config
3 months ago
core
3 months ago
js
3 months ago
lang
3 months ago
libs
3 months ago
node_modules
4 months ago
plugins
3 months ago
vendor
3 months ago
.htaccess
6 years ago
DIObject.php
2 years ago
LEGALNOTICE
6 months ago
LICENSE
2 years ago
LegacyAutoloader.php
2 years ago
PRIVACY.md
5 years ago
README.md
6 months ago
SECURITY.md
2 years ago
bootstrap.php
1 year ago
console
6 years ago
favicon.ico
2 years ago
index.php
2 years ago
matomo.js
3 months ago
matomo.php
2 years ago
offline-service-worker.js
5 years ago
piwik.js
3 months ago
piwik.php
6 months ago
robots.txt
5 years ago
PRIVACY.md
61 lines
| 1 | # Privacy |
| 2 | This is a summary of all of the components within Matomo which may affect your privacy in some way. Please keep in mind |
| 3 | third party Themes, Plugins or Apps may introduce privacy concerns not listed here. |
| 4 | |
| 5 | ## Privacy for users being tracked by Matomo |
| 6 | In this section we document how to protect the privacy of visitors who are tracked by your Matomo analytics service. |
| 7 | |
| 8 | ### Anonymise visitor IP addresses |
| 9 | By default, Matomo stores the visitor IP address (IPv4 or IPv6 format) in the database for each new visitor. |
| 10 | If a visitor has a static IP address this means their browsing history can be easily identified across several days and |
| 11 | even across several websites tracked within the same Matomo server. You can anonymize IP addresses to ensure visitors cannot |
| 12 | be tracked this way: [](https://matomo.org/docs/privacy/#step-1-automatically-anonymize-visitor-ipsHow to anonymise IP addresses.](https://matomo.org/docs/privacy/#step-1-automatically-anonymize-visitor-ips](https://matomo.org/docs/privacy/#step-1-automatically-anonymize-visitor-ips) |
| 13 | |
| 14 | ### Delete old visitors logs |
| 15 | By default, Matomo stores tracked data forever. To better respect the privacy of your users, it is recommended to regularly |
| 16 | purge old data. You can configure Matomo to automatically delete log data older than a specified number of months: |
| 17 | [](https://matomo.org/docs/privacy/#step-2-delete-old-visitors-logsHow to delete old visitors log data.](https://matomo.org/docs/privacy/#step-2-delete-old-visitors-logs](https://matomo.org/docs/privacy/#step-2-delete-old-visitors-logs) |
| 18 | |
| 19 | ### Include a tracking Opt-Out feature on your site |
| 20 | In your website, we recommended providing an easy way for your visitors to “opt-out” of being tracked by Matomo. |
| 21 | You can use the Opt-Out feature to display a link your website that sets a special browser cookie (`matomo_ignore`) when |
| 22 | clicked. Visitors that click that link will be ignored by Matomo in the future: |
| 23 | [](https://matomo.org/docs/privacy/#step-3-include-a-web-analytics-opt-out-feature-on-your-site-using-an-iframeHow to include a tracking opt-out iframe.](https://matomo.org/docs/privacy/#step-3-include-a-web-analytics-opt-out-feature-on-your-site-using-an-iframe](https://matomo.org/docs/privacy/#step-3-include-a-web-analytics-opt-out-feature-on-your-site-using-an-iframe) |
| 24 | |
| 25 | ### Respect DoNotTrack preference |
| 26 | Do Not Track is a browser-level technology and policy proposal that lets visitors opt out of tracking by websites they |
| 27 | do not visit. Visitors can enable this preference in their browser, and then it's up to Matomo to respect it. By default, |
| 28 | Matomo is configured to ignore visitors that have enabled it: |
| 29 | [How to check if your Matomo respects DoNotTrack.] (https://matomo.org/docs/privacy/#step-4-respect-donottrack-preference) |
| 30 | |
| 31 | ### Disable tracking cookies |
| 32 | A cookie is a collection of information that a website stores on a visitor’s computer and accesses each time the visitor |
| 33 | returns. By default, Matomo uses cookies to aid in tracking visitor behavior. If someone gains access to a visitor's |
| 34 | computer, they could learn a few things about how the visitor visited your website. For many websites, this isn't a |
| 35 | problem, but for others where a strong level of privacy is required (like online banking), disabling tracking cookies may |
| 36 | be a good idea: [](https://matomo.org/faq/general/faq_157/How to disable tracking cookies.](https://matomo.org/faq/general/faq_157/](https://matomo.org/faq/general/faq_157/) |
| 37 | |
| 38 | ### Keep your visitors details private |
| 39 | Any user that has at least `view` access (the default access level) to Matomo can view detailed information for all users |
| 40 | tracked in Matomo (such as their IP addresses, visitor IDs, details of all past visits and actions, etc.) through features |
| 41 | provided by the `Live` plugin (such as the Visitor Log and Visitor Profile). As the Matomo administrator, you may decide |
| 42 | that not all of your users need access to this data. You can deactivate the `Live` plugin to prevent users from viewing |
| 43 | visitor details in the Administration > Plugins page. |
| 44 | |
| 45 | ## Privacy for Matomo admins and website owners |
| 46 | In this section we document how a Matomo administrator can better protect their own privacy. |
| 47 | |
| 48 | ### Keep your Matomo server URL private |
| 49 | By default, the Matomo Javascript code on all tracked websites contains the Matomo server URL. In some cases you might |
| 50 | want to hide this Matomo URL completely while still tracking all websites in your Matomo instance. To hide your Matomo |
| 51 | server's URL, you can modify the Javascript Tracking code and point it to a proxy piwik.php script instead of your actual |
| 52 | Matomo server: [](https://matomo.org/faq/how-to/faq_132/How to keep Matomo server URL private.](https://matomo.org/faq/how-to/faq_132/](https://matomo.org/faq/how-to/faq_132/) |
| 53 | |
| 54 | ### Automatic update check |
| 55 | From time to time, Matomo uses `api.matomo.org` to check if the current version of Matomo is the latest version of Matomo. |
| 56 | If an update is available, a notification is displayed allowing you to upgrade Matomo. To disable the update check, |
| 57 | and stop your instance from sending HTTP requests to `api.matomo.org`, deactivate the "Automatic update" feature by |
| 58 | setting `enable_auto_update = 0` in your configuration file `config/config.ini.php`. |
| 59 | |
| 60 | Learn more about [](https://matomo.org/privacy/Privacy in Matomo](https://matomo.org/privacy/](https://matomo.org/privacy/). |
| 61 |