๐ฉบ Vitals
- ๐ฆ Version: v3.2.1 (Released 2026-05-15)
- ๐ Velocity: Active (Last commit 2026-06-17)
- ๐ Community: 27.2k Stars ยท 1.6k Forks
- ๐ Backlog: 72 Open Issues
๐๏ธ Profile
- Official: plausible.io
- Source: github.com/plausible/analytics
- License: AGPL v3
- Deployment: Docker | SaaS
- Data Model: PostgreSQL / ClickHouse
- Jurisdiction: Estonia ๐ช๐ช (Plausible Insights Oร)
- Compliance (SaaS): N/A (Undisclosed)
- Compliance (Self-Hosted): GDPR Ready
- Complexity: Medium (3/5) - PostgreSQL + ClickHouse dual-database stack
- Maintenance: Medium (3/5) - Two databases to patch and back up; CE tracks upstream releases
- Enterprise Ready: Medium (3/5) - SSO, scheduled exports, and Sites API restricted to Enterprise tier
1. The Executive Summary
What is it? Plausible Analytics is a privacy-first web analytics platform built by Plausible Insights Oร in Estonia. Its defining architectural decision is a sub-1KB, cookie-free tracking script that collects no personally identifiable information โ removing the consent banner requirement under GDPR, CCPA, and PECR. The SaaS runs exclusively on EU infrastructure providers (Hetzner, UpCloud, Bunny) with no US data processing at any point in the pipeline. The Community Edition (AGPLv3) is fully self-hostable via Docker.
The Strategic Verdict:
- ๐ด For Enterprises Modifying Source Code: Caution. AGPLv3 requires any network-accessible modifications to be open-sourced under the same licence. Legal review is mandatory before forking or embedding into proprietary platforms.
- ๐ข For EU Organisations Replacing GA4: Strong Buy. Estonian jurisdiction, EU-only infrastructure, and cookie-free architecture eliminate CLOUD Act exposure and consent banner complexity simultaneously โ with near-zero integration effort.
2. The "Hidden" Costs (TCO Analysis)
| Cost Component | GA4 (SaaS) | Plausible (Self-Hosted) |
|---|---|---|
| Data Ownership | Google Property (High Risk) | 100% Sovereign (Your ClickHouse) |
| Consent Banner | Required (Cookie-Based) | Not Required (Cookie-Free) |
| Data Accuracy | 30โ50% loss (consent/blockers) | Near-100% capture (no cookies) |
| Infrastructure | $0 (data is the product) | PostgreSQL + ClickHouse hosting |
| SSO / SAML | Included (Google Workspace) | Enterprise tier only |
3. The "Day 2" Reality Check
๐ Deployment & Operations
- Installation: Docker Compose with PostgreSQL and ClickHouse. The tracking script is under 1KB โ negligible page weight. SaaS onboarding requires a single script tag with no configuration.
- Scalability: ClickHouse handles high-volume event ingestion efficiently. Both database components scale independently; the application layer is stateless.
๐ก๏ธ Security & Governance (Risk Assessment)
- Jurisdiction & Geopolitics (Estonia ๐ช๐ช): Plausible Insights Oร is incorporated in Estonia โ a full EU member state with no US CLOUD Act exposure. SaaS infrastructure runs exclusively on EU-based providers (Hetzner, UpCloud, Bunny). No data transits US-controlled infrastructure at any point, eliminating the cross-border transfer risk that makes GA4 a legal liability for EU organisations under current GDPR enforcement.
- The Compliance Shift: The SaaS version collects no PII and sets no cookies, natively satisfying GDPR consent requirements without additional configuration. No SOC 2 or ISO 27001 certifications have been published for either the SaaS or self-hosted deployments. Self-hosting the Community Edition transfers all infrastructure security obligations to the operator โ PostgreSQL and ClickHouse hardening, access controls, backup, and patch management become internal responsibilities. The privacy-by-design architecture (no PII, no cookies) is inherited automatically.
- License Risk (AGPLv3 โ The Copyleft Trap): AGPLv3 extends copyleft obligations to network use โ a critical distinction from standard GPL. If an enterprise modifies Plausible's source code and makes the modified version available over a network, those modifications must be released under AGPLv3. Unmodified deployments carry no disclosure risk. Enterprises embedding analytics into proprietary SaaS products must evaluate whether their integration constitutes a "derivative work" โ legal counsel is non-optional before any code modification.
4. Market Landscape
๐ข Proprietary Incumbents
- Google Analytics (GA4): The dominant free web analytics platform โ effectively free because visitor behaviour data feeds Google's advertising intelligence. EU organisations face mounting GDPR transfer risk and mandatory consent banner overhead that reduces data accuracy by 30โ50%.
- Adobe Analytics: Enterprise analytics suite with high per-hit licensing costs and complex implementation cycles. Organisations migrate to Plausible to eliminate vendor lock-in and reclaim full data ownership without the infrastructure weight of a full GA4-replacement stack.
๐ค Open Source Ecosystem
- Matomo: Full GA4 feature parity โ goal tracking, e-commerce reporting, session recordings, and a mature plugin ecosystem. Preferred when complete GA4 replacement functionality is required; Plausible is the choice when lightweight deployment, minimal maintenance, and EU jurisdiction are the priorities.
- Umami: MIT-licensed, similarly lightweight and cookie-free. US jurisdiction (Delaware) vs. Plausible's EU base. Choose Umami for maximally permissive licensing and zero copyleft risk; choose Plausible for EU jurisdiction and bootstrapped independence from venture capital.