hosting layer for server-side GTM. If you know GTM and want to move your container server-side without managing Google Cloud Platform infrastructure yourself, Stape removes the DevOps work. It runs your GTM server on Google Cloud, provides custom domain support so your server runs on a first-party subdomain, and includes gateway templates for Meta CAPI, Google Ads, TikTok, and Snapchat. Bounteous research flagged that 80% of sGTM setups are detectable by ad blockers. Stape's custom domain setup addresses this when configured correctly.

What Stape does not provide: bot filtering. Events that arrive at your sGTM container are forwarded to destinations without any IP-based fraud validation. Bot traffic that was blocked upstream by your CDN might not reach your server, but residential proxy traffic that successfully initiates a browser session and fires real events will be forwarded to GA4 and your ad platforms. You recover blocked human events. You do not remove fraudulent bot events.

The cost framing matters here. Stape's hosting starts at $17 per month for the Pro plan. But Stape is infrastructure, not a solution. It requires a configured GTM container, which means GTM expertise or a developer. Seresa's 2025 analysis put initial configuration at 10 to 40 hours of specialist time at $80 to $120 per hour, plus ongoing maintenance. The five-year total cost for a typical WooCommerce setup was approximately $154,000 when labor is included, not the $17 per month the pricing page shows.

Right for: in-house GTM engineers who want managed infrastructure and full container control. Value 7/10 for technical teams, 4/10 for teams without GTM expertise. Pricing: $17/month Pro, $83/month Business, plus Google Cloud Run at $50 to $300/month.

Google Tag Gateway

Google launched Google Tag Gateway in January 2026 as a free, native option for server-side Google tagging. It deploys on Google Cloud Platform, Cloudflare, or Akamai in one click and handles Google tag proxying without GTM expertise. For teams running only Google Ads and GA4, it is the most straightforward server-side setup that costs nothing beyond hosting.

The limitations are structural. Google Tag Gateway is Google-only. It does not forward events to Meta, TikTok, LinkedIn, or any non-Google destination. It does not include bot filtering. It does not include a CMP. It is a pipe for Google signals, and a clean one, but the data quality problem exists independently of which pipe you use.

Right for: teams running pure Google Ads who want server-side GA4 without complexity and do not need multi-platform CAPI. Value 8/10 for Google-only stacks. Pricing: Free (hosting costs apply).

Meta 1-Click CAPI

Meta launched free, native one-click CAPI integration on April 15, 2026. For a Shopify or WooCommerce store sending events to Meta only, this is now the default starting point. Zero cost. Zero setup complexity. The integration uses native server-side event delivery from Meta's infrastructure to its own ad platform.

The constraint is that it is Meta only, and it has no bot filtering. Fraudulent events that your pixel captured on the client side are forwarded server-side at higher fidelity. You solve the delivery problem. You do not solve the data quality problem. If your pixel was capturing bot sessions, your CAPI now delivers those bot sessions at better EMQ. The algorithm gets cleaner signal on dirtier data.

Right for: single-platform Meta advertisers with clean traffic who need a zero-cost server-side start. Value 8/10 in its category. Pricing: Free.

Tracklution

Tracklution is a European CAPI tool with a clean interface, TCF 2.2 CMP included, and straightforward multi-platform support across Meta, Google, TikTok, and Pinterest. It was built for EU-facing advertisers and has the compliance documentation to match, including SOC 2 and ISO 27001 certification. Setup is simpler than Stape, does not require GTM expertise, and the company's EU data residency posture is stronger than most alternatives.

The gap is bot filtering. Tracklution does not maintain an IP database and does not filter events for fraud before forwarding them to CAPI endpoints. For advertisers in high-IVT verticals, particularly finance, legal, and insurance where the Fraudlogix 2026 data shows 42% bot rates, sending more events server-side without filtering them first means delivering bot signals at higher fidelity. That is not an improvement.

Right for: EU-focused agencies wanting simple Meta and Google CAPI with solid compliance documentation and SOC 2 certification. Value 7/10. Pricing: €31/month Starter.

