Matomo Cloud Privacy Policy

This Policy describes the information we collect from you, how we use that information and our legal basis for doing so. It also covers whether and how that information may be shared and your rights and choices regarding the information you provide to us.

This Privacy Policy applies to the Matomo Cloud service by InnoCraft only. This Privacy Policy does not cover the Matomo.org website where the matomo.org Privacy Policy applies.

Table of Contents

Who we are

InnoCraft, the company founded by the creators of Matomo, provides digital analytics products and services that help individuals and businesses keep full control over their data. "InnoCraft Ltd", a New Zealand company (NZBN 6106769) headquartered at: 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. Because InnoCraft is located outside of the EU, the InnoCraft team has named a representative in the EU.

If you have any questions about this privacy policy, please contact our privacy team at privacy@innocraft.com

We will never sell your personal data to anyone.

What We Collect and Receive

In order for you to create an account on InnoCraft and use our Services, we need to collect and process certain information. Depending on your use of the Services, that may include:
  • Contact us via email — for example, when you ask for support, send us questions or comments, or report a problem, we will collect your name, email address, message, etc. We use this data solely in connection with answering the queries we receive.
  • Usage data — when you visit our cloud service, we will store: the website from which you visited us from, the parts of our app you visit, the date and duration of your visit, your anonymised IP address, information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit, and more. We process this usage data for statistical purposes, to improve our site and to recognize and stop any misuse.
  • Create an account — when you sign up for and open an account with Matomo Cloud, we may ask you to provide us with information such as your name, email address and details about your organization. As otherwise detailed in this Privacy Policy, we will solely process this information to provide you with the service you signed up for.

Your Rights

You have the right to be informed of Personal Data processed by InnoCraft, a right to rectification/correction, erasure and restriction of processing. You also have the right to ask from us a structured, common and machine-readable format of Personal Data you provided to us.

We can only identify you via your email address and we can only adhere to your request and provide information if we have Personal Data about you through you having made contact with us directly and/or you using our site and/or service. We cannot provide, rectify or delete any data that we store on behalf of our users or customers.

To exercise any of the rights mentioned in this Privacy Policy and/or in the event of questions or comments relating to the use of Personal Data you may contact InnoCraft’s support team: privacy@innocraft.com

In addition, you have the right to lodge a complaint with the data protection authority in your jurisdiction.

Subprocessors (Matomo Cloud)

We use a select number of trusted external service providers for certain technical data processing and/or service offerings. These service providers are carefully selected and meet high data protection and security standards. We only share information with them that is required for the services offered and we contractually bind them to keep any information we share with them as confidential and to process Personal Data only according to our instructions.

InnoCraft uses the following subprocessors to process the data collected by Matomo Cloud customers:

Notice on data transfer and GDPR compliance: While 100% of your data and backups are securely stored in Europe, our company is based in New Zealand. New Zealand is one of the few countries that the EU considers to have an adequate level of data protection. This provides legal certainty for Article 44 GDPR that the data does not go to a third country like the US even though we are using AWS. Because no personal data is transferred to third countries, no SCC’s are needed.

This means that Matomo Cloud is safe to use in the EU and fully GDPR-compliant.

Subprocessor Data location and security Service
Oblivion Cloud Control B.V (Xebia) based in the Netherlands Europe (Frankfurt and Dublin) Secure infrastructure for servers and databases and logs hosted in Frankfurt, Germany. Offsite backups are stored in Dublin, Ireland. This service is provided by AWS Europe, and all data is hosted in Europe.
Oblivion Cloud Control B.V (Xebia) based in the Netherlands Worldwide Secure CDN (Content Delivery Network) to store and deliver JavaScript files. This service is provided by AWS Europe. The use of the CDN feature is optional and can be disabled. No personal data is collected or stored by our CDN. Visitors are sent to a server closest to their region meaning for example traffic from EU people stays in the EU.
Please refer to the Data Processing Agreement for more information: https://matomo.org/matomo-cloud-dpa/

Terms & Conditions: https://matomo.org/matomo-cloud-terms-of-service/

Third party services we use

When you visit our websites, or purchase products or services, we use the following third party services which may collect personal data:

Recipient Purpose of processing Lawful basis Data location and security Personal data collected by the third party Privacy policy
Paddle To let you purchase Matomo Cloud software service through Paddle. Legitimate interest UK and USA Payment details: name, location, contact details, and billing information. paddle.com/privacy-buyers/
SendGrid (by Twilio) To send you Matomo Cloud related emails after you sign up helping you get started with Matomo Legitimate interest USA Email address of account owner twilio.com/legal/privacy
Help Scout To receive and reply to your messages after you contact us Legitimate interest USA IP address, Message sent, Name, Email... helpscout.net/company/privacy/

Google Analytics Connect

You can optionally import your historical data from Google Analytics into your Matomo Cloud account. This allows you to compare your data recorded by Matomo with your historical data from Google Analytics and you make sure to not lose your Google Analytics data. The use and transfer of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Data will be only imported if you connect your Google Analytics account with your Matomo Cloud account. This is entirely optional. Once connected, you can select which Google Analytics properties you would like to import into Matomo. After the historical data has been imported, we won’t import any further data unless you specifically schedule a new import or update the date range to be imported.

