<!DOCTYPE html> <html lang="en" class="h-full"><head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Plausible Analytics Security Practices | Plausible Analytics</title> <meta name="generator" content="Jekyll v3.9.2"/> <meta property="og:title" content="Plausible Analytics Security Practices"/> <meta property="og:locale" content="en_US"/> <meta name="description" content="Here鈥檚 a detailed overview of the technical and organizational security measures we use to secure Plausible and protect your data."/> <meta property="og:description" content="Here鈥檚 a detailed overview of the technical and organizational security measures we use to secure Plausible and protect your data."/> <link rel="canonical" href="https://plausible.io/security"/> <meta property="og:url" content="https://plausible.io/security"/> <meta property="og:site_name" content="Plausible Analytics"/> <meta property="og:image" content="https://plausible.io/assets/images/plausible_promo.jpg"/> <meta property="og:type" content="website"/> <meta name="twitter:card" content="summary_large_image"/> <meta property="twitter:image" content="https://plausible.io/assets/images/plausible_promo.jpg"/> <meta property="twitter:title" content="Plausible Analytics Security Practices"/> <meta name="twitter:site" content="@ukutaht"/> <script type="application/ld+json"> {"@context":"https://schema.org","@type":"WebPage","description":"Here鈥檚 a detailed overview of the technical and organizational security measures we use to secure Plausible and protect your data.","headline":"Plausible Analytics Security Practices","image":"https://plausible.io/assets/images/plausible_promo.jpg","url":"https://plausible.io/security"}</script> <link rel="apple-touch-icon" sizes="180x180" href="/assets/images/icon/apple-touch-icon.png"/> <link rel="icon" type="image/png" sizes="32x32" href="/assets/images/icon/favicon-16x16.png"/> <link rel="icon" type="image/png" sizes="16x16" href="/assets/images/icon/favicon-32x32.png"/> <link rel="stylesheet" href="/assets/css/style.css?v=1743500318"> <link rel="preload" href="/assets/css/tooltip.css?v=1743500318" as="style" onload="this.onload=null;this.rel='stylesheet'"> <noscript><link rel="stylesheet" href="/assets/css/tooltip.css?v=1743500318;"></noscript> <script>document.cookie.includes("logged_in=true")&&"https://plausible.io/"==window.location.href&&(window.location.pathname="/sites");</script> <script defer data-domain="plausible.io" src="https://plausible.io/js/script.manual.js"></script> <script>window.plausible=window.plausible||function(){(window.plausible.q=window.plausible.q||[]).push(arguments)};var props={browser_language:navigator.language||navigator.userLanguage};window.plausible("pageview",{props:props}),window.addEventListener("pageshow",function(a){a.persisted&&window.plausible("pageview",{props:props})});</script><link type="application/atom+xml" rel="alternate" href="https://plausible.io/blog/feed.xml" title="Plausible Analytics"/></head> <body class="flex flex-col h-full bg-gray-50"><nav x-data="{mobileNav: false}" class="relative py-8 z-10"> <div class="container"> <nav class="relative flex items-center justify-between sm:h-10 md:justify-center"> <div class="flex items-center flex-1 md:absolute md:inset-y-0 md:left-0"> <div class="flex items-center justify-between w-full md:w-auto"> <a href="/"><img class="h-8 w-auto sm:h-10 -mt-2" src="/assets/images/icon/plausible_logo.svg" alt="Plausible logo"/></a> <div class="-mr-2 flex items-center md:hidden"> <button @click="mobileNav = true" type="button" class="inline-flex items-center justify-center p-2 rounded-md text-gray-400 hover:text-gray-500 hover:bg-gray-100 focus:outline-none focus:bg-gray-100 focus:text-gray-500 transition duration-150 ease-in-out"> <svg class="h-6 w-6" stroke="currentColor" fill="none" viewBox="0 0 24 24"> <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 6h16M4 12h16M4 18h16"/> </svg> </button> </div> </div> </div> <div class="hidden md:block"> <div x-data="{open: false}" class="relative inline-block text-left"> <div> <span @click="open = !open" class="cursor-pointer inline-flex justify-center font-medium text-gray-500 hover:text-gray-900 focus:outline-none focus:text-gray-900 transition duration-150 ease-in-out"> Why Plausible <svg class="-mr-1 h-5 w-5" style="transform: translateY(3px);" fill="currentColor" viewBox="0 0 20 20"> <path fill-rule="evenodd" d="M5.293 7.293a1 1 0 011.414 0L10 10.586l3.293-3.293a1 1 0 111.414 1.414l-4 4a1 1 0 01-1.414 0l-4-4a1 1 0 