Plausible Analytics and Data Protection – What Belongs in the Privacy Policy

Plausible Analytics data protection is a central topic for website operators who want to use a cookie-less, European analytics tool. Unlike Google Analytics, Plausible relies neither on persistently storing cookies nor on cross-site tracking – the platform deliberately positions itself as a data-protection-friendly alternative. But GDPR obligations also apply with Plausible: website operators must transparently disclose in their privacy policy which data is processed, for which purposes and on which legal basis. This article shows what you need to know about Plausible Analytics and data protection – and which text templates belong in your privacy policy.

A. Purpose and Function of Plausible Analytics

Plausible Analytics is a web-based analytics tool that enables website operators to analyse visitor numbers, page views and user behaviour patterns – without relying on data-protection-critical technologies such as cookies or user IDs. The open-source project is developed and operated by Plausible Insights OÜ (Estonia, EU).

Core features of Plausible:

• No cookies: Plausible does not rely on cookies or localStorage, but collects data from HTTP request headers.
• IP hashing: IP addresses and user agent are hashed daily with a changing salt and the raw data is then deleted.
• No cross-site profiling: Data is isolated per website, day and device; no tracking across multiple domains.
• EU hosting: All data is stored on German servers (Hetzner, Falkenstein); no transfers to third countries.
• Open source: Plausible Community Edition (CE) is freely available under AGPLv3 and self-hostable.

The tool works through a JavaScript snippet on the website that reports page views and optional custom events to the Plausible servers. Web server log data such as HTTP referrer, user agent and the IP address are automatically collected and partly (IP) processed in anonymised form.

B. Mandatory Disclosures of the Privacy Policy when Using Plausible

Anyone using Plausible must update their privacy policy in accordance with Art. 13 GDPR (individual notification) or Art. 14 GDPR (blanket for the website). The policy should at least cover the following points:

• Purposes of data processing (e.g. visitor statistics, page speed optimisation)
• Processed data categories (anonymised IP hashes, user agent, referrer, location data)
• Legal bases (Art. 6(1)(f) GDPR – legitimate interest; or consent under Art. 6(1)(a) GDPR, if locally required)
• Processors (Plausible Insights OÜ, sub-processors: Hetzner, Bunny)
• Retention period (regularly 90 days, configurable)
• Data subject rights (access, rectification, erasure under conditions)

A common error is the "text template per tool" strategy in which each tool is dealt with individually. Better: topic-oriented structure (e.g. chapter "Statistics and analytics") with clear structure and reference to the recipient matrix in the annex.

C. Provider of Plausible Analytics

Plausible Insights OÜ

• Seat: Västriku tn 2, 50403 Tartu, Estonia (EU)
• Company register number: 14709274
• VAT: EE102324299
• Representative: Uku Täht
• Privacy Policy: https://plausible.io/privacy
• Data Policy: https://plausible.io/data-policy
• DPA (Data Processing Agreement): https://plausible.io/dpa

When using the cloud variant (Plausible Cloud), Plausible Insights OÜ acts as a processor and is contractually obliged to conclude a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR. This is available on the Plausible website.

Self-hosting option: Plausible Community Edition (CE) can be hosted on your own servers. In this case, Plausible Insights does not act as processor; the operator alone bears the responsibility as controller under Art. 4(7) GDPR.

D. Data Processing with Plausible – Workflow in Steps

E. Data Collected by Plausible

Plausible collects and processes the following data categories:

Web server log data (anonymised)

• IP address (as daily hash derivative)
• User agent (browser, operating system)
• HTTP referrer
• Page URL, timestamp

Click paths and page views

• Sequence of visited pages per session

Device and browser information

• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Screen resolution

Rough location data

• Country, region, city (based on anonymised IP)
• No exact geolocation

Conversion events

• Optional: Custom events that are explicitly measured by the website operator (e.g. "Purchase completed")

Important: Plausible stores no persistent user IDs, no cookies, no e-mail addresses and no further personal data. According to the provider's information, this is not personal data within the meaning of the GDPR, since neither a natural person is identified nor traceable over several days. This assessment is not undisputed (see Section G).

