Is a Data Processing Agreement (DPA) available for GDPR compliance? FAQ - General

In the context of GDPR compliance, a data processing agreement (DPA) is a legally binding document to be entered into between the controller and the processor in writing or in electronic form. It regulates the particularities of data processing – such as its scope and purpose – as well as the relationship between the controller and the processor.

In the context of Matomo you have two options:

When you use the official Matomo Analytics Cloud service a Data Processing Agreement is available and can be viewed here: matomo.cloud/dpa. You may agree to the DPA when you sign-up to the service, or later (in Matomo Administration > GDPR Overview page).
When you self-host Matomo on your own servers, then you do not have a Data Processing Agreement available, but your data processors may offer a DPA and suggest steps for GDPR compliance. Learn more in our article: How to make Matomo GDPR compliant in 12 steps, and in our GDPR user guide.

Next FAQ: How do I delete rows of a report and specific visits to clean-up some of the reporting data?

Previous FAQ: Inform your users, Security and Documentation for GDPR compliance

Feedback on this page