010-1.414z" clip-rule="evenodd"/> </svg> </span> </div> <div x-show="open" @click.away="open = false" style="display: none;" x-transition:enter="transition ease-out duration-200" x-transition:enter-start="opacity-0 translate-y-1" x-transition:enter-end="opacity-100 translate-y-0" x-transition:leave="transition ease-in duration-150" x-transition:leave-start="opacity-100 translate-y-0" x-transition:leave-end="opacity-0 translate-y-1" class="absolute left-1/2 transform -translate-x-1/2 mt-3 px-2 w-screen max-w-md sm:px-0"> <div class="rounded-lg shadow-lg"> <div class="rounded-lg shadow-xs overflow-hidden"> <div class="z-20 relative grid gap-6 bg-white px-5 py-6 sm:gap-8 sm:p-8"> <a href="/simple-web-analytics" class="-m-3 p-3 flex items-start space-x-4 rounded-lg hover:bg-gray-50 transition ease-in-out duration-150"> <svg class="flex-shrink-0 h-6 w-6 text-indigo-600" fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2" viewBox="0 0 24 24"> <path d="M9 19V13C9 11.8954 8.10457 11 7 11H5C3.89543 11 3 11.8954 3 13V19C3 20.1046 3.89543 21 5 21H7C8.10457 21 9 20.1046 9 19ZM9 19V9C9 7.89543 9.89543 7 11 7H13C14.1046 7 15 7.89543 15 9V19M9 19C9 20.1046 9.89543 21 11 21H13C14.1046 21 15 20.1046 15 19M15 19V5C15 3.89543 15.8954 3 17 3H19C20.1046 3 21 3.89543 21 5V19C21 20.1046 20.1046 21 19 21H17C15.8954 21 15 20.1046 15 19Z"/> </svg> <div class="space-y-1"> <p class="text-base leading-6 font-medium text-gray-900"> Intuitive Dashboard </p> <p class="text-sm leading-5 text-gray-500"> Get all the important stats on one single page. No training necessary. </p> </div> </a> <a href="/lightweight-web-analytics" class="-m-3 p-3 flex items-start space-x-4 rounded-lg hover:bg-gray-50 transition ease-in-out duration-150"> <svg class="flex-shrink-0 h-6 w-6 text-indigo-600" fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2" viewBox="0 0 24 24"> <path d="M13 10V3L4 14H11L11 21L20 10L13 10Z"> </svg> <div class="space-y-1"> <p class="text-base leading-6 font-medium text-gray-900"> Lightweight Script </p> <p class="text-sm leading-5 text-gray-500"> Bloated analytics scripts can slow down your website. Plausible script is lightweight and fast. </p> </div> </a> <a href="/privacy-focused-web-analytics" class="-m-3 p-3 flex items-start space-x-4 rounded-lg hover:bg-gray-50 transition ease-in-out duration-150"> <svg class="flex-shrink-0 h-6 w-6 text-indigo-600" fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2" viewBox="0 0 24 24"> <path d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z"/> </svg> <div class="space-y-1"> <p class="text-base leading-6 font-medium text-gray-900"> Privacy Focused </p> <p class="text-sm leading-5 text-gray-500"> Built with privacy of your visitors in mind. No need to annoy them with a cookie/GDPR consent banner. </p> </div> </a> <a href="/open-source-website-analytics" class="-m-3 p-3 flex items-start space-x-4 rounded-lg hover:bg-gray-50 transition ease-in-out duration-150"> <svg class="flex-shrink-0 h-6 w-6 text-indigo-600" fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2" viewBox="0 0 24 24"> <path d="M10 20L14 4M18 8L22 12L18 16M6 16L2 12L6 8"> </svg> <div class="space-y-1"> <p class="text-base leading-6 font-medium text-gray-900"> Open Source </p> <p class="text-sm leading-5 text-gray-500"> Built openly on GitHub, released under the AGPL license and can be self-hosted too. </p> </div> </a> </div> <div class="px-5 py-5 bg-gray-50 space-y-5 sm:px-8 sm:py-8"> <div class="flex justify-between"> <div class="space-y-4"> <h3 class="text-sm leading-5 tracking-wide font-medium text-gray-500 uppercase"> Industry </h3> <ul class="space-y-4"> <li class="text-base leading-6 truncate"> <a href="/for-ecommerce-saas" class="font-medium text-gray-900 hover:text-gray-700 transition ease-in-out duration-150"> For startups </a> </li> <li class="text-base leading-6 truncate"> <a href="/for-freelancers-agencies" class="font-medium text-gray-900 hover:text-gray-700 transition ease-in-out duration-150"> For agencies </a> </li> <li class="text-base leading-6 truncate"> <a href="/for-bloggers-creators" class="font-medium text-gray-900 hover:text-gray-700 transition ease-in-out duration-150"> For creators </a> </li> <li class="text-base leading-6 truncate"> <a href="/white-label-web-analytics" class="font-medium text-gray-900 hover:text-gray-700 transition ease-in-out duration-150"> White label </a> </li> </ul> </div> <div class="space-y-4"> <h3 class="text-sm leading-5 tracking-wide font-medium text-gray-500 uppercase"> Comparisons </h3> <ul class="space-y-4"> <li