This guide explains the privacy implications of tracking your visitors’ web analytics data, and how Piwik can easily be configured to ensure that your users’ privacy is respected.

Piwik ensures the privacy of your users and analytics data. When using Piwik, YOU keep control of your data, nobody else does. Your data is stored in your own MySQL database, and logs or report data will never be sent to other servers by Piwik. Learn more about Privacy.

To ensure further security, after you have installed Piwik, we recommend that you:

  1. make your Piwik server more secure by undertaking a few extra security checks
  2. follow the guide below to enable important Privacy features

By design, Piwik ensures that your analytics data is only accessible to the Piwik administrator, meaning it is completely secure. This guide will explain how to easily make your favourite web analytics tool “privacy compliant”. Firstly, you will need to log in as Super User and click on Settings > Privacy.

Step 1) Automatically Anonymize Visitor IPs

By default, Piwik stores the visitor IP address (ipv4 or ipv6 format) in the database for each new visitor. If your user has a static IP address this means his browsing history could be easily tracked across several days and even across websites tracked within the same Piwik server.

To ensure that you do not store the visitor IP, which is Personally Identifiable Information (PII), please go to Settings > Privacy to enable IP anonymization, with at least 2 bytes masked from the IP.

Step 2) Delete Old Visitors Logs

You can configure Piwik to automatically delete your older logs from the database. For privacy reasons, we highly recommend that you keep the detailed Piwik logs for only 3 to 6 months and delete older log data.

Deleting old logs also has one other important advantage: it will free significant database space, which will, in turn, slightly increase performance!

If you run the automatic script as explained in the FAQ, it is safe to delete your old log data and still access all historical reports in Piwik.

Step 3) Include a Web Analytics Opt-Out Feature on Your Site (Using an iFrame)

On your website, in your existing privacy policy page or in the ‘Legal’ page, you can actually add a way for your visitors to “opt-out” of being tracked by your Piwik server. By default, all of your website visitors are tracked, but if they opt-out by clicking on the iframe link, a cookie ‘piwik_ignore’ will be set. All visitors with a piwik_ignore cookie will not be tracked.

In Settings > Privacy, you will be able to copy and paste the following Iframe code:

Here below is the example iframe for this website. You can opt out from being tracked on demo.piwik.org:

Step 4) Respect DoNotTrack preference

Do Not Track is a technology and policy proposal that enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms. By default, Piwik respects users preference and will not track visitors which have specified “I do not want to be tracked” in their web browsers. For more information about DoNotTrack, check out donottrack.us.

Step 5) Optional Privacy Preferences

  • As the Piwik administrator, you may decide that giving access to real time & visitor log features are not necessary for your Piwik users. In this case, you can disable the Live plugin in Settings > Plugins.
  • If you track a number of websites with the same Piwik server, all your websites’ code will contain the Piwik server URL in the Javascript code. To prevent other users from finding out all your websites, you can Hide the Piwik Server URL in your JavaScript using this technique (FAQ)
  • Some countries legislation require websites to control which cookies they set based on user preferences. You can easily disable all Piwik Cookies for a particular visitors or for all visitors by calling a Javascript function in the Piwik code, see the FAQ: How do I disable tracking cookies?.

For reference the list of metadata and data points and collected by Piwik is documented here.