- User IP address (see also: IP anonymisation)
- Optional User ID
- Date and time of the request
- Title of the page being viewed (Page Title)
- URL of the page being viewed (Page URL)
- URL of the page that was viewed prior to the current page (Referrer URL)
- Screen resolution being used
- Time in local user’s timezone
- Files that were clicked and downloaded (Download)
- Links to an outside domain that were clicked (Outlink)
- Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the user: Page speed)
- Location of the user: country, region, city, approximate latitude and longitude (Geolocation)
- Main Language of the browser being used (
- User Agent of the browser being used (
From the User-Agent, we use our Universal Device Detection library to detect the browser, operating system, device used (desktop, tablet, mobile, tv, cars, console, etc.), brand and model.
Some information is also stored in first party cookies and then collected by Matomo:
- Random unique Visitor ID
- Time of the first visit for this user
- Time of the previous visit for this user
- Number of visits for this user
(Note: it is possible to disable tracking cookies)
Data that may be tracked (optional)
You may also configure Matomo to track optional information about your users or how they are using your website and apps:
- Custom Dimensions
- Custom Variables
- Site Search
- Viewing and clicking on Contents
- Mouse movements, clicks, and scrolls
- Form interactions
- Video and audio interactions
Data tracked which may be personal data or Personally Identifiable Information (PII)
Some data tracked by Matomo can be personal, private, sensitive and/or confidential. Unsure of what PII is? Read this introduction on personally identifiable information.
The following information may contain such personal data, depending on what pages you track and what data is being collected (see also: how not to process any personal data):
- IP Address is considered personal data, unless you have enabled the IP anonimisation to at least 2 bytes.
- User ID may be personal data (you may also activate the privacy feature to replace each User ID with a pseudonym).
- Custom dimensions and Custom variables may store personal data.
- Site searches (on your website) may be personal data (for example when users search for their name or postcode on your website search engine).
- Both Heatmap pages and Session Recordings, may contain personal data (for example, a Profile page on a social media website would include the name and photo of the user which would be recorded in the Heatmap and/or the Session Recording). If you want to not track these data, then you can specifically discard tracking them by using
data-matomo-maskattribute on these page elements containing personal data.
- In Session recordings, please note that by default all form fields values are automatically discarded and not tracked. To track form field values in Session Recordings, you would need to manually mark the form fields to track with
- Both Page URLs and Page titles and Custom Events may contain personal data depending on how your website(s) are designed (for example when the Page URL or URL parameters include email, postcode, name, or a physical address).
- Referrer URLs may contain personal data (for example when your users come from another website which leaks your visitor’s personal data in their page URLs).
- Tracking cookies IDs may (or may not) be considered personal data, and can be disabled.
- Geolocation is based on the IP address and may be considered personal data.
- Ecommerce Order IDs is generally considered personal data as the order ID can be linked back to the customer. You may also activate the privacy feature to replace each Order ID with a pseudonym.