class="text-base leading-6 truncate"> <a href="/vs-google-analytics" class="font-medium text-gray-900 hover:text-gray-700 transition ease-in-out duration-150"> vs Google Analytics </a> </li> <li class="text-base leading-6 truncate"> <a href="/vs-matomo" class="font-medium text-gray-900 hover:text-gray-700 transition ease-in-out duration-150"> vs Matomo </a> </li> <li class="text-base leading-6 truncate"> <a href="/vs-cloudflare-web-analytics" class="font-medium text-gray-900 hover:text-gray-700 transition ease-in-out duration-150"> vs Cloudflare </a> </li> </ul> </div> </div> </div> </div> </div> </div> </div> <div x-data="{open: false}" class="relative inline-block text-left ml-8"> <div> <span @click="open = !open" class="cursor-pointer inline-flex justify-center font-medium text-gray-500 hover:text-gray-900 focus:outline-none focus:text-gray-900 transition duration-150 ease-in-out"> Community <svg class="-mr-1 h-5 w-5" style="transform: translateY(3px);" fill="currentColor" viewBox="0 0 20 20"> <path fill-rule="evenodd" d="M5.293 7.293a1 1 0 011.414 0L10 10.586l3.293-3.293a1 1 0 111.414 1.414l-4 4a1 1 0 01-1.414 0l-4-4a1 1 0 010-1.414z" clip-rule="evenodd"/> </svg> </span> </div> <div x-show="open" @click.away="open = false" style="display: none;" x-transition:enter="transition ease-out duration-200" x-transition:enter-start="opacity-0 translate-y-1" x-transition:enter-end="opacity-100 translate-y-0" x-transition:leave="transition ease-in duration-150" x-transition:leave-start="opacity-100 translate-y-0" x-transition:leave-end="opacity-0 translate-y-1" class="absolute left-1/2 transform -translate-x-1/2 mt-3 px-2 w-screen max-w-md sm:px-0"> <div class="rounded-lg shadow-lg"> <div class="rounded-lg shadow-xs overflow-hidden"> <div class="z-20 relative grid gap-6 bg-white px-5 py-6 sm:gap-8 sm:p-8"> <a href="/blog" class="-m-3 p-3 flex items-start space-x-4 rounded-lg hover:bg-gray-50 transition ease-in-out duration-150"> <div class="space-y-1"> <p class="text-base leading-6 font-medium text-gray-900"> Blog </p> <p class="text-sm leading-5 text-gray-500"> Stories about privacy, web analytics, and building a financially sustainable open source project. </p> </div> </a> <a href="https://plausible.io/docs" class="-m-3 p-3 flex items-start space-x-4 rounded-lg hover:bg-gray-50 transition ease-in-out duration-150"> <div class="space-y-1"> <p class="text-base leading-6 font-medium text-gray-900"> Documentation </p> <p class="text-sm leading-5 text-gray-500"> Everything you need to know about getting up and running with Plausible. </p> </div> </a> <a href="https://github.com/plausible/analytics" class="-m-3 p-3 flex items-start space-x-4 rounded-lg hover:bg-gray-50 transition ease-in-out duration-150"> <div class="space-y-1"> <p class="text-base leading-6 font-medium text-gray-900"> GitHub </p> <p class="text-sm leading-5 text-gray-500"> Follow the development. Inspect and review the source code to verify that our actions match with our words. </p> </div> </a> <a href="https://plausible.io/changelog" class="-m-3 p-3 flex items-start space-x-4 rounded-lg hover:bg-gray-50 transition ease-in-out duration-150"> <div class="space-y-1"> <p class="text-base leading-6 font-medium text-gray-900"> Updates </p> <p class="text-sm leading-5 text-gray-500"> What's new in Plausible? Here we list major new features for a quick overview. </p> </div> </a> </div> <div class="px-5 py-5 bg-gray-50 sm:px-8 sm:py-8"> <h3 class="text-sm font-medium text-gray-600"> Follow us on <a href="https://twitter.com/PlausibleHQ" class="text-blue-500">Twitter</a>, <a href="https://fosstodon.org/@plausible" class="text-blue-500">Mastodon</a> or <a href="https://www.linkedin.com/company/plausible-analytics/" class="text-blue-500">LinkedIn</a> for more </h3> </div> </div> </div> </div> </div> <a href="/#pricing" class="ml-8 font-medium text-gray-500 hover:text-gray-900 focus:outline-none focus:text-gray-900 transition duration-150 ease-in-out">Pricing</a> </div> <div class="hidden md:absolute md:flex md:items-center md:justify-end md:inset-y-0 md:right-0"> <ul class="flex" x-show="!document.cookie.includes('logged_in=true')"> <li> <div class="inline-flex"> <a href="/login" class="font-medium text-gray-500 hover:text-gray-900 focus:outline-none focus:text-gray-900 transition duration-150 ease-in-out">Login</a> </div> <div class="hidden lg:inline-flex rounded-md shadow ml-6"> <a href="/register" class="inline-flex items-center justify-center px-5 py-2 border border-transparent text-base