Collect and process user data without risking heavy fines
Use platform that lives up to the strict requirements of Health Insurance Portability and Accountability Act (HIPAA) & EBA’s guidelines for the use of cloud service providers by financial institutions.
Have full control over the data you collect. Choose between different data locations and hosting options to satisfy even the strictest privacy laws and internal protocols. That wouldn’t be the case with Google Analytics.
Sign a detailed data processing agreement with us so that every party clearly understands its role in handling personal data. You’ll know exactly what to expect from us and how we ensure the safety of your data.
Erik van der Kooij“We started looking for a new tool because of security and privacy reasons. Because we didn’t want to share our customer’s data with third parties, especially those not based in Europe, Google Analytics wasn’t an option. Piwik PRO was the only platform that fully met our needs (…)”
Use Piwik PRO Consent Manager to create and implement your requests. Obtain valid consents and adjust data collection accordingly – your tracking tags will fire only if visitors agree to their use.
Give your visitors a way to place requests about their data – e.g. deletion, change, transfer. With our Consent Manager, you’ll be able to keep track of the inquiries and respond to them in a timely manner.
You don’t have to choose between personal data and no data at all. Data anonymization allows you to respect visitor’s privacy preferences and still have access to valuable insights about their experience on your website.
We’ve received ISO 27001 and SOC 2 certifications and we consistently manage information security in alignment with both standards. The scope of the protection covers all information processed within our company, in every form and place of our operations.
We regularly review our security controls to spot and fix vulnerabilities and deficiencies in our platform. The impartiality and the highest standards of audits are verified by experienced third-party auditors.
To better control access to your data, you can create multiple user groups with different permission levels and implement your preferred SSO authentication (including SAML & Active Directory / LDAP).
Whatever SLA level you choose, you get guaranteed support so that all critical issues, uptime and incidents are under control and handled within the agreed time frame.
Piwik PRO security is based on API user authentication. Each individual action such as API communication is safeguarded by JSON Web Tokens, an industry standard that ensures security between the parties.
With flexible deployment methods you’re able to keep our products within your organization’s security perimeter and fully remove Piwik PRO as a data processor.
Grzegorz Jendroszczyk“The high number of partners from industries that handle sensitive data perfectly reflects our commitment to privacy and security. Each contract we sign with our clients shows that we’ve addressed and met their strict requirements.”
If you decide to go on-premise, together we’ll work out the optimal security level for your data. In the case of private cloud, we’re committed to the standards detailed in the following points.
Piwik PRO Cloud is hosted on fully redundant, SOC 2-certified infrastructure with up to 99,5% uptime guaranteed under an SLA. Our clients can choose between Azure cloud servers in the US, Germany, Hong Kong and the Netherlands, and a European-owned data center in Sweden provided by Elastx.
We apply the latest security fixes and disable every web server feature that could expose Piwik PRO to attacks. We store all your data in a dedicated database separated from the data of other clients.
We use HTTPS connection, dedicated firewalls, switches and databases with no direct access. We constantly monitor our network on multiple layers – firewall, servers & DNS, page load response times, web request & errors, and more.
Full access to servers is restricted to administrators and is available only from specified IP addresses with a secure VPN connection. Your access is authenticated with cryptographically secure key pairs.
In order to ensure maximum recovery capability your data is backed up into three buckets: Database Data, your HTTP Access Logs and System Configuration, each with a specific backup policy assigned to them.
We’re here to answer all your questions!