Elevar

Elevar is the most established server-side tracking tool built specifically for Shopify. Its order-level fidelity is genuinely different from other tools. It maps Shopify order IDs to session data and deduplicates across client-side pixels and server-side events, so the same purchase does not get counted twice. For high-volume Shopify stores, that deduplication alone can materially clean up ROAS reporting. It also handles the Shopify checkout funnel's unique structure better than any generic GTM setup.

The Shopify dependency is both its strength and its limit. Elevar does not work on WooCommerce, Webflow, or custom builds. It does not filter bot traffic before events reach Meta or Google. And the pricing escalates steeply with order volume: $200 per month for 1,000 orders, $950 per month for 50,000 orders. A seven-figure Shopify store generating 50,000 orders monthly pays $11,400 per year on CAPI delivery alone, with no bot filtering included.

Right for: Shopify-only stores doing 500K or more in monthly GMV that need millisecond-accurate order-level conversion fidelity and have the budget for it. Value 7/10 for Shopify at scale. Pricing: $200/month (1,000 orders), $950/month (50,000 orders).

Littledata

Littledata is the oldest name in Shopify server-side tracking. It handles the Shopify data layer, pushes events to GA4 and Meta via server-side, and has a long history of following Shopify's changelog closely enough to stay current when Shopify updates its checkout infrastructure. The January 2026 Shopify App Pixel default change to "Optimized" mode, which silently throttled pixel firing, was something Littledata customers were protected from faster than most.

The honest negative: the pricing model is opaque for anyone trying to budget at scale, starting at $199 per month but growing with order volume in ways that are hard to predict before implementation. Bot filtering is not included. And it is Shopify-only.

Right for: established Shopify merchants who want a managed, hands-off server-side layer with a long track record of Shopify compatibility. Value 6/10 given price ambiguity. Pricing: $199/month Standard.

TrackBee

TrackBee is a Dutch CAPI tool with a focus on European ecommerce brands and clean multi-platform event delivery. Its setup requires less GTM expertise than Stape and it handles Meta, Google, and TikTok from one interface. The product has improved meaningfully over the past 18 months and the team ships fast.

The gap is the same as most CAPI tools in this tier: no bot filtering before events reach CAPI endpoints. For European advertisers where GDPR compliance and data quality are both high priorities, TrackBee handles the compliance side but not the IVT side. Pricing sits at €79 per month, which is reasonable for mid-market European brands.

Right for: European ecommerce brands wanting clean multi-platform CAPI with strong EU support and no GTM requirement. Value 7/10. Pricing: €79/month.

Aimerce

Aimerce positions itself as a premium Shopify CAPI solution with AI-assisted event enrichment. The base plan starts at $299 per month and escalates with order volume above 1,000 orders. The enrichment layer is genuinely useful for improving EMQ scores and matching rates, which translates to lower CPA when the underlying data is clean.

The cost structure is the friction point. A Shopify store processing 5,000 orders per month on Aimerce is paying meaningfully more than on comparable tools, and the bot filtering gap remains. Right for: well-funded Shopify brands prioritizing EMQ optimization over cost, with clean traffic. Value 5/10 on price-to-output ratio. Pricing: $299/month base.

Segment

Segment is a customer data platform, not a CAPI tool. It collects events from your web, app, and server, normalizes them into a standard schema, and routes them to any destination in its library, which includes hundreds of analytics and marketing tools. For enterprises that need one data pipeline feeding GA4, Mixpanel, Amplitude, Braze, Salesforce, HubSpot, and a data warehouse simultaneously, Segment is the correct infrastructure layer.

It is not a lightweight CAPI solution. It requires significant configuration work and developer resources. It does not include bot filtering. It does not include a CMP. At enterprise pricing it becomes the connective tissue of a larger stack rather than a standalone conversion tracking tool.

Right for: enterprise teams that need a multi-destination event pipeline and already have analytics and marketing tool sprawl to manage. Value 8/10 for its actual use case. Pricing: custom (typically $10,000 to $120,000/year for enterprise).

Tealium

Tealium is a tag management and CDP platform with deep enterprise integrations, strong data governance, and SOC 2 Type II compliance. Its server-side event routing is mature and handles complex multi-destination configurations that smaller tools cannot manage. For regulated industries like financial services and healthcare where data sovereignty and audit trails are requirements, Tealium is one of the few tools with the governance layer to match.