leading-6 font-medium rounded-md text-white bg-indigo-600 hover:bg-indigo-500 focus:outline-none focus:shadow-outline transition duration-150 ease-in-out">Start free trial</a> </div> </li> </ul> <div class="inline-flex rounded-md shadow ml-6" style="display: none;" x-show="document.cookie.includes('logged_in=true')"> <a href="/sites" class="inline-flex items-center justify-center px-5 py-2 border border-transparent text-base leading-6 font-medium rounded-md text-white bg-indigo-600 hover:bg-indigo-500 focus:outline-none focus:shadow-outline transition duration-150 ease-in-out">My dashboard</a> </div> </div> </nav> </div> <div x-show="mobileNav" style="display: none;" class="absolute top-0 inset-x-0 p-2 md:hidden"> <div class="rounded-lg shadow-md transition transform origin-top-right" x-show="open" x-transition:enter="duration-150 ease-out" x-transition:enter-start="opacity-0 scale-95" x-transition:enter-end="opacity-100 scale-100" x-transition:leave="duration-100 ease-in" x-transition:leave-start="opacity-100 scale-100" x-transition:leave-end="opacity-0 scale-95"> <div class="rounded-lg bg-white shadow-xs overflow-hidden"> <div class="px-5 pt-4 flex items-center justify-between"> <div> <img class="h-8 w-auto" src="/assets/images/icon/plausible_logo.svg" alt=""/> </div> <div class="-mr-2"> <button @click="mobileNav = false" type="button" class="inline-flex items-center justify-center p-2 rounded-md text-gray-400 hover:text-gray-500 hover:bg-gray-100 focus:outline-none focus:bg-gray-100 focus:text-gray-500 transition duration-150 ease-in-out"> <svg class="h-6 w-6" stroke="currentColor" fill="none" viewBox="0 0 24 24"> <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"/> </svg> </button> </div> </div> <div class="px-2 pt-2 pb-3"> <span class="block px-3 py-2 rounded-md text-base font-medium text-gray-700">Why Plausible</span> <a href="/simple-web-analytics" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- Simple metrics</a> <a href="/lightweight-web-analytics" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- Lightweight script</a> <a href="/data-policy" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- GDPR/CCPA Compliant</a> <a href="/open-source-website-analytics" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- Open source</a> <span class="block px-3 py-2 rounded-md text-base font-medium text-gray-700">Industry</span> <a href="/for-ecommerce-saas" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- For startups</a> <a href="/for-bloggers-creators" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- For bloggers</a> <a href="/for-freelancers-agencies" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- For freelancers</a> <span class="block px-3 py-2 rounded-md text-base font-medium text-gray-700">Comparisons</span> <a href="/vs-google-analytics" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- Google Analytics alternative</a> <a href="/vs-matomo" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- Matomo alternative</a> <a href="/vs-cloudflare-web-analytics" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- Cloudflare alternative</a> <span class="block px-3 py-2 rounded-md text-base font-medium text-gray-700">Community</span> <a href="/blog" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- Blog</a> <a href="https://plausible.io/docs" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- Documentation</a> <a href="https://github.com/plausible/analytics" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- GitHub Repo</a> <a href="https://plausible.io/roadmap" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- Public Roadmap</a> <a href="https://plausible.io/forum" class="ml-2 mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">- Forum</a> <a href="/#pricing" class="mt-1 block px-3 py-2 rounded-md text-base font-medium text-gray-700 hover:text-gray-900 hover:bg-gray-50 focus:outline-none focus:text-gray-900 focus:bg-gray-50 transition duration-150 ease-in-out">Pricing</a> </div> <div x-show="!document.cookie.includes('logged_in=true')"> <a href="/register" class="block w-full px-5 py-3 text-center font-medium text-indigo-600 bg-gray-50 hover:bg-gray-100 hover:text-indigo-700 focus:outline-none focus:bg-gray-100 focus:text-indigo-700 transition duration-150 ease-in-out"> Start free trial </a> <a href="/login" class="border-t border-gray-200 block w-full px-5 py-3 text-center font-medium text-indigo-600 bg-gray-50 hover:bg-gray-100 hover:text-indigo-700 focus:outline-none focus:bg-gray-100 