Privacy & security

The highest privacy & security standards for your data

Collect and process user data without risking heavy fines


Compliance with privacy & security laws

Team up with an analytics vendor that has a proven reputation of protecting personal data. Our product will help you act in line with data privacy regulations, such as GDPR, LGPD, PIPEDA or TTDSG/TDDDG, and the CNIL’s guidelines.

Alignment with sectoral standards & regulations

Use platform that lives up to the strict requirements of Health Insurance Portability and Accountability Act (HIPAA) & EBA’s guidelines for the use of cloud service providers by financial institutions.

100% control over data & its residency

Have full control over the data you collect. Choose between different data locations and hosting options to satisfy even the strictest privacy laws and internal protocols. That wouldn’t be the case with Google Analytics.

Data processing agreement

Sign a detailed data processing agreement with us so that every party clearly understands its role in handling personal data. You’ll know exactly what to expect from us and how we ensure the safety of your data.

“We started looking for a new tool because of security and privacy reasons. Because we didn’t want to share our customer’s data with third parties, especially those not based in Europe, Google Analytics wasn’t an option. Piwik PRO was the only platform that fully met our needs (…)”

Erik van der Kooij
Head of Digital at XS4ALL

Privacy compliance software

Use Piwik PRO Consent Manager to create and implement your requests. Obtain valid consents and adjust data collection accordingly – your tracking tags will fire only if visitors agree to their use.

User data requests

Give your visitors a way to place requests about their data – e.g. deletion, change, transfer. With our Consent Manager, you’ll be able to keep track of the inquiries and respond to them in a timely manner.

Data anonymization

You don’t have to choose between personal data and no data at all. Data anonymization allows you to respect visitor’s privacy preferences and still have access to valuable insights about their experience on your website.


ISO 27001 & SOC 2 certification

We’ve received ISO 27001 and SOC 2 certifications and we consistently manage information security in alignment with both standards. The scope of the protection covers all information processed within our company, in every form and place of our operations.

External security audits

We regularly review our security controls to spot and fix vulnerabilities and deficiencies in our platform. The impartiality and the highest standards of audits are verified by experienced third-party auditors.

Granular permission levels

To better control access to your data, you can create multiple user groups with different permission levels and implement your preferred SSO authentication (including SAML & Active Directory / LDAP).

Guaranteed uptime with 99% SLA

Whatever SLA level you choose, you get guaranteed support so that all critical issues, uptime and incidents are under control and handled within the agreed time frame.

Application security

Piwik PRO security is based on API user authentication. Each individual action such as API communication is safeguarded by JSON Web Tokens, an industry standard that ensures security between the parties.

Introduce your own security measures

With flexible deployment methods you’re able to keep our products within your organization’s security perimeter and fully remove Piwik PRO as a data processor.

“The high number of partners from industries that handle sensitive data perfectly reflects our commitment to privacy and security. Each contract we sign with our clients shows that we’ve addressed and met their strict requirements.”

Grzegorz Jendroszczyk
Business Development Manager EMEA at Piwik PRO

Data storage security

Safe hosting options

Piwik PRO Analytics Suite offers two private cloud options in one from over 60 locations (dedicated database and dedicated hardware) and a secure public cloud. The choice of data center where your information will be stored is up to you.

Data center security

Piwik PRO Cloud is hosted on fully redundant, SOC 2-certified infrastructure with up to 99,5% uptime guaranteed under an SLA. Our clients can choose between Azure cloud servers in the US, Germany, Hong Kong, the Netherlands, Orange Cloud in France and Elastx in Sweden.

System security

We apply the latest security fixes and disable every web server feature that could expose Piwik PRO to attacks. We store all your data in a dedicated database separated from the data of other clients.

Network security & SSL

We use HTTPS connection, dedicated firewalls, switches and databases with no direct access. We constantly monitor our network on multiple layers – firewall, servers & DNS, page load response times, web request & errors, and more.

Physical access control

Full access to servers is restricted to administrators and is available only from specified IP addresses with a secure VPN connection. Your access is authenticated with cryptographically secure key pairs.

Backup policy

In order to ensure maximum recovery capability your data is backed up into three buckets: Database Data, your HTTP Access Logs and System Configuration, each with a specific backup policy assigned to them.

Want to learn more about how we ensure security & privacy to your data?

We’re here to answer all your questions!