New Update: Matomo 4.10.0
Oops… there was a problem during the request. Maybe the server had a temporary issue, or maybe you requested a report with too much data. Please try again. If this error occurs repeatedly please contact your Matomo administrator for assistance.

Need more help? FAQCommunity HelpProfessional Help.

GDPR Overview

The General Data Protection Regulation (GDPR) is a regulation which strengthens and unifies data protection for all individuals within the European Union (EU).

If you take steps to ensure no personal data is collected in Matomo, then you may not be concerned by the GDPR for Matomo (if you track no IP addresses, no user IDs, no geolocation data, etc.).

If you are processing personal data of European citizens through Matomo, even if your company is located outside Europe, you need to fulfill GDPR obligations and this guide will help you.

Find below our tools that let you exercise your users’ rights easily, and the list of actions to take in order to make your use of Matomo compliant with the GDPR and safeguard your data. Visit our GDPR User guide to learn even more.

Exercise the rights of your users with our GDPR-friendly procedures:

  1. The right to be informed: inform your users with a clear privacy notice.
  2. The right of access: search for a data subject and export all of their data.
  3. The right to erasure: search for a data subject and delete some or all of their data.
  4. The right to rectification: you can search for a data subject and delete some or all of their data.
  5. The right to data portability: search for a data subject and export all of their data.
  6. The right to object: let your users easily opt-out on your privacy policy page.
  7. If you offer online services to children and rely on consent to collect information about them, then you may need a parent or guardian’s consent in order to process the children’s personal data lawfully.

Inform your users clearly and transparently, and make your colleagues aware of the data being collected and how it is used:

  1. Inform your visitors through a clear privacy notice whenever you’re collecting personal data.
  2. Inform your users in your privacy policy about what data you collect and how the data is used.
  3. Make your team aware that you are using Matomo Analytics and what data is being collected by your analytics platform.
  4. Document your use of Matomo within your information asset register.

Inform your users clearly and transparently, and make your colleagues aware of the data being collected and how it is used:

  1. Apply our security recommendations in order to keep your Matomo data safe.
  2. Check that you have a written contract with the company providing you the Matomo server or hosting which ensures appropriate safeguards are provided.
  3. Include Matomo in your data breach procedure.
  4. Include Matomo in your data privacy impact assessment (DPIA), if applicable.

Data retention for data stored in Matomo:

  • visits and actions raw data are never deleted.
  • aggregated reports are never deleted.


The overall data retention rate for your privacy policy is the raw data retention rate. Please note that aggregated reports may contain personal data as well. If you are using features like User ID, Custom Variables, Custom Dimension, or track personal data in other ways such as events, page URLs or page titles, etc, then the overall data retention rate for your privacy policy is the higher of the two.

Available shortcuts