Plausible doesn't mention having a DPO or GDPR correspondent but has a privacy dedicated email contact available on its website: firstname.lastname@example.org
Estonia 🇪🇪 (EU) 🇪🇺
All analytics data is processed by German cloud provider Hetzner, in Germany.
Possibility to host Plausible Analytics on controller premises.
Plausible doesn’t transfer analytics data outside the EU.
For every subcontractor, Plausible assesses its commitment to privacy and signs a DPA including controller-processor Standard Contractual Clauses.
Plausible has made public its list of subprocessors: https://plausible.io/privacy
In case of data breach, Plausible will notify the controller without undue delay by email (not later than 48 hours after having become aware of it) and provide a description of the incident as well as periodic updates about the incident, including its impact.
Data requests will be forwarded to the controller without delay.
Plausible will provide assistance to the controller for DPIAs.
Employees required to access analytics data are informed of the confidential nature of the data and comply with the GDPR obligations sets out in the DPA.
Plausible doesn’t mention having a security policy.
Cloud security relying on Hetzner.
data anonymisation, data pseudonymisation (hash), DDoS protection, back ups in a redundant site.
Data is encrypted in transit (HTTPS) and at rest.
Plausible allows external access or processing of personal data to employees submitted to confidentiality clauses for IT support and maintenance.
Plausible doesn’t reuse analytics data or share it with third-parties.
Plausible doesn’t collect cookies.
NO, data is stored in the EU by an European cloud provider.