This post was originally published on January 11, 2017, and updated on May, 2020.
Here are some ways how you can ensure your users and visitors privacy by using Matomo (Piwik).
1. Owning the data gives you power to protect user privacy
Whether you host Matomo on-premises yourself, or whether you use Matomo’s cloud, YOU keep control of your data and nobody else. By knowing exactly where your data is stored and having full control over what happens to it, you have the power to protect your user’s privacy. No-one else can claim ownership.
2. GDPR compliance
GDPR is one of the most important privacy laws to have come out in the last few years. As such, Matomo takes GDPR compliance very seriously. There’s even a 12-step checklist for you to follow to ensure your Matomo is GDPR compliant.
3. Data anonymization
For better privacy by default, Matomo implements a range of data anonymization techniques. One of the main techniques is not recording the full IP address of your visitors. Some countries even require you to anonymize additional info considered Personally Identifiable Information (PII).
To change the IP anonymization settings go to “Administration > Privacy”.
4. Configuring Matomo to not process personal data or personally identifiable information (PII)
To further protect the privacy of your visitors, you can learn how to not process any personal information or PII.
5. Deleting old visitor logs
The is important because visitor logs contain information all the collected raw data about every visitor and every action. You can configure Matomo to automatically delete logs from the database. When you delete old logs, only the real time and visitor log reports will no longer work for this old time period, all other aggregated reports will still work.
For privacy reasons, we highly recommend that you keep the detailed Matomo logs for only 3 to 6 months and delete older log data. This has one other nice side effect: it will free significant database space, which will, in turn, slightly increase performance!
6. Supporting the Do Not Track preference
Do Not Track enables users to opt out of any tracking by websites they do not visit, including analytics services, advertising networks, and social platforms. By default, Matomo respects users preference and will not track visitors which have specified “I do not want to be tracked” in their web browsers. Get more information about DoNotTrack.
To make sure Do Not Track is respected, go to “Administration => Privacy”.
7. Including an Opt-Out Feature on your website or app
8. Disabling Live features
The Real-Time, Visitor Log and Visitor Profile features give you insights into the tracked raw data by showing you details about every visitor and every action they performed. To protect the privacy of your visitors you may decide to prevent access to such features by disabling the “Live” plugin in “Administration => Plugins”. This way only aggregated reports will be shown in your Matomo.
9. Disabling fingerprinting across websites
By default, when one of your visitors visits several of your websites, Matomo will create a fingerprint for this user that will be different across the websites to increase the visitors’ privacy. You can make sure that this feature is disabled by going to “Administration => Config file” and verifying that the value of “enable_fingerprinting_across_websites” is set to zero.
10. Disabling tracking cookies
11. Creating the tool of your dreams by developing your own plugins and getting access to the API
Matomo is an open platform that lets you extend and customise the tracking; reporting; and user interface to your needs and to protect your visitors’ privacy the way you want or need it. Learn more in the Matomo Developer Zone. You may also have a look at our Matomo Marketplace where you can find several free and premium features to extend your Matomo.
By default, all information and all collected data in your Matomo server are protected and nobody can access it. However, Matomo allows you to optionally make your collected data public and you can export any Matomo report including the whole dashboard to embed it into your website. This way you can show your users exactly which information you track. When you decide to make reports public, we do our best to protect privacy and automatically hide any Personally Identifiable Information such as the Visitor Profile and we make sure to not show any Visitor IP address and the Visitor ID.
Continuous privacy improvements
We are always interested in improving the privacy. If you miss any feature or have an idea on how to improve the privacy, please let us know.