Accessed Data How this data is used How this data is stored How this data is shared
Access token We use the access token to make API requests on behalf of you to import the reporting data. We store this data in your Matomo Cloud account. You can revoke the token at any time in your Google Account. This data is not shared.
List of properties in your Google Analytics account. We access the account ID, the view ID, the property ID and the property name (typically the name of your website or app). We get the list of properties to let you select which of your properties you want to import into Matomo Analytics and to manage the import of the aggregated reporting data. We store this data in your Matomo Cloud account to import the aggregated reporting data. You can delete this data by deleting the site yourself or by instructing us to delete this data. This data is not shared.
Aggregated, historical reporting data from your selected Google Analytics properties. For example, the list of browsers, devices, page urls, page titles, downloads, events, and more. Along with each report we access the related metrics for each report such as the number of visits, page views and more. You can view the imported data through the Matomo Analytics user interface by selecting the imported property, a date range, and the report you want to view. We store the aggregated reporting data in your Matomo Cloud account. You can delete this data by deleting the site yourself or by instructing us to delete this data. This data is not shared with anyone else unless you give someone else  access to your Matomo Cloud account by adding team members and giving them permission to view this data.

Google Search Console Connect

By default, all your search keywords appear as "Keyword not defined" in Matomo’s “Search Keywords” report and you won’t be able to find out which keywords people used to find your website on the Google search engine.

To get this data, you can optionally import your search keywords from Google Search Console into your Matomo Cloud account. This allows you to get deep insights about all the keywords that people are searching for when they find your website. All of the search keywords will be shown directly in your regular Matomo Analytics “Search Keywords” reports.

Accessed Data How this data is used How this data is stored How this data is shared
Access token We use the access token to make API requests on behalf of you to regularly import the most recent search keywords data. We store this data in your Matomo Cloud account. You can revoke the token at any time in your Google Account. This data is not shared.
List of domains and URL prefixes in your search console. We use this data to let you assign a domain to a Matomo site. This way Matomo knows which search console site matches the site in Matomo. We store this data in your Matomo Cloud account to import the search keywords data. You can delete this data by deleting the site yourself or by instructing us to delete this data. This data is not shared.
Aggregated search keywords data. For example, the list of search keywords people used to find you, how many times the keyword was searched for, how often someone clicked on your site, and the average position within a search engine results page. You can view the imported search keywords through the Matomo Analytics user interface by selecting a Matomo site, a date range, and the “Search Keywords” report. We store the search keyword reports in your Matomo Cloud account. You can delete this data by deleting the site yourself or by instructing us to delete this data. This data is not shared with anyone else unless you give someone else  access to your Matomo Cloud account by adding team members and giving them permission to view this data.

Google Tag Manager Connect

You can optionally simplify data tracking on your website by effortlessly adding the Matomo JavaScript tracking code via Google Tag Manager. With just a few clicks, you can seamlessly track data into Matomo, streamlining your analytics process. Rest assured that the use and transfer of information received from Google APIs comply with Google API Services User Data Policy, including the Limited Use requirements.

Once you connect your Google Tag Manager Account with a Matomo Cloud account, a new tag and trigger will be automatically generated within your chosen Google Tag Manager container. It's important to note that this process is entirely optional and under your control. We are committed to respecting your preferences; thus, we will not create any new tag and trigger in your container unless you provide explicit authorization.

Accessed Data How this data is used How this data is stored How this data is shared
Access token We use this access token to make API requests to create Matomo Tracking Tag and corresponding trigger in your Google Tag Manager account. We store this data in your Matomo Cloud account. This data is not shared
List of workspace and containers in your Google Tag Manager account. We use this data to let you select the correct Google Tag Manager container and workspace. This way Matomo knows on which Google account it needs to create the Matomo Tracking code Tag and its corresponding trigger.We do not store this data. This data is not shared

Matomo Connector for Looker Studio

We also provide the Matomo Connector for Looker Studio (the "Connector"), designed to facilitate the seamless integration of your Matomo Cloud account data with Looker Studio. Should you choose to activate or utilise the Matomo Connector, please be aware of the following:

  • Data Export: Upon activation of the Matomo Connector, all data stored within your Matomo account will be exported to Looker Studio. This transfer is initiated by you and is under your control.
  • Data Privacy: Once your data is exported to Looker Studio, it will be governed by the applicable Looker Studio terms of service and policies provided by Google. We strongly advise you to review their terms and policies and understand the implications before initiating the data transfer.
  • Privacy Considerations: Transferring data, especially visitor data, to external platforms can have privacy implications. It's crucial to ensure that you have the necessary permissions and have considered the privacy ramifications of such a transfer.
  • Exclusive Connector Use: To ensure the security and privacy of your data, we recommend exclusively using the Matomo Connector for this integration. Avoid using third-party connectors or tools for Looker Studio that claim compatibility with Matomo, as we cannot vouch for their security or data handling practices.

Retention of data

We will retain your information as long as your account is active, as necessary to provide you with the services or as otherwise set forth in this Policy. We will also retain and use this information as necessary for the purposes set out in this Policy and to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements and protect InnoCraft’s legal rights.

We also collect and maintain aggregated, anonymized or pseudonymized information which we may retain indefinitely to protect the safety and security of our site, improve our Services or comply with legal obligations.

Privacy Policy Changes

We may update this Policy from time to time. If we do, we’ll let you know about any material changes, either by notifying you on the website or by sending you an email.

EU Representative

Our EU Representative of controllers or processors not established in the Union (article 27 GDPR) is:
ePrivacy Holding GmbH
Große Bleichen 21 20354 Hamburg
Germany

External Data Protection Officer

ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21, 20354 Hamburg
Germany

If you have any questions or concerns regarding your information, please contact privacy@matomo.org.

If you wish to communicate directly with our data protection officer (because you have a particularly sensitive matter for example), please contact them by post, as communication by e-mail could always have security gaps. Please state in your request that your concern relates to the company InnoCraft.

Contact Us

Email: privacy@innocraft.com
Contact form: https://matomo.org/support/