The cost and implementation complexity are enterprise-tier. Tealium is not relevant for SMBs. Bot filtering is not a built-in feature. Right for: regulated enterprises with dedicated MarTech engineers and compliance requirements that lower-cost tools cannot satisfy. Value 8/10 in its actual market. Pricing: custom (typically $50,000/year minimum).

Triple Whale

Triple Whale is an attribution dashboard and media measurement platform, not a conversion tracking infrastructure tool. It ingests events from Meta, Google, TikTok, and other platforms and surfaces blended ROAS, MER, and media mix insights across channels. It is the category leader for Shopify attribution intelligence.

The important distinction: Triple Whale improves how you read your conversion data. It does not improve the quality of the data your ad platforms received. If your Meta CAPI is delivering bot conversions, Triple Whale will chart them accurately and beautifully. It is downstream of the problem this article addresses. Right for: Shopify brands spending $50,000 or more per month across channels who need blended attribution to make budget allocation decisions. Value 8/10 in its category. Pricing: $179/month annual.

Northbeam

Northbeam is a media mix modeling tool for brands spending $500,000 or more per month. It does not fit the same evaluation as CAPI tools. It synthesizes attribution at a scale where last-click and even multi-touch models break down. The $1,500 per month entry price reflects that it is built for a specific spending tier.

Right for: high-spend brands doing media mix modeling across channels where statistical attribution outperforms deterministic pixel tracking. Value 7/10 for its tier. Pricing: $1,500/month entry.

Piwik PRO

Piwik PRO is the best GA4 replacement for regulated enterprise organizations with data sovereignty requirements. It is ISO 27001 and SOC 2 certified, EU-hosted, and covers both analytics and a built-in CMP. It is not a CAPI tool and does not forward events to Meta or Google Ads. Right for: healthcare, legal, or financial services organizations that need GDPR-compliant analytics with verified EU data residency. Value 9/10 in its category. Pricing: free Core tier, paid plans custom.

Plausible

Plausible is a privacy-first analytics tool that is cookieless by default, GDPR compliant without a consent banner in most EU contexts, and extremely lightweight. It tracks pageviews, referrers, and custom events without storing personal data. The dashboard is clean and usable in minutes.

Plausible does not feed Meta or Google Ads with conversion signals. It does not filter bot traffic in any structured way. It is a traffic reporting tool, and a good one, not a conversion tracking layer. Running Plausible alongside a CAPI tool is a reasonable stack for teams that want honest traffic reporting without GA4's compliance complexity. Running Plausible alone and expecting it to replace conversion infrastructure is a misuse of the tool.

Right for: content sites, SaaS landing pages, and any team that wants traffic analytics without cookie consent complexity and is not running paid social campaigns. Value 9/10 in its category. Pricing: $9/month Starter.

Fathom

Fathom is a cookieless, privacy-first analytics tool similar to Plausible with a slightly more polished interface and a pricing model that charges per page view volume rather than per site. It has no free tier. Like Plausible, it is an analytics tool for traffic visibility, not a conversion infrastructure layer.

Right for: small-to-medium sites wanting GA4 traffic analytics without the compliance overhead, particularly teams already spending $15 or more per month who value a cleaner UI. Value 8/10 in its category. Pricing: from $15/month.

Matomo

Matomo is the leading open-source analytics platform with an optional self-hosted deployment. Self-hosting means your data never leaves your servers, which satisfies data residency requirements that exclude GA4. The tradeoff is infrastructure maintenance. Matomo Cloud removes the hosting burden but adds cost. Matomo does not include CAPI forwarding to ad platforms or bot filtering.

Right for: organizations with strong data sovereignty requirements who need GA4-depth analytics on their own infrastructure or do not want to process user data through Google. Value 8/10 for self-hosted compliance use cases. Pricing: free self-hosted, Matomo Cloud from $19/month.

Mixpanel

Mixpanel is a product analytics tool for understanding user behavior inside a product: feature adoption, retention cohorts, user journey funnels, and event flows. Its free tier covers 1 million events per month, which is genuinely generous. For SaaS teams trying to understand why users activate, convert, or churn, Mixpanel is one of the most capable tools available.

