Matomo ensures the privacy of your users and analytics data
Get 100% data ownership and privacy protection with Matomo Analytics.
One of Matomo's guiding principles: respecting privacy
Matomo Analytics was designed with privacy in mind. It can be configured to follow even the strictest of privacy laws – like GDPR, HIPAA, CCPA, LGPD and PECR. Simply by using Matomo you will ensure all of your valuable information is private and owned by one person (you!) and that your website respects your visitors’ privacy. If you need to have data stored in a specific country and are looking for additional data sovereignty, you can achieve this with Matomo On-Premise.
The source code of the software is open-source so hundreds of people have reviewed it to ensure it is secure and keeps your data private.
Ways Matomo protects the privacy of your users and customers
Although Matomo Analytics is a web analytics software with a purpose to track user activity on your website, we take privacy very seriously.
The following advanced privacy protections in Matomo provide you with more control:
- Matomo has an opt-out mechanism which lets users opt-out of web analytics tracking
- You can configure for data retention of raw data and aggregated reports
- Anonymise IP addresses as well as implementing other data anonymisation techniques
- Respect DoNotTrack setting
- Configure Matomo to not process any personal data or PII (personally identifiable information)
- Set shorter expiration dates for tracking cookies
- Disable Visits Log and Visitor Profile
- Users aren’t tracked across websites unless specifically enabled
- Matomo can be used without needing consent (unlike with Google, which will always need user consent). This strengthens privacy as it means you’re not ‘following’ visitors (e.g. over multiple days)
- Read about the 12 ways Matomo helps you protect your visitor’s privacy
These privacy features, along with the open and decentralised nature of Matomo, mean your users’ privacy is respected.
Matomo adheres to GDPR, HIPAA, CCPA, LGPD and PECR
Data Protection Authorities across the EU are ruling Google Analytics illegal to use under the GDPR. Starting with the Austrian Data Protection Authority’s ruling on Google Analytics and then the CNIL followed suit with a similar ruling. Finding a GDPR compliant Google Analytics alternative is more important than ever.
Matomo can be configured to automatically anonymise data so you don’t process any personal information. Make sure you’re not processing any PII (Personally Identifiable Information) with Matomo. This allows you to be GDPR, HIPAA, CCPA, LGPD and PECR compliant, and helps minimise risk of fines.
Importance of data privacy
As we all know privacy is a major concern for anyone who spends a lot of time online. Websites can use tracking tools to collect personally identifiable information (PII) in incorrect ways, which can threaten privacy.
Here are a few examples of how websites can gather your personal information even once you’ve left their site:
Companies like Google can be a threat to privacy due to the information they gather and what they end up doing with it. Even though they’re providing a free service, there are more privacy sacrifices as your analytics data is tracked, stored and owned by them. This means they have access to data like internet activity logs (websites, pages visited, searches), which reveal a lot of personal info about our life, and work.
When using Google Analytics, Google knows all the IP addresses (and other browser unique identifiers which can be considered personal data) of visitors to your site. Through this they can then track the six other websites that person visited earlier that day, and the 50 websites she/he looked at in the last month. By re-using such visits log data tracked on your website they can enrich existing profiles for given IP addresses.
Google Analytics dominates the industry with a market share of 84%. Coupled with their other products that use tracking beacons, such as Adsense, you can see their immense ability to build an accurate picture of most visitors to websites.
Why is this profiling for marketing purposes considered a “problem” for privacy?
Platforms like Google are able to build an enormous profile of all websites and pages looked at by most internet users worldwide (even if they’re not Google users).
One of their main goals is to improve the re-marketing of Google Ads to internet users – to sell to people better. But many internet users and website operators are growing concerned about what could be termed a Global Internet User Activity Database and its moral implications. You don’t need to be a Privacy Junkie to be interested in the challenges and moral implications of gathering so much data on the internet.
We choose not to discuss the details here but recommend you check out the Privacy section of the EFF website to learn more. You may also be interested in the article “The High Privacy Cost of a “Free” Website” (themarkup.org) for a more recent in-depth analysis.
Why choose Matomo for privacy?
The Centre for Data Privacy Protection in France (CNIL) lists Matomo as a tool that can easily ensure full compliance of privacy regulations. The CNIL also has approved Matomo as one of a select few web analytics tools that is exempt from tracking consent requirements.
Matomo’s strong privacy leadership is reflected by the many government agencies who already trust and rely on Matomo (in Europe, Asia, North America, Africa).
Government agencies that choose Matomo
Matomo supports consent free tracking. So you don’t always need to ask your visitors for cookie consent or for tracking consent. This way you not only get more accurate data but also don’t annoy your visitors with cookie consent banners that might damage your brand and results in lost customers and data. This is different to Google Analytics where you always have to ask for consent.
You've earned the Matomo Privacy Badge!
Grab this badge of honour and showcase it proudly on your site to show that you, too, respect user privacy with Matomo.