๐ฉบ Vitals
- ๐ฆ Version: 5.8.0 (Released 2026-03-04)
- ๐ Velocity: Active (Last commit 2026-03-19)
- ๐ Community: 21.4k Stars ยท 2.8k Forks
- ๐ Backlog: 2518 Open Issues
๐๏ธ Profile
- Official: matomo.org
- Source: github.com/matomo-org/matomo
- License: GPL v3 (Core) | Proprietary (Premium)
- Deployment: Docker | SaaS
- Data Model: MySQL / PHP / Redis
- Jurisdiction: New Zealand (InnoCraft Ltd.) ๐ณ๐ฟ / Global Community ๐
- Compliance: GDPR Gold Standard | SOC 2 (Reliance Only)
- Complexity: Medium (3/5) - Docker / PHP Stack
- Maintenance: Low (2/5) - Professional, established company (InnoCraft).
- Enterprise Ready: High (5/5) - GDPR manager, BAA support (SaaS), and multi-user.
1. The Executive Summary
What is it? Matomo is an enterprise-grade web analytics platform designed to be the "legal antidote" to Google Analytics (GA4). Developed by InnoCraft in New Zealandโa jurisdiction with a formal EU "Adequacy Decision"โit provides 100% data sovereignty and is explicitly engineered to satisfy the strictest GDPR and HIPAA requirements.
The Strategic Verdict:
- ๐ด For Regulated Industries (Health/Finance): Approve for Self-Hosting Only. InnoCraft does not sign BAAs for Matomo Cloud. Deploying the open-source core within your own VPC is the only path to elite compliance.
- ๐ข For General Corporate Marketing: Strong Buy. Matomo Cloud is an excellent, low-risk deployment that immediately resolves the legal liabilities associated with US-based big tech trackers while providing a familiar, powerful analytics experience.
2. The "Hidden" Costs (TCO Analysis)
| Cost Component | GA4 (SaaS) | Matomo (Self-Hosted) |
|---|---|---|
| Data Ownership | Google Property (High Risk) | 100% Sovereign (VPC) |
| Privacy Banner | Mandatory (Cookie-Based) | Optional (Cookieless) |
| Support/SLA | Limited (Free Tiers) | In-house / Paid SLA |
3. The "Day 2" Reality Check
๐ Deployment & Operations
- Installation: Primarily deployed via Docker Compose or a standard LAMP/LEMP stack. Its architecture is mature and robust, capable of handling high-traffic enterprise web properties.
- Scalability: Highly scalable through distributed database configurations and the use of Redis for high-frequency tracking queues.
๐ก๏ธ Security & Governance
- Access Control: Robust native support for granular user permissions and site-level isolation. Enterprise-grade SSO (SAML/LDAP) is available via premium plugins.
- Data Handling: Built-in "GDPR Manager" automates the Right to Erasure and Right to Access requests, significantly reducing the administrative burden of regulatory compliance.
4. Market Landscape
๐ข Proprietary Incumbents
- Google Analytics (GA4): The industry standard, but faces mounting legal challenges in the EU regarding cross-border data transfers and user privacy.
- Adobe Analytics: A powerful enterprise alternative but carries an extreme total cost of ownership and complex implementation cycles.