Personal data Matomo analytics collects and why FAQ - New to Matomo

If done in compliance with privacy laws, the collection of personal data is not inherently bad, and it is often desirable as part of the analytics process. Matomo offers different privacy-focused configurations that allow you to decide what personal data you wish to collect. Certain configurations are available in default settings, others require active configuration by a Matomo Superuser.

Matomo collects and processes the following personal data by default:

IP Address – This is used to identify the location of a user. There are multiple levels of masking or anonymisation and each can be checked against a database on your server for varying levels of accuracy. By default, Matomo automatically masks the IP address by obscuring the last 2 bytes.
URLs and Page Titles – These help you understand how people use your site but can contain personal data. An example is if you provide custom profile pages and URLs for registered users.
Referrer URLs – These can contain personal data such as Facebook/Google referral IDs and even third-party profile URLs. By default, Matomo stores the referrer URLs, but you can restrict the the amount of referrer data that Matomo will store when a visitor enters your website. Read more on how to anonymise the referrer information.
Tracking Cookie IDs – These are unique identifiers which can help determine whether a visit is from a new or returning user. You can configure cookieless tracking – see how to go cookieless (disable all cookies) for a visitor.
Geolocation Data – This is useful for understanding the geographic trends of your website’s visitors. However, it can also be used to identify where a specific user is, if linked to a User ID or if you only have a few users in remote locations.
Site Searches – As you have no control over what users input to your website’s search bar, it is possible that a user may enter personal data when seeking information.

Other personal data may be collected based on your specific settings and plugins. Some examples are:

Custom Events – These help you understand how people use your site but can contain personal data. An example is if you provide custom profile pages and URLs for registered users.
Heatmap and Session Recordings – Used for optimising the design and flow of a site. Visit data may make it obvious who is using the site in a recording. It is possible to mask content areas where you expect personal data to appear.
User ID – This might be a username or email address collected when a user logs in. It is an optional feature that can be used to aid with counting unique visits and to track user-level interactions across devices and time.
Ecommerce Order IDs – These are used to avoid duplication of tracking; however, they can be traced back to the specific order which almost certainly contains personal data such as name/address.
Custom Dimensions, Events and Variables – These are all customisable tracking mechanisms which could contain personal data if specifically configured to do so. For example, if a health-focused site decided to track known diagnoses alongside a user’s page views.

Click here for a more comprehensive view of the data Matomo collects, including non-personal data.

Next FAQ: Privacy considerations for personal data in analytics

Previous FAQ: Configure Privacy Settings in Matomo

Feedback on this page