Matomo
How to configure Matomo and properly map these configurations within the customer panel to ensure users are clearly informed about the use of this Third Party Provider (TPP). The tables below outline how different configurations of Matomo affect the privacy risks for users.
Privacy relevant configurations (Parameters)
This table shows features which can be enabled or disabled within Matomo. Use this overview to ensure your Matomo setup and Consenter Manager settings stay consistent.
Each row represents a feature that can be disabled or enabled in various ways when configuring your TPP for your website. The left-hand column describes the feature, while the right-hand column provides guidance on where to find it in the Consenter Manager and how to configure it to accurately reflect your TPP setup.
Some functions or data categories may be named differently between TPPs or in our overview due to the lack of standardization. As the data controller, you are responsible for informing users in a clear and comprehensible manner. This guide supports you by offering uniform, established terminology that helps users understand how their personal data is processed, thereby fostering trust in your brand.
| Parameters | ➡️ TPP Config Low risk (No consent) | ➡️ TPP Config Low risk (consent) | ➡️ TPP Config Higher risk (consent) | ➡️ TPP Config Higher risk (consent) | ➡️ CP Config How to map your Matomo configurations in the Customer Panel |
|---|---|---|---|---|---|
| Consent | No (Opt-Out) | Yes (Opt-In) | Yes (Opt-In) | Yes (Opt-In) | Select TPP if consent is required |
| Data exports | Disabled | Disabled | Disabled | Export to third parties (e.g. Google, advertising networks) | Before exporting data, verify if it includes personal data. If so, ensure proper legal basis and potentially specify an additional processing purpose, such as marketing analytics or personalized advertising. |
| Data processing agreement | No | No | Yes, Matomo acts as processor | Yes, Matomo acts as processor | Select respective legal role of data recipient. |
| Tracking with persistent identifiers | Cookieless single session (first party) | First Party, Limited session cookies | First Party, Cross session | Third Party, Cross session and cross domain | Select respective tracking method |
| Identifier | Config hash (device fingerprint, pseudonymized) | Device Identifier (Cookie: _pk_id) | Device Identifier (Cookie: _pk_id) | Cross-Device User ID (customer-provided, pseudonymized) | Select respective data category, e.g. Probabilistic identifiers; Device identifier; Authentication-derived identifiers |
| User ID features | No | No | No | Yes | 1. Select data categories: - Authentication-derived identifiers - Direct identifiers - Users' profile 2. Select personalization model |
| Retention Period | < 13 months | < 2 years | < 2 years | > 2 years | Indicate maximum storage duration |
| Processing location | Self hosted (EU) | Self hosted (EU) | Germany (EU) | Germany (EU) | Indicate storage location |
| Advertising Features | Disabled | Disabled | Disabled | Enabled (Heatmaps, Session Recording with consent) | If ad features are enabled, select additional marketing purpose (e.g. marketing analytics). |
Data categories
This table details the categories of data collected by Matomo. Use this overview to ensure your Matomo setup and Consenter Manager settings stay consistent.
Each row represents a data category that can be disabled or enabled in various ways when configuring your TPP for your website. The left-hand column describes the data category, while the right-hand column provides guidance on where to find it in the Consenter Manager and how to configure it to accurately reflect your TPP setup.
Some functions or data categories may be named differently between TPPs or in our overview due to the lack of standardization. As the data controller, you are responsible for informing users in a clear and comprehensible manner. This guide supports you by offering uniform, established terminology that helps users understand how their personal data is processed, thereby fostering trust in your brand.
| Collected data categories | ➡️ TPP Config Low risk (No consent) | ➡️ TPP Config Low risk (consent) | ➡️ TPP Config Higher risk (consent) | ➡️ TPP Config Higher risk (consent) | ➡️ CP Config How to map your Matomo configurations in the Customer Panel |
|---|---|---|---|---|---|
| IP Address | Anonymized (at least 2 bytes) | Anonymized (at least 2 bytes) | Anonymized (at least 2 bytes) | Full IP (Plain) | Select data category: IP-Address (anonymized) or IP address |
| Technical data - Device characteristics - Browser/OS data etc. | Yes | Yes | Yes | Yes | Select data category: Device characteristics |
| Aggregated site statistics | Yes | Yes | Yes | Yes | Select data category: Aggregated site statistics |
| Enhanced Measurement | Basic (pageviews, events) | Full (all standard events) | Full (all standard events) | Full (including Session Recording, Heatmaps, Form Analytics) | Select data category: Browsing and interaction data |
| Geo-location info | Country-level (with 2-3 byte masking) | Country-level (with 2-3 byte masking) | City-level (with 1-2 byte masking) | City-level (full IP for geolocation) | Select data category: Non-precise location data or Precise location data |
| e-Commerce Activity | No | No | No | Yes | Select respective data category |
| Visitor logs / profiles | No | Yes (visitor logs only) | Yes (visitor logs only) | Yes (User ID profiles, cross-device) | 1. Select data category: Users' profiles 2. Select respective Identifier |
| Device identifiers | No (cookieless mode) | Yes (first-party cookies) | Yes (first-party cookies) | Yes (first-party cookies) | Select respective data category |
| Authentication derived Identifiers | No | No | No | Yes (User ID profiles, cross-device) | Select respective data category |
| Probabilistic identifiers | Very limited (config hash for session continuity) | Very limited (config hash for session continuity) | Very limited (config hash for session continuity) | Very limited (config hash for session continuity) | - |
| Special categories of personal data | No | No | No | No | - |
| Privacy choices | No | No | No | No | - |
| Custom events / variables | No personal data | No personal data | No personal data | May contain additional personal data categories | If tracking custom events and/or variables, ensure transparency, e.g. by selecting additional purposes and data categories |
For technical integration guides (code implementation), see Matomo Integration Guide →
Last updated on