Matomo Cloud is hosted by Amazon Web Services (AWS) in European data centres (Frankfurt, with backups in Dublin). These facilities are certified under ISO/IEC 27001 and other recognised security standards. AWS applies strict physical and environmental controls, including access cards, CCTV, intrusion detection, and 24/7 on-site security staff (https://aws.amazon.com/compliance/data-center/controls/). Our infrastructure is hosted within a private network which ensures none of your data or network traffic can be accessed by third parties.
Physical controls – Data Center – Our Controls implemented by AWS include without limitation: employee and third-party data centre access controls (e.g., accompaniment, visitor ID required, signing in), data centre access logs and physical and logical logs correlation, access monitoring (professional security), access surveillance and detection (e.g., CCTV, entry points, intrusion detection, alarms), maintenance and environmental controls, ongoing data centre risk management and third-party security attestation.
Identification
Personnel identification through active directory and single sign-on for application access where feasible.
Authentication
All systems require multi-factor authentication (MFA) and strong, unique passwords. Passwords must meet defined complexity and length requirements. Idle sessions and password managers lock automatically. Authentication data is transmitted solely in an encrypted form. Blocking of access in the case of failed attempts/inactivity and procedure for resetting blocked access identifiers. Administrator users also have Yubikey that requires a finger print to access company resources.
Network security
Networks are segmented using Virtual Private Cloud (VPC) configurations, firewalls, and security groups. Access attempts are logged and monitored. Networks, systems, and applications are monitored for anomalies, including during remote work. Endpoint protection and mobile device management (MDM) are enforced. Remote access to company systems is restricted. Access from standard, pre-approved locations may occur without a VPN, subject to strong authentication. Access from non-standard or untrusted locations is only permitted via a secure Virtual Private Network (VPN) connection with strong encryption and multi-factor authentication. This ensures that personal data and systems cannot be accessed without proper authorisation and that data in transit is adequately protected.
Logging
Matomo Cloud logs all authentication attempts (successful and unsuccessful), changes to access rights and creation/deletion of and changes to existing user accounts. These logs are backed up and secured, Administrator users only have view access.
Access is granted on a role-based, need-to-know, and least-privilege basis. Privileged access is restricted to approved personnel, subject to just-in-time access requests, and reviewed regularly. All access, modification, and deletion events are logged.
- Only a subset of employees may access products and Customer Data, through controlled interfaces, for support and operational purposes.
- The production environment is restricted to a dedicated group of privileged users, accessible only via a bastion host and protected by two-factor authentication (2FA).
- Customers access their data exclusively through user interfaces or APIs. Direct infrastructure access is not permitted. API usage requires secure token authentication.
Customer data in multi-tenant systems is logically and physically separated. Test and production environments are segregated. Corporate systems (e.g., Microsoft 365, AWS console) enforce country-based access restrictions.
Endpoint: All endpoint devices use full-disk encryption.In Transit: Data is encrypted using TLS/HTTPS for all APIs and interfaces; backend system connections are also encrypted. Unauthorised or unencrypted transfers are prohibited.
At Rest: Data, including user passwords and API tokens, is encrypted using industry-standard algorithms and disk-level encryption.
Data entry, modification, and deletion actions are logged. Logs are stored securely and protected from tampering.
Matomo infrastructure logs extensive information about the system behaviour, traffic received, system authentication, and other application requests. Infrastructure logs system behaviour, authentication, and traffic, with alerts for anomalies. Our personnel, including security, operations, and support personnel, are responsive to known incidents.
Response and tracking: We maintain a record of known security incidents that includes description, dates and times of relevant activities, and incident disposition. Suspected and confirmed security incidents are investigated by security, operations, or support personnel; and appropriate resolution steps are identified and documented. For any confirmed incidents, we will take appropriate steps to minimise product and Customer damage or unauthorised disclosure. Notification to Customer will be in accordance with the DPA.
Transmission Control (In-Transit to Load Balancer): All communications between clients and Matomo Cloud services are encrypted using HTTPS (SSL/TLS). HTTPS is enforced by default across APIs and all user interfaces, with industry-standard algorithms and certificates.
Encryption at Rest: User passwords and API tokens are stored in encrypted form within the database. Disk encryption technologies are applied to ensure that data stored on Matomo Cloud servers, including backups, remains encrypted at rest. Data leaving the protected area (e.g., data centre) is also encrypted.
Encryption of Client–Server Data Transfers: Data transmitted between clients and Matomo Cloud servers is encrypted end-to-end.
Back-End Transmissions: Connections to back-end systems are protected. Data requiring a higher level of protection is subject to encryption during back-end processing in transit and at rest.
Security Gateways: Network and hardware firewalls are deployed at interconnection points, and are always activated to prevent unauthorised access.