focus:text-indigo-700 transition duration-150 ease-in-out"> Log in </a> </div> <div style="display: none;" x-show="document.cookie.includes('logged_in=true')"> <a href="/sites" class="block w-full px-5 py-3 text-center font-medium text-indigo-600 bg-gray-50 hover:bg-gray-100 hover:text-indigo-700 focus:outline-none focus:bg-gray-100 focus:text-indigo-700 transition duration-150 ease-in-out"> My dashboard </a> </div> </div> </div> </div> </nav> <main class="flex-1"> <article class="container max-w-screen-sm my-12 md:my-16"> <header> <h1 class="text-3xl tracking-tight leading-10 font-extrabold text-gray-900 sm:text-4xl sm:leading-none"> Plausible Analytics Security Practices </h1> </header> <div class="prose mt-8"> <p>Plausible Analytics is a privacy-first web analytics startup that鈥檚 built to enable you to comply with GDPR, CCPA and other privacy regulations that impact your business. You entrust us with your site data and we take that trust to heart. We鈥檙e committed to being transparent, securing your data, eliminating systems vulnerability and ensuring continuity of access.</p> <h2 id="tldr">TL;DR</h2> <p>Here鈥檚 a brief summary of our data security practices:</p> <ul> <li>All data is encrypted in transit</li> <li>All visitor data is irreversibly hashed</li> <li>All data is hosted in the EU on EU-owned servers</li> <li>User passwords are hashed and salted</li> <li>Our software is updated multiple times per week</li> <li>There is a public changelog</li> <li>Regular vulnerability scans are conducted</li> <li>All data is backed up on remote backups</li> <li>Data access is firewalled and user-restricted</li> <li>Our code is transparent and you can audit our code base</li> <li>Performance is monitored and uptime is disclosed</li> <li>Data can be exported via CSV or stats API</li> <li>We don鈥檛 collect nor store any personal or sensitive data</li> <li>We don鈥檛 store debit/credit card details</li> <li>We don鈥檛 store any data outside the EU</li> <li>We don鈥檛 outsource our software development</li> <li>We don鈥檛 outsource our infrastructure management</li> <li>We don鈥檛 sell, share or in any other way monetize your data</li> </ul> <p>Here鈥檚 a more detailed overview of the technical and organizational security measures we use to secure Plausible and protect your data.</p> <h2 id="data-minimization">Data minimization</h2> <p>Plausible is a privacy-first tool so we don鈥檛 collect or store personal or sensitive data. Even though the purpose of Plausible is to track the usage of a website, this can still be done without tracking, collecting or storing any personal data or personally identifiable information (PII), without using cookies and while respecting the privacy of your website visitors.</p> <p>By using Plausible, all the site measurement is carried out absolutely anonymously. We minimize data collection in general. We measure only the most essential data points and nothing else. All the metrics we do collect fit on one single page.</p> <h2 id="personal-data">Personal data</h2> <p>We don鈥檛 use cookies, browser cache or local storage. We don鈥檛 store, retrieve or extract anything from visitor鈥檚 devices. The data we process cannot be used to identify any single individual.</p> <p>Every HTTP request sends the IP address and the User-Agent to the server so we use that. We generate a daily changing identifier utilizing the visitor鈥檚 IP address and User-Agent. To anonymize these data points and make them impossible to relate to the user, we run them through a hash function with a rotating salt.</p> <p>This generates a random string of letters and numbers to calculate unique visitor numbers for the day. The salt is rotated and deleted every 24 hours making the hash irreversible. The raw data IP address and User-Agent are never stored in our logs, databases or anywhere on disk at all.</p> <p>For full details, please look at our <a href="https://plausible.io/data-policy">data policy</a>.</p> <h2 id="data-encryption">Data encryption</h2> <p>To protect against access, modification or theft of the data, the data is encrypted in transit and at rest. Our hashing process increases the security of your visitor data by making it irreversible.</p> <p>Our hashing process provides robust security for your data. Unlike encryption, which is a reversible process using a decryption key, hashing irreversibly transforms your data into a unique string of characters. The use of salts in our hashing process adds an extra layer of protection by preventing the original IP addresses from being revealed in a brute force attack.