Privacy & Security
The highest privacy & security standards for your data
Collect and process user data without risking heavy fines.
Privacy
Alignment with sectoral standards & regulations
Use platform that lives up to the strict requirements of Health Insurance Portability and Accountability Act (HIPAA) and EU regulations for financial institutions: EBA’s guidelines for using cloud service providers and the Digital Operational Resilience Act (DORA), aimed at enhancing cybersecurity and operational resilience.
100% control over data & its residency
Have full control over the data you collect. Choose between different data locations and hosting options to satisfy even the strictest privacy laws and internal protocols. That wouldn’t be the case with Google Analytics.
Data processing agreement
Sign a detailed data processing agreement with us so that every party clearly understands its role in handling personal data. You’ll know exactly what to expect from us and how we ensure the safety of your data.
“We started looking for a new tool because of security and privacy reasons. Because we didn’t want to share our customer’s data with third parties, especially those not based in Europe, Google Analytics wasn’t an option. Piwik PRO was the only platform that fully met our needs (…)”
Erik van der Kooij
Head of Digital at XS4ALL
Privacy compliance software
Consent management
Use Piwik PRO Consent Manager to create and implement your requests. Obtain valid consents and adjust data collection accordingly – your tracking tags will fire only if visitors agree to their use.
User data requests
Give your visitors a way to place requests about their data – e.g. deletion, change, transfer. With our Consent Manager, you’ll be able to keep track of the inquiries and respond to them in a timely manner.
Data anonymization
You don’t have to choose between personal data and no data at all. Data anonymization allows you to respect visitor’s privacy preferences and still have access to valuable insights about their experience on your website.
Security
ISO 27001 & SOC 2 certification
We’ve received ISO 27001, SOC 2 
, and HIPAA certifications and consistently manage information security in alignment with the standards. The scope of the protection covers all information processed within our company, in every form and place of our operations.
External security audits
We regularly review our security controls to spot and fix vulnerabilities and deficiencies in our platform. The impartiality and the highest standards of audits are verified by experienced third-party auditors.
Granular permission levels
To better control access to your data, you can create multiple user groups with different permission levels and implement your preferred SSO authentication (including SAML & Active Directory / LDAP).
Guaranteed uptime with 99% SLA
Whatever SLA level you choose, you get guaranteed support so that all critical issues, uptime and incidents are under control and handled within the agreed time frame.
Application security
Piwik PRO security is based on API user authentication. Each individual action such as API communication is safeguarded by JSON Web Tokens, an industry standard that ensures security between the parties.
Introduce your own security measures
With flexible deployment methods you’re able to keep our products within your organization’s security perimeter and fully remove Piwik PRO as a data processor.
“The high number of partners from industries that handle sensitive data perfectly reflects our commitment to privacy and security. Each contract we sign with our clients shows that we’ve addressed and met their strict requirements.”
Grzegorz Jendroszczyk
Business Development Manager EMEA at Piwik PRO
Data storage security
Safe hosting options
Piwik PRO Analytics Suite offers two private cloud options in one from over 60 locations (dedicated database and dedicated hardware) and a secure public cloud. The choice of data center where your information will be stored is up to you.
Data center security
Piwik PRO Cloud is hosted on fully redundant, SOC 2-certified infrastructure with up to 99,5% uptime guaranteed under an SLA. Our clients can choose between Azure cloud servers in the US, Germany, Hong Kong, the Netherlands, and Elastx in Sweden.
System security
We apply the latest security fixes and disable every web server feature that could expose Piwik PRO to attacks. We store all your data in a dedicated database separated from the data of other clients.
Network security & SSL
We use HTTPS connection, dedicated firewalls, switches and databases with no direct access. We constantly monitor our network on multiple layers – firewall, servers & DNS, page load response times, web request & errors, and more.
Physical access control
Full access to servers is restricted to administrators and is available only from specified IP addresses with a secure VPN connection. Your access is authenticated with cryptographically secure key pairs.
Backup policy
In order to ensure maximum recovery capability your data is backed up into three buckets: Database Data, your HTTP Access Logs and System Configuration, each with a specific backup policy assigned to them.
Want to learn more about how we ensure security & privacy to your data?
We’re here to answer all your questions!