Security

ISO 27001 & SOC 2 certification

We’ve received ISO 27001, SOC 2  , and HIPAA certifications and consistently manage information security in alignment with the standards. The scope of the protection covers all information processed within our company, in every form and place of our operations.

External security audits

We regularly review our security controls to spot and fix vulnerabilities and deficiencies in our platform. The impartiality and the highest standards of audits are verified by experienced third-party auditors.

Granular permission levels

To better control access to your data, you can create multiple user groups with different permission levels and implement your preferred SSO authentication (including SAML & Active Directory / LDAP). 

Guaranteed uptime with 99% SLA

Whatever SLA level you choose, you get guaranteed support so that all critical issues, uptime and incidents are under control and handled within the agreed time frame.

Application security

Piwik PRO security is based on API user authentication. Each individual action such as API communication is safeguarded by JSON Web Tokens, an industry standard that ensures security between the parties.

Introduce your own security measures

With flexible deployment methods you’re able to keep our products within your organization’s security perimeter and fully remove Piwik PRO as a data processor.

“The high number of partners from industries that handle sensitive data perfectly reflects our commitment to privacy and security. Each contract we sign with our clients shows that we’ve addressed and met their strict requirements.”

Grzegorz Jendroszczyk

Business Development Manager EMEA at Piwik PRO

Data storage security

Safe hosting options

Piwik PRO Analytics Suite offers two private cloud options in one from over 60 locations (dedicated database and dedicated hardware) and a secure public cloud. The choice of data center where your information will be stored is up to you.

Data center security

Piwik PRO Cloud is hosted on fully redundant, SOC 2-certified infrastructure with up to 99,5% uptime guaranteed under an SLA. Our clients can choose between Azure cloud servers in the US, Germany, Hong Kong, the Netherlands, Orange Cloud in France and Elastx in Sweden.

System security

We apply the latest security fixes and disable every web server feature that could expose Piwik PRO to attacks. We store all your data in a dedicated database separated from the data of other clients.

Network security & SSL

We use HTTPS connection, dedicated firewalls, switches and databases with no direct access. We constantly monitor our network on multiple layers – firewall, servers & DNS, page load response times, web request & errors, and more.

Physical access control

Full access to servers is restricted to administrators and is available only from specified IP addresses with a secure VPN connection. Your access is authenticated with cryptographically secure key pairs.

Backup policy

In order to ensure maximum recovery capability your data is backed up into three buckets: Database Data, your HTTP Access Logs and System Configuration, each with a specific backup policy assigned to them.

Want to learn more about how we ensure security & privacy to your data?

We’re here to answer all your questions!