</p> <p>In our database, the raw IP address and user agent are completely inaccessible to anyone, including us.</p> <h2 id="server-location">Server location</h2> <p>All the site data we do collect is kept encrypted in Germany on servers owned by a German company (Hetzner). This ensures that all of the website data is being covered by the European Union鈥檚 strict laws on data privacy. Your website data never leaves the EU and EU-owned cloud infrastructure.</p> <h2 id="data-ownership">Data ownership</h2> <p>You own all right, title, and interest to your website data. We obtain no rights from you to your website data. We don鈥檛 collect and analyze personal information from web users and use these behavioral insights to sell advertisements. When using Plausible Analytics, you 100% own and control all of your website data. We don鈥檛 sell or share your site data to any third-parties, and we don鈥檛 abuse your visitor鈥檚 privacy.</p> <h2 id="data-portability">Data portability</h2> <p>You can export your data at any time in the <a href="https://plausible.io/docs/export-stats">CSV format</a> or by using our <a href="https://plausible.io/docs/stats-api">stats API</a>.</p> <h2 id="data-deletion">Data deletion</h2> <p>You are fully in control of any of the website stats we collect on your behalf. We claim no rights. It鈥檚 your data. You can permanently <a href="https://plausible.io/docs/delete-account">delete your Plausible account</a> and/or permanently <a href="https://plausible.io/docs/delete-site-data">delete all of your site data</a> within your settings at any time.</p> <h2 id="user-identification-and-authorization">User identification and authorization</h2> <p>Passwords for signing in are hashed and salted. You can <a href="https://plausible.io/docs/2fa">enable two-factor authentication (2FA)</a> as an extra security layer for your Plausible account.</p> <p>We list your active logged-in sessions in your account settings where we also allow you to remotely <a href="https://plausible.io/docs/login-management">log out of your account on other devices</a>. All logged-in sessions automatically expire after 14 days of inactivity. If you <a href="https://plausible.io/docs/reset-password">change your account password</a>, we automatically log out any of your sessions on your other devices.</p> <h2 id="data-sharability">Data sharability</h2> <p>We give you complete control over how you choose to share the data you collect. Only you can <a href="https://plausible.io/docs/users-roles">invite and remove users</a> and apply permission levels in your account. Only you can choose to create <a href="https://plausible.io/docs/shared-links">shared links</a>, select <a href="https://plausible.io/docs/email-reports">email recipients</a> or make your dashboards <a href="https://plausible.io/docs/visibility">open to the public</a>.</p> <h2 id="internal-access-controls">Internal access controls</h2> <p>Our team doesn鈥檛 have a reason to access or process customer data on a day to day basis. Processing is fully automated. It鈥檚 only if there鈥檚 a problem with an account or to help resolve a customer support question that we might need to access your data.</p> <p>We use role-based access controls. Access to our servers is strictly limited to specific individuals within our team. We log all logins to help us identify and investigate potential security breaches. Additionally, we use multi-factor authentication to prevent unauthorized access to our systems.</p> <h2 id="backups-and-disaster-recovery">Backups and disaster recovery</h2> <p>In the unlikely event of a loss of production data, we have a disaster recovery plan in place. Your data is not only safely stored, but also easily recoverable. We also perform offsite backups.</p> <h2 id="subprocessors">Subprocessors</h2> <p>We鈥檝e tried hard to limit external services that we use and none of them have access to see or download the data. No third-party vendors are involved other than the hosting company that owns the servers where our data is stored (Hetzner) and our global CDN (Bunny). Both are European-owned companies.</p> <p>For full details, take a look at our <a href="https://plausible.io/privacy">privacy policy</a>.</p> <h2 id="payment-information">Payment information</h2> <p>All our payments are processed through Paddle. Paddle is PCI DSS SAQ A compliant. Using Paddle means we don鈥檛 need to store your payment card details and other payment information. They are sent encrypted directly to Paddle. We don鈥檛 store them anywhere.