Privacy & law · Knowledge
What does IP anonymisation in Matomo do?
The IP address counts as personal data in the EU – storing it in full turns every analytics log into a GDPR file. Matomo therefore masks it before storage.
The setting lives in Matomo under Privacy → Anonymize data; masking two bytes (e.g. 192.168.x.x) is the common recommendation – enough anonymity, country-level geolocation survives.
How masking works – and why it belongs to every setup
Matomo applies the mask at tracking time: before a request is written to the database, the configured number of IP bytes is zeroed – one byte keeps city-level geolocation roughly intact, two bytes (the widespread recommendation and a common default) still allow country and region statistics, three bytes maximise anonymity at the cost of most geo detail. The masked address is what gets stored, used for visit recognition and shown in the Visits Log; the full address is not retained. Combined with the cookieless mode from the neighbouring question, this is the backbone of the privacy-friendly Matomo setup this whole site describes: nothing on the visitor's device, no full IP in the database, all data on your own server. Two practical notes complete the picture: first, check the setting after every fresh Matomo installation – it is present but its default depends on version and installation path, so verifying takes ten seconds and removes doubt; second, mention the anonymisation in your privacy policy, because a measure nobody can read about protects your visitors but not your paperwork.
Key facts
- Why: the IP address is personal data in the EU – full storage creates GDPR obligations.
- Where: Matomo → Administration → Privacy → Anonymize data.
- Recommendation: mask 2 bytes – country/region statistics survive, identification does not.
- Timing: masking happens before storage – the full IP is not retained.
- Duo: IP masking + cookieless mode = the backbone of the banner-lean Matomo setup.