Piwik PRO provides data security by design
Regularly conducted security reviews
We regularly review and update our security controls and their implementation and conduct internal security training to keep ourselves up-to-date with the latest standards. We also work with security professionals to guide our digital security procedures across our operations.
ISO 27001 certification
Piwik PRO has received ISO 27001 certification and we consistently maintain information security management according to this standard. The scope of the protection covers all information processed in Piwik PRO, in every form and in every place of our operations.
A work environment built to protect your data
Access to customer data is restricted, and we use several authentication technologies to protect it further. The production, testing and staging servers where the full product is deployed are available only through a private network. The main repository used to integrate and deploy Piwik PRO has protected branches.
Updated & verified to prevent product vulnerabilities
All client instances are regularly updated to the latest version as part of every pull request. All frameworks used in the platform are regularly updated to the latest version. An automated security check is run with every build to detect software dependencies with known security vulnerabilities against the Security Advisories Databases.
Get the Whitepaper
Free Comparison of 5 Leading Consent Management Platforms
Compare over 30 variables of consent managers: Piwik PRO, TrustArc, OneTrust, Cookiebot and consentmanager.net
Piwik PRO Analytics Suite allows us to gather more granular data about website visitors while having full privacy compliance. Piwik PRO’s customer success team ensures our system is fully operational and working at 100% efficiency.
SENIOR PRODUCT MARKETING MANAGER OPEN-XCHANGE
We understand the importance of security. That’s why we ensure:
All Piwik features are based on an API which employs user profile authentication for each action. API communication is secured by JSON Web Tokens. In addition, the Activity Log Premium Feature for Piwik PRO can be used to list all instances of API activity next to the user profiles associated with these events.
Piwik PRO provides several network protection measures including: dedicated manageable firewalls and switches; isolated internal communication; a database with no direct access; and automatic detection of suspicious activity. We also execute weekly vulnerability scans to check our network.
Data storage security
Piwik PRO can be deployed on your own infrastructure, in a private cloud, at a third-party data center or on our secure servers located in the US, Germany and the Netherlands. Piwik PRO Cloud is hosted on fully-redundant Microsoft Azure GDPR-compliant cloud infrastructure with 99% SLA in a ISO 27001 certified data center.
Physical access control
Piwik PRO employs a number of measures to prevent unauthorized third parties from accessing data processing systems. Full access to servers is restricted to administrators. Access is available only from specified IP addresses, using a secure VPN connection (the VPN certificates are created for single use) and clients are authenticated with cryptographically secure pairs of keys.