</p> <h2 id="physical-security">Physical security</h2> <p>Plausible is hosted within data centers provided by Hetzner. As such, we take advantage of their physical, environmental and infrastructure controls. Hetzner is accredited with the ISO 27001 security certificate which covers their physical security controls.</p> <p>For further information about the security of the server and the hardware itself, <a href="https://www.hetzner.com/unternehmen/zertifizierung/">here鈥檚 what Hetzner says</a> about their security practices.</p> <h2 id="availability-and-infrastructure-monitoring">Availability and infrastructure monitoring</h2> <p>We do extensive application and infrastructure monitoring. We maintain redundancy throughout our infrastructure in order to minimize the risk of low or slow availability or loss of data. We aim to provide continuous availability.</p> <p>Our commitment to an uninterrupted service includes the use of robust security measures such as rate limiting and DDoS protection to provide resilience and ongoing availability.</p> <p>In addition to these measures, we actively monitor data ingestion and service health from various geo locations. This global monitoring strategy allows us to proactively identify and address any potential issues, ensuring a seamless experience for users across different regions.</p> <p>You can see our current and historical availability on <a href="https://status.plausible.io">our status page</a>.</p> <h2 id="you-can-audit-our-entire-code-base">You can audit our entire code base</h2> <p>Our entire code base and the development are available to the public so they can be independently audited and verified by third-party experts for security or compliance. Anyone can see and verify whether we do what we claim. There is a public changelog and we have many eye-balls on what we鈥檙e doing <a href="https://github.com/plausible/analytics">on our GitHub page</a>.</p> <h2 id="software-quality-assurance">Software quality assurance</h2> <p>Plausible is updated several times per week. We use an ever-expanding and comprehensive set of automated tests running after each code change as part of our software quality assurance. This complements our software development practices which include code reviews.</p> <h2 id="data-privacy-and-other-legal-documents">Data privacy and other legal documents</h2> <p>Our legal docs including our <a href="https://plausible.io/terms">terms of service</a>, <a href="https://plausible.io/privacy">privacy policy</a>, <a href="https://plausible.io/data-policy">data policy</a> and <a href="https://plausible.io/dpa">data processing agreement</a> are all publicly available and include the full details on what we do and how. These docs are written to answer specific questions about our data privacy practices.</p> <h2 id="reporting-security-problems">Reporting security problems</h2> <p>If you鈥檝e found a security vulnerability with the Plausible codebase, you can disclose it responsibly by sending a summary to us. We鈥檒l review the potential threat. We appreciate your patience and understanding that some reports will take time to fix and the process may involve a review of our codebase for similar problems. It鈥檚 crucial we can trust you not to disclose the vulnerability to anyone until a few days after we release the fix.</p> <p>More details can be found in <a href="https://plausible.io/vulnerability-disclosure-program">our vulnerability disclosure program</a>.</p> <p>We鈥檙e incredibly thankful for people who take the time to share their findings with us. Whether it鈥檚 a tiny bug that you鈥檝e found or a security vulnerability, all reports help us to continuously improve Plausible for everyone. Thank you!</p> <h2 id="security-questions-or-concerns">Security questions or concerns?</h2> <p>If you have any questions or concerns regarding our security practices, please <a href="https://plausible.io/contact">contact us</a>.</p> <p>Last updated: September 30, 2024</p> </div> </article> </main><div class="bg-gray-800"> <div class="container py-12 px-4 sm:px-6 lg:py-16 lg:px-8"> <div class="xl:grid xl:grid-cols-3 xl:gap-8"> <div class="my-8 xl:my-0"> <h4 class="leading-5 font-semibold tracking-wider text-gray-300"> <img src="/assets/images/icon/plausible_logo_dark.svg" class="inline-block w-44 mr-1"/> </h4> <p class="mt-4 text-gray-400 text-base leading-6"> Made and hosted in the EU <span class="text-lg">馃嚜馃嚭</span><br/> Solely funded by our subscribers.