Secure Data Storage: Data are encrypted and securely stored on Matomo Cloud servers. Encrypted backups are maintained to ensure data integrity and recoverability.
Erasure and Destruction Procedures: Data stored on devices is deleted in compliance with data protection legislation before devices are repurposed or reassigned. Deleted data cannot be reconstructed except through disproportionate effort. Hardware components and documents are destroyed in such a way that reconstruction is impossible or only feasible with excessive effort.
Our systems are built for redundancy and seamless failover. Server instances that support our products are architected to avoid single points of failure, enabling us to maintain and update applications and backend systems with minimal downtime.
Where feasible, production databases replicate data across at least one primary and one secondary instance. All databases are backed up and maintained using industry-standard methods.
Redundancy is further enhanced through the use of multiple availability zones, with data backed up regularly and stored in secure, geographically separate locations. A documented disaster recovery plan is in place, including regular restoration testing. Systems are monitored continuously, and anti-malware protection is deployed on relevant infrastructure.
Our backup and replication strategies are designed to ensure data durability and failover capability during a significant processing failure. Customer data is stored in multiple durable data stores and replicated across availability zones to safeguard availability and integrity.
InnoCraft operates a vulnerability management programme that includes regular automated scans, periodic penetration testing, and a responsible disclosure/bug bounty programme. Vulnerabilities are prioritised by risk, remediated within defined timeframes, and verified, with results feeding into our ISMS for continual improvement.
The bug bounty program invites and incentivises independent security researchers to ethically discover and disclose security flaws. We implement the program in an effort to widen the available opportunities to engage with the security community and improve the product defences against sophisticated attacks.
We also use tools that detect code vulnerabilities as the code is produced and checks the code for vulnerabilities when the code is merged for deployment.
InnoCraft maintains a documented incident response plan aligned with GDPR Articles 33–34. This includes procedures for identification, investigation, containment, remediation, and notification to the Customer without undue delay. Employees are trained to report any suspicious activity early.
A formal risk management framework is in place for identifying and mitigating risks. Business Continuity and Disaster Recovery (BCDR) plans define Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). These plans include backup, testing, and use of distributed cloud infrastructure.
All sub-processors undergo due diligence before engagement, including security and privacy assessments.
Confidentiality obligations are contractually required. Return or destruction of data following completion of contracts (at controller’s discretion and instruction) is required.
Suppliers are reviewed at appropriate intervals to ensure data safety and compliance with the GDPR.
Data Processing Agreements are in place with each sub-processor.
ISMS: InnoCraft operates an ISO/IEC 27001-aligned Information Security Management System (ISMS) supported by Vanta automation and compliance platform to enable various aspects of ISMS, including continuous monitoring, evidence collection and audit readiness, control mapping, and policy management.
Policies and Procedures: Documented policies cover access control, asset management, incident response, business continuity, cryptography, operations security, third-party management and other ISMS policies.
Privacy Management: Responsibility for the protection of personal data is clearly assigned. Key personnel responsible for protection of personal data is appointed, including Data Privacy Officer, Privacy Officer, Security Officer, and the ISMS Team. ISO 27001 audits are carried out in prescribed cadence to ensure ongoing compliance with information security standards. TOMs are regularly reviewed and adjusted as needed to address emerging risks, legal requirements, and operational needs. Data Protection Impact Assessments are carried out to assess and mitigate risks to data subjects where processing is likely to result in high risk.
Training: All personnel undergo onboarding and security and privacy training at induction, periodically and annually. The training is provided through various formats, in person, online, via pre-recorded sessions and phishing simulations. Additional targeted training is provided to personnel with elevated privileges. Employees who have access to the products and to Customer Data undergo required training on specific security topics (e.g., phishing, protection of digital identities, social engineering, Wi-Fi security, and the handling of Customer Data). We maintain records of training occurrence and content.
Confidentiality: All employment and sub-processor agreements include confidentiality clauses.
Matomo supports multiple pseudonymisation features including IP address masking, User ID hashing, exclusion of personal parameters from URLs, and disabling or reducing the precision of geolocation data.
Matomo is designed to support data minimisation and privacy-friendly configurations. Default settings limit data collection to what is necessary. Matomo Cloud instance includes tools that enable controllers to exercise data subject rights (How to exercise user rights in Matomo FAQ – New to Matomo – Matomo Analytics Platform). Retention periods can be configured by the Customer.
The entirety of the technical and organisational measures are reviewed at appropriate intervals and updated as necessary, particularly in the event of changes to the state of technology or legislation.
InnoCraft is certified to ISO/IEC 27001, the international standard for information security management, following an independent audit. Compliance is monitored continuously through InnoCraft’s ISO/IEC 27001-aligned Information Security Management System (ISMS) and supported by Vanta’s continuous auditing platform.