Plausible Analytics Privacy Policy

TL;DR: For plausible.io visitors, we do not use cookies and we do not collect any personal data. If you decide to create an account, we ask for the bare minimum and only share it with services that are absolutely necessary for the app to function.

At Plausible Analytics, we are committed to complying with GDPR, CCPA, PECR and other privacy regulations on our website and on our web analytics product too. The privacy of your data — and it is your data, not ours! — is a big deal to us.

In this policy, we lay out what data we collect and why, how your data is handled and your rights to your data. We promise we never sell your data: never have, never will.

If you have placed the Plausible Analytics script on your website, take a look at our data policy for details on the information we do collect about your website visitors on your behalf.

As a visitor to the plausible.io website

The privacy of our website visitors is important to us so we do not track any individual people. As a visitor to the plausible.io website:

  • No personal information is collected
  • No information such as cookies is stored in the browser
  • No information is shared with, sent to or sold to third-parties
  • No information is shared with advertising companies
  • No information is mined and harvested for personal and behavioral trends
  • No information is monetized

We run the Plausible Analytics script to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected. You can view the data we collect in our live demo.

Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more. You can see full details in our data policy.

As a customer and subscriber of Plausible Analytics

Our guiding principle is to collect only what we need and that we will solely process this information to provide you with the service you signed up for.

We use a select number of trusted external service providers for certain service offerings. These service providers are carefully selected and meet high data protection, data privacy and security standards.

We only share information with them that is required for the services offered and we contractually bind them to keep any information we share with them as confidential and to process personal data only according to our instructions.

Here’s what that means in practice:

What we collect, what we use it for and services we use

  • An email address is required to create an account. You need to provide us with your email address if you want to create a Plausible Analytics account. That’s just so you can log in and personalize your new account, and we can send you invoices, updates or other essential information.
  • A persistent first-party cookie is stored to remember you’re logged in. If you log in to your Plausible account, you give us permission to use cookies so you don’t have to log in on each returning session. This makes it easier for you to use our product. A cookie is a piece of text stored by your browser. You can adjust cookie retention settings in your own browser. Cookies that are already stored may be deleted at any time.
  • All of the data that we collect is kept fully secured, encrypted and hosted on 100% renewable energy powered server in Falkenstein, Germany. The server is owned by Hetzner, a European company. This ensures that all of the site data is being covered by the European Union’s strict laws on data privacy. Your site data never leaves the EU. See Hetzner privacy policy for full details.
  • We use Bunny (another European-owned provider from Slovenia) for a global CDN, DNS and DDoS protection. This ensures that all visitor data we collect is exclusively processed with servers owned and operated by European companies. See Bunny privacy and data policy for full details.
  • The payment process is handled by a third-party payment provider. If you choose to upgrade to a Plausible Analytics paid plan, the billing information and the payment process is handled by Paddle. See the Paddle Privacy Policy for full details.
  • All emails are sent using a third-party email provider. Transactional emails and email reports (should you choose to subscribe to them) are sent using Postmark. We have disabled both open tracking and link tracking on all emails sent. See the Postmark Privacy Policy for full details.
  • We use Gravatar to get your account profile picture. We use a proxy for this request to ensure no information is exposed to third parties. This method prevents the IP address, user agent and referrer header from being sent. See the Gravatar Privacy Policy for more details.
  • We use DuckDuckGo to get your site favicon. We use a proxy for this request to ensure no information is exposed to third parties. This method prevents the IP address, user agent and referrer header from being sent. See the DuckDuckGo Privacy Policy for more details.
  • When you write to us with a question or to ask for help. We keep that correspondence, which includes the email address, so that we have a history of past correspondences to reference if you reach out in the future. We use this data solely in connection with answering the queries we receive. We use Help Scout (privacy policy) as our help desk software.
  • When you submit feedback or feature requests. We keep that feedback which includes the email address. We use this to understand the popularity of requests and to send you a notification when the feature you requested has been released. We use Nolt (privacy policy) as our feedback board.
  • We use CAPTCHA service as a means of spam protection on our account registration form. hCaptcha is a GDPR-compliant and privacy-friendly captcha. See the hCaptcha Privacy Policy for full details.
  • For our blog readers who choose the option to receive blog posts via email. We use Mailchimp to send those blog posts. We have disabled both open tracking and link tracking on all emails sent. See the Mailchimp Privacy Policy for full details.

Retention of data

We will retain your information as long as your account is active, as necessary to provide you with the services or as otherwise set forth in this policy.

We will also retain and use this information as necessary for the purposes set out in this policy and to the extent necessary to comply with our legal obligations, resolve disputes, enforce our agreements and protect Plausible’s legal rights.

You can choose to delete your Plausible Analytics account at any time. All your data will be permanently deleted immediately when you delete your account.

Changes and questions

We may update this policy as needed to comply with relevant regulations and reflect any new practices. Whenever we make a significant change to our policies, we will also announce them on our company blog or social media profiles.

Contact us at privacy@plausible.io if you have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information.

Last updated: October 17, 2023