The collection of personal data is not inherently bad, and it is often desirable as part of the analytics process. Matomo’s privacy-focused design ensures you only collect personal information when needed, and that you always have the ability to anonymise any personal data.

Matomo collects and processes the following personal data by default:

  • IP Address – This is used to identify the location of a user. There are multiple levels of anonymisation possible, and each can be checked against a database on your server for varying levels of accuracy. By default, Matomo automatically anonymises the IP address by obscuring the last part.

  • URLs and Page Titles – These help you understand how people use your site but can contain personal data. An example is if you provide custom profile pages and URLs for registered users.

  • Referrer URLs – These can contain personal data such as Facebook/Google referral IDs and even third-party profile URLs.

  • Tracking Cookie IDs – These are unique identifiers which can help determine whether a visit is from a new or returning user.

  • Geolocation Data – This is useful for understanding the geographic trends of your website’s visitors. However, it can also be used to identify where a specific user is, if linked to a User ID or if you only have a few users in remote locations.

  • Site Searches – As you have no control over what users input to your website’s search bar, it is possible that a user may enter personal data when seeking information.

Other personal data may be collected based on your specific settings and plugins. Some examples are:

  • Custom Events – These help you understand how people use your site but can contain personal data. An example is if you provide custom profile pages and URLs for registered users.

  • Heatmap and Session Recordings – Used for optimising the design and flow of a site. Visit data may make it obvious who is using the site in a recording. It is possible to mask content areas where you expect personal data to appear.

  • User ID – This might be a username or email address collected when a user logs in. It is an optional feature that can be used to aid with counting unique visits and to track user-level interactions across devices and time.

  • Ecommerce Order IDs – These are used to avoid duplication of tracking; however, they can be traced back to the specific order which almost certainly contains personal data such as name/address.

  • Custom Dimensions, Events and Variables – These are all customisable tracking mechanisms which could contain personal data if specifically configured to do so. For example, if a health-focused site decided to track known diagnoses alongside a user’s page views.

Click here for a more comprehensive view of the data Matomo collects, including non-personal data.

Previous FAQ: Configure Privacy Settings in Matomo