11 ways Matomo Analytics helps you to protect your visitors privacy

At Matomo (Piwik) and at InnoCraft, we think Privacy matters. From the beginning, Matomo has had a strong focus on privacy and ensures the privacy of your visitors and analytics data. As a result, Matomo has been recommended as a privacy-compliant analytics tool for example by the Independent Center for Privacy Protection in Germany (ULD) and by the Center for Data Privacy Protection in France (CNIL). In France, Matomo is the only web analytics tool that does not require Cookie Consent.

Here are some ways how you can ensure your users and visitors privacy by using Matomo (Piwik).

1. You own the data

Whether you host Matomo (Piwik) on premise yourself, managed on premise by InnoCraft, or whether you use our Matomo cloud, when you use Matomo, YOU keep control of your data and nobody else. This also means you can decide where your data should be located physically.

2. Anonymized IP addresses

For better privacy by default, Matomo (Piwik) will not record the full IP address of your visitors because otherwise the browsing history could be easily tracked across several days and even across websites within the same Matomo server. Some countries even require to anonymize the IP address, considered Personally Identifiable Information (PII).

To change the IP anonymization settings go to “Administration > Privacy”. Optionally, you can use the full IP to still get for example accurate location data.

3. Delete old visitor logs

The visitor logs contain information all the collected raw data about every visitor and every action. You can configure Matomo (Piwik) to automatically delete logs from the database. When you delete old logs, only the real time and visitor log reports will no longer work for this old time period, all other aggregated reports will still work.

For privacy reasons, we highly recommend that you keep the detailed Matomo (Piwik) logs for only 3 to 6 months and delete older log data. This has one other nice side effect: it will free significant database space, which will, in turn, slightly increase performance!

4. Support Do Not Track preference

Do Not Track enables users to opt out of any tracking by websites they do not visit, including analytics services, advertising networks, and social platforms. By default, Matomo (Piwik) respects users preference and will not track visitors which have specified “I do not want to be tracked” in their web browsers. Get more information about DoNotTrack.

To make sure Do Not Track is respected, go to “Administration => Privacy”.

5. Include an Opt-Out Feature on your website or app

By embedding the Opt-Out feature in your website, you give your visitors the possibility to opt-out of the tracking. When you go to “Administration > Privacy”, you will be able to copy and paste an HTML Iframe code to embed the opt-out feature for example into your privacy policy page or in your ‘Legal’ page. Your users can then click on a link to opt-out.

On the Matomo (Piwik) Marketplace there are also some plugins available to customize the Opt-Out experience. For example AjaxOptOut and CustomOptOut.

6. Disable Live features

The Real-Time, Visitor Log and Visitor Profile features give you insights into the tracked raw data by showing you details about every visitor and every action they performed. To protect the privacy of your visitors you may decide to prevent access to such features by disabling the “Live” plugin in “Administration => Plugins”. This way only aggregated reports will be shown in your Matomo (Piwik).

7. Disable fingerprinting across websites

By default, when one of your visitors visits several of your websites, Matomo (Piwik) will create a fingerprint for this user that will be different across the websites to increase the visitors’ privacy. You can make sure that this feature is disabled by going to “Administration => Config file” and verifying that the value of “enable_fingerprinting_across_websites” is set to zero.

8. Disable tracking cookies

Matomo (Piwik) uses cookies to store some information about visitors between visits. In some countries, the legislation requires websites to provide a way for users to opt-out of all tracking, in particular tracking cookies. You can disable cookies by adding one line in the Matomo Javascript code.

9. Custom development

Matomo (Piwik) is an open platform that lets you extend and customize the tracking, the reporting and the Matomo user interface to your needs and to protect your visitors’ privacy the way you want or need it. Learn more in the Matomo Developer Zone. You may also have a look at our Matomo Marketplace where you can find several free and premium features to extend your Matomo.

10. Transparency

By default, all information and all collected data in your Matomo (Piwik) server are protected and nobody can access it. However, Matomo allows you to optionally make your collected data public and you can export any Matomo report including the whole dashboard to embed it into your website. This way you can show your users exactly which information you track. When you decide to make reports public, we do our best to protect privacy and automatically hide any Personally Identifiable Information such as the Visitor Profile and we make sure to not show any Visitor IP address and the Visitor ID.

11. Privacy policy

When you use Matomo (Piwik) to track your visitors, we recommend to update your Privacy Policy to explain how Matomo is used and what data it gathers. We provide a Privacy Policy template for Matomo users that you can copy on your site.

12. GDPR Compliance

And a bonus entry! Learn all about how to [make Matomo GDPR compliant](https://matomo.org/docs/gdpr/).

Continuous privacy improvements

We are always interested in improving the privacy. If you miss any feature or have an idea on how to improve the privacy, please let us know.

More information about all the Matomo features

If you want to learn more about all the features in Matomo (Piwik), have a look at our User Guides and FAQ entries.

Share this post