<br/> </p> </div> <div class="grid grid-cols-2 gap-8 xl:col-span-2"> <div class="md:grid md:grid-cols-2 md:gap-8"> <div> <h4 class="text-sm leading-5 font-semibold tracking-wider text-gray-400 uppercase"> Why Plausible? </h4> <ul class="mt-4"> <li> <a href="/simple-web-analytics" class="text-base leading-6 text-gray-300 hover:text-white"> Simple metrics </a> </li> <li class="mt-4"> <a href="/lightweight-web-analytics" class="text-base leading-6 text-gray-300 hover:text-white"> Lightweight script </a> </li> <li class="mt-4"> <a href="/privacy-focused-web-analytics" class="text-base leading-6 text-gray-300 hover:text-white"> Privacy focused </a> </li> <li class="mt-4"> <a href="/open-source-website-analytics" class="text-base leading-6 text-gray-300 hover:text-white"> Open source </a> </li> <li class="mt-4"> <a href="/most-accurate-web-analytics" class="text-base leading-6 text-gray-300 hover:text-white"> GA4 Accuracy comparison </a> </li> <li class="mt-4"> <a href="/audience-segmentation" class="text-base leading-6 text-gray-300 hover:text-white"> Visitor segmentation </a> </li> <li class="mt-4"> <a href="/for-ecommerce-saas" class="text-base leading-6 text-gray-300 hover:text-white"> Ecommerce tracking </a> </li> <li class="mt-4"> <a href="/white-label-web-analytics" class="text-base leading-6 text-gray-300 hover:text-white"> White label </a> </li> </ul> </div> <div class="mt-12 md:mt-0"> <h4 class="text-sm leading-5 font-semibold tracking-wider text-gray-400 uppercase"> Comparisons </h4> <ul class="mt-4"> <li> <a href="/vs-google-analytics" class="text-base leading-6 text-gray-300 hover:text-white"> vs Google Analytics </a> </li> <li class="mt-4"> <a href="/vs-matomo" class="text-base leading-6 text-gray-300 hover:text-white"> vs Matomo </a> </li> <li class="mt-4"> <a href="/vs-cloudflare-web-analytics" class="text-base leading-6 text-gray-300 hover:text-white"> vs Cloudflare </a> </li> </ul> </div> </div> <div class="md:grid md:grid-cols-2 md:gap-8"> <div> <h4 class="text-sm leading-5 font-semibold tracking-wider text-gray-400 uppercase"> Community </h4> <ul class="mt-4"> <li> <a href="/changelog" class="text-base leading-6 text-gray-300 hover:text-white"> What's new </a> </li> <li class="mt-4"> <a target="_blank" href="/status" class="text-base leading-6 text-gray-300 hover:text-white"> Status </a> </li> <li class="mt-4"> <a href="/blog" class="text-base leading-6 text-gray-300 hover:text-white"> Blog </a> </li> <li class="mt-4"> <a href="/docs" class="text-base leading-6 text-gray-300 hover:text-white"> Documentation </a> </li> <li class="mt-4"> <a target="_blank" href="https://github.com/plausible/analytics" class="text-base leading-6 text-gray-300 hover:text-white"> GitHub </a> </li> <li class="mt-4"> <a target="_blank" href="https://twitter.com/plausiblehq" class="text-base leading-6 text-gray-300 hover:text-white"> Twitter </a> </li> <li class="mt-4"> <a target="_blank" rel="me" href="https://fosstodon.org/@plausible" class="text-base leading-6 text-gray-300 hover:text-white"> Mastodon </a> </li> <li class="mt-4"> <a target="_blank" href="https://www.linkedin.com/company/plausible-analytics/" class="text-base leading-6 text-gray-300 hover:text-white"> LinkedIn </a> </li> </ul> </div> <div class="mt-12 md:mt-0"> <h4 class="text-sm leading-5 font-semibold tracking-wider text-gray-400 uppercase"> Company </h4> <ul class="mt-4"> <li class="mt-4"> <a href="/about" class="text-base leading-6 text-gray-300 hover:text-white"> About </a> </li> <li class="mt-4"> <a href="/contact" class="text-base leading-6 text-gray-300 hover:text-white"> Contact </a> </li> <li class="mt-4"> <a href="/privacy" class="text-base leading-6 text-gray-300 hover:text-white"> Privacy </a> </li> <li class="mt-4"> <a href="/data-policy" class="text-base leading-6 text-gray-300 hover:text-white"> Data policy </a> </li> <li class="mt-4"> <a href="/terms" class="text-base leading-6 text-gray-300 hover:text-white"> Terms </a> </li> <li class="mt-4"> <a href="/dpa" class="text-base leading-6 text-gray-300 hover:text-white"> DPA </a> </li> <li class="mt-4"> <a href="/security" class="text-base leading-6 text-gray-300 hover:text-white"> Security </a> </li> <li class="mt-4"> <a href="/imprint" class="text-base leading-6 text-gray-300 hover:text-white"> Imprint </a> </li> </ul> </div> </div> </div> </div> </div> </div> <script> </script> <script type="text/javascript" src="/assets/js/alpine.js?v=1743500318" defer></script> <script type="text/javascript" src="/assets/js/index.js?v=1743500318" defer></script> </body> </html>