F. Purposes of Use

Plausible Analytics is used for the following purposes:

General product improvement

• Analysis of user behaviour: Which pages are visited frequently? Where is the bounce rate high?
• Optimisation of website performance and structure
• Identification of weaknesses in the user flow

Plausible does not enable user-individual marketing, profiling or tracking across multiple domains. There is no possibility to identify individual users or track their behaviour over longer periods.

G. Legal Bases for Plausible Analytics

Legal category

Plausible Analytics falls into the category "Statistics and website optimisation" and is thus a form of tracking without user ID. The question of the required legal basis is disputed among data protection professionals and lawyers.

Provider's reasoning

Plausible Insights argues that no personal data is processed because:

• IP addresses are not stored, but hashed
• No cookies or user IDs are created
• Data is not identifiable for more than 24 hours
• No cross-site profiling takes place

Under this view, no consent under Art. 6(1)(a) GDPR would be required.

Widespread German legal view

According to the view of many German data protection authorities and lawyers, a legal basis is required, even if identification is difficult:

Art. 6(1)(f) GDPR (legitimate interest)

• The website operator has a legitimate interest in analysing user behaviour in order to improve its website and steer business operations.
• A balancing of interests (Art. 6(1) sentence 1 sentence 2 GDPR) regularly speaks in favour of the controller if Plausible is transparently disclosed in the privacy policy.

§ 25(1) TDDDG (Telemedia Act)

• The TDDDG requires consent if access to terminal devices takes place (storage or reading of data, e.g. cookies).
• Plausible refrains from terminal device storage; therefore TDDDG consent may not be required.
• However, this is disputed and depends on the individual case.

Distanced conclusion

Whether Plausible is GDPR-compliant in the specific case depends on:

1. The actual processing configuration (e.g. whether custom events establish personal reference)
2. The locally applicable legal view (German authorities sometimes see this differently than Baltic ones)
3. The wording and transparency in the privacy policy

A defensive approach: classify Plausible as processor with DPA and document a transparently formulated consent (cookie banner) or an explicit legal basis (Art. 6(1)(f) GDPR).

H. Special Features and Notes on Plausible

• No cookies: Plausible uses neither first-party cookies nor third-party cookies; therefore a classic "cookie banner" is not required.
• No fingerprinting: No tracking pixels, device identifiers or browser fingerprints are generated.
• IP hashing with daily salt: The hash function is hash(daily_salt + website_domain + ip_address + user_agent); the salt is regenerated daily and deleted.
• EU hosting: All data is processed and stored on servers in Germany (Hetzner, Falkenstein).
• DPA available: Plausible offers a standard Data Processing Agreement that fulfils Art. 28 GDPR.
• Self-hosting possible: Plausible Community Edition (open source, AGPLv3) can be hosted on your own servers to gain full control over data storage and retention.
• Role: Processor (cloud variant): When using Plausible Cloud, the company acts as processor and is contractually obliged to comply with Art. 28 GDPR.

I. FAQ on Plausible Analytics and Data Protection

J. Conclusion and Call-to-Action

Plausible Analytics is a European, data-protection-friendly alternative to Google Analytics. The tool deliberately refrains from cookies and cross-site tracking and thus promises a lower data protection burden for website operators.

However: Anyone using Plausible must also transparently disclose the data processing in their privacy policy (Art. 12(1) GDPR). A common error is the so-called "text template per tool" strategy, in which each analytics tool is described individually and redundantly. Better approach: Topic-oriented privacy policy with a chapter "Statistics and website optimisation" in which all tools (Plausible, Matomo, etc.) are integrated. In the annex there should be a table of processors and sub-processors (including contact details and DPA link).

K. Curator

---

Sources

• Plausible Analytics Data Policy
• Plausible Analytics Privacy Policy
• Plausible Analytics Data Processing Agreement
• Plausible Analytics Security Practices
• Plausible Insights OÜ – Estonian Company Register
• GitHub: Plausible Analytics Open Source