This guide explains the privacy implications of tracking your visitors’ web analytics data, and how Matomo (Piwik) can easily be configured to ensure that your users’ privacy is respected.
Matomo (Piwik) ensures the privacy of your users and analytics data. When using Matomo, YOU keep control of your data, nobody else does. Your data is stored in your own MySQL database, and logs or report data will never be sent to other servers by Matomo. Learn more about Privacy.
To ensure further security, after you have installed Matomo (Piwik), we recommend that you:
- make your Matomo (Piwik) server more secure by undertaking a few extra security checks
- follow the guide below to enable important Privacy features
By design, Matomo (Piwik) ensures that your analytics data is only accessible to the Matomo administrator, meaning it is completely secure. This guide will explain how to easily make your favourite web analytics tool “privacy compliant”. Firstly, you will need to log in as Super User and click on Administration > Privacy.
Step 1) Automatically Anonymize Visitor IPs
By default, IP Anonymisation is enabled in Matomo (Piwik). This means Matomo stores in the database each new visitor IP address (ipv4 or ipv6 format) with the last components removed to protect user’s privacy. IP anonymisation is a good way to protect users with static IP address as otherwise their browsing history would be easily tracked across several days and even across websites tracked within the same Matomo server.
To ensure that you do not store the visitor IP, which is Personally Identifiable Information (PII), please go to Administration > Privacy > Anonimyze data, to enable IP anonymization, and check you have 2 bytes or 3 bytes masked from the IP address.
If you user the optional User ID then you may also choose to “Replace User ID with a pseudonym”. (When you enable this option, the User ID will be replaced by a pseudonym to avoid directly storing and displaying personally identifiable information such as an email address.)
Step 2) Delete Old Visitors Logs
You can configure Matomo (Piwik) to automatically delete your older logs from the database. For privacy reasons, we highly recommend that you keep the detailed Matomo logs for only 3 to 6 months and delete older log data.
Deleting old logs also has one other important advantage: it will free significant database space, which will, in turn, slightly increase performance!
If you run the automatic script as explained in the FAQ, it is safe to delete your old log data and still access all historical reports in Matomo (Piwik).
Step 3) Include a Web Analytics Opt-Out Feature on Your Site (Using an iFrame)
In Administration > Privacy, you will be able to copy and paste the following Iframe code:
You can make the opt-out iframe look great on your website by customising the Opt-out iframe colors and fonts (text color, background color, font size, and font family).
Here below is the example iframe for this website. You can opt out from being tracked on demo.matomo.org:
Step 4) Respect DoNotTrack preference
Do Not Track is a technology and policy proposal that enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms. By default, Matomo (Piwik) respects users preference and will not track visitors which have specified “I do not want to be tracked” in their web browsers. For more information about DoNotTrack, check out donottrack.us.
Step 6) Learn about personal data regulations such as GDPR
To learn more about the privacy regulations and in particular the GDPR, please visit our GDPR User guide.
Step 7) Optional Privacy Preferences
There is more you can consider when it comes to privacy:
- As the Matomo (Piwik) administrator, you may decide that giving access to real time & visitor log features are not necessary for your team members who use Matomo. In this case, you can disable the Live plugin in Administration > Plugins.
For reference the list of metadata and data points and collected by Matomo (Piwik) is documented here.