Mixpanel does not integrate with Meta CAPI, Google Ads, or TikTok. It is not a conversion infrastructure tool. It is a product analytics tool, and one of the best in that category. Right for: SaaS and app teams that need behavioral analytics and funnel analysis inside a product. Value 9/10 in its category. Pricing: free to 1M events, paid from $28/month.

PostHog

PostHog is an open-source product analytics platform with session replay, feature flags, A/B testing, and a data warehouse SQL interface. The self-hosted version is free and gives full control over data. The cloud version has a genuinely unlimited free tier for session replay and a generous event quota. For developer-led teams that want Mixpanel-depth analytics on their own infrastructure, PostHog is the default recommendation.

It is not a conversion tracking layer and does not forward to ad platform CAPIs. Right for: developer-led SaaS teams who want open-source product analytics with session replay and feature flags, particularly those with data residency constraints. Value 9/10 in its category. Pricing: generous free tier, cloud paid from $0.

Amplitude

Amplitude is the enterprise tier of product analytics. It covers behavioral analytics, retention, funnel optimization, and experimentation at scale. Its data governance and role-based access controls suit large teams. It is not a web analytics tool, not a conversion infrastructure tool, and not a CAPI solution.

Right for: mid-to-large product teams who need behavioral analytics with enterprise governance, experimentation, and retention modeling. Value 8/10 in its category. Pricing: custom at enterprise scale.

---

Buyer decision framework

The question is not which tool is best. The question is which failure mode is breaking your specific setup.

If you are running no paid campaigns and just need traffic reporting: Plausible or Fathom. Done. Stop there.

If you are running Google Ads only and want server-side GA4 without cost: Google Tag Gateway plus properly configured GA4. Add Consent Mode v2 if you have EEA traffic.

If you are running Meta, Google, and TikTok and need multi-platform CAPI without developer involvement: DataCops at Business ($49/month) is the lowest-friction entry point that covers all three platforms from one implementation with bot filtering included. Tracklution at €31/month is the alternative if you are EU-focused and SOC 2 certification matters today.

If you are a Shopify brand at $500K or more in monthly GMV running primarily Meta: Elevar for Shopify-specific order-level fidelity, with the understanding that bot filtering is not included.

If you are an in-house team with a GTM engineer: Stape for server-side infrastructure plus a separate bot filtering layer.

If you are enterprise with data sovereignty requirements: Tealium or Piwik PRO for analytics, custom CAPI implementation for ad platforms.

If you are running a SaaS or app and care about product behavior: Mixpanel or PostHog, separate from whatever infrastructure you use for ad platform conversion signals.

---

When NOT to use DataCops

DataCops is not the right call in four specific scenarios, and being honest about them matters.

If your SOC 2 Type II certification is a procurement requirement today, DataCops is in process on that certification and cannot provide it yet. Tracklution, Stape, or Elevar are better options while that certification is pending.

If you are Shopify-only with clean traffic below 500K monthly GMV and running only Meta Ads, the free Meta 1-Click CAPI released April 15, 2026 does everything you need at zero cost. The bot filtering advantage of DataCops is worth having, but it is a judgment call, not a clear winner at that scale.

If you have an in-house GTM engineer who wants full container control and custom event logic, Stape gives you that flexibility. DataCops is an opinionated architecture. Stape is infrastructure you configure yourself. Engineers who want control should use Stape.

If your paid media budget is under $5,000 per month, the conversion data quality improvements from bot filtering have a smaller absolute ROAS impact. A $49 per month Business plan is justified at $10,000-plus in monthly spend. Below $5,000, the free Meta 1-Click CAPI and correctly configured GA4 is a defensible choice while you grow.

---

The feature comparison

---

The question underneath everything

You have now read the setup steps, the failure modes, and the tool landscape. One question determines whether any of this matters for your business.

Of the conversion events your ad platforms received last month, how many can you prove came from real human sessions that a real person initiated on a real device?

If you cannot answer that with a number, you are not running paid campaigns. You are paying for traffic signals, forwarding them to algorithms that optimize toward them, and measuring the results in dashboards that cannot tell you how much of what they contain is real. The setup guide is the easy part.