Privacy & security

The highest privacy & security standards for your data

Collect and process user data without risking heavy fines

Privacy

Compliance with privacy & security laws

Team up with an analytics vendor that has a proven reputation of protecting personal data. Our product will help you act in line with data privacy regulations, including: GDPR, LGPD, Chinese Internet Law and Russian Law 526-FZ.

Alignment with sectoral standards & regulations

Use platform that lives up to the strict requirements of Health Insurance Portability and Accountability Act (HIPAA) & EBA’s guidelines for the use of cloud service providers by financial institutions.

100% data ownership & residency of choice

Get full data ownership with on-premises and private cloud hosting options. Store your data in a chosen location and never send it to external servers or third parties. That wouldn’t be the case with Google Analytics.

Data processing agreement

Sign a detailed data processing agreement with us so that every party clearly understands its role in handling personal data. You’ll know exactly what to expect from us and how we ensure the safety of your data.

“We started looking for a new tool because of security and privacy reasons. Because we didn’t want to share our customer’s data with third parties, especially those not based in Europe, Google Analytics wasn’t an option. Piwik PRO was the only platform that fully met our needs (…)”

Erik van der Kooij
Head of Digital at XS4ALL

Privacy compliance software

Use Piwik PRO Consent Manager to create and implement your requests. Obtain valid consents and adjust data collection accordingly – your tracking tags will fire only if visitors agree to their use.

User data requests

Give your visitors a way to place requests about their data – e.g. deletion, change, transfer. With our Consent Manager, you’ll be able to keep track of the inquiries and respond to them in a timely manner.

Data anonymization

You don’t have to choose between personal data and no data at all. Data anonymization allows you to respect visitor’s privacy preferences and still have access to valuable insights about their experience on your website.

Security

ISO 27001

We’ve received ISO 27001 certification and we consistently manage information security in alignment with this standard. The scope of the protection covers all information processed within our company, in every form and place of our operations.

External security audits

We regularly review our security controls to spot and fix vulnerabilities and deficiencies in our platform. The impartiality and the highest standards of audits are verified by experienced third-party auditors.

Granular permission levels

To restrict access to your data, you can create multiple user groups with different permission levels and implement your preferred SSO authentication (including SAML & Active Directory / LDAP).

Guaranteed uptime with 99% SLA

Whatever SLA level you choose, you get guaranteed support so that all critical issues, uptime and incidents are under control and handled within the agreed time frame.

Application security

Piwik PRO security is based on API user authentication. Each individual action such as API communication is safeguarded by JSON Web Tokens, an industry standard that ensures security between the parties.

Introduce your own security measures

With flexible deployment methods you’re able to keep our products within your organization’s security perimeter and fully remove Piwik PRO as a data processor.

“The high number of partners from industries that handle sensitive data perfectly reflects our commitment to privacy and security. Each contract we sign with our clients shows that we’ve addressed and met their strict requirements.”

Grzegorz Jendroszczyk
Data Protection Officer at Piwik PRO

Data storage security

Safe hosting options

If you decide to go on-premise, together we’ll work out the optimal security level for your data. In the case of private cloud, we’re committed to the standards detailed in the following points.

Data center security

Piwik PRO Cloud is hosted on fully redundant Microsoft Azure cloud infrastructure with 99% SLA in a SOC 2 certified data center. Your data is stored on secure servers located in the US, Germany or the Netherlands.

System security

We apply the latest security fixes and disable every web server feature that could expose Piwik PRO to attacks. We store all your data in a dedicated database separated from the data of other clients.

Network security & SSL

We use HTTPS connection, dedicated firewalls, switches and databases with no direct access. We constantly monitor our network on multiple layers – firewall, servers & DNS, page load response times, web request & errors, and more.

Physical access control

Full access to servers is restricted to administrators and is available only from specified IP addresses with a secure VPN connection. Your access is authenticated with cryptographically secure key pairs.

Backup policy

In order to ensure maximum recovery capability your data is backed up into three buckets: Database Data, your HTTP Access Logs and System Configuration, each with a specific backup policy assigned to them.

Want to learn more about how we ensure security & privacy to your data?

We’re here to answer all your questions!

Request a demo