Protect data from export?

  • Resolved eftcolumbus

    (@eftcolumbus)


    4 years, 10 months ago

    Hi I’m considering switching from GA to Matomo. I have found a freelancer who can help me set it up, but since this is my first time working with him, I want to be sure that he is not able to export any of my user data, most specifically email addresses. I plan on being the superadmin, and I know how to protect my users info within wordpress, but I dont’ know what permissions Matomo will give him. I wrote directly into Matomo support a week ago but haven’t heard anything, and I’d like to use this slower Covid time to switch over.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Thomas

    (@tsteur)

    Hi @eftcolumbus

    It depends what this freelancer would do. Anyone who has access to configure Matomo has also access to view (and therefore exports) reports within Matomo. Matomo does not track any email addresses or other personal data by default though. Even the IP address is automatically anonymised by default. So that shouldn’t be a problem.

    If you wanted that user to configure only Matomo, but not have access to anything else in your WordPress, you could give him for example the “Matomo Super User Role”. The user would only have permission to Matomo itself but nothing else so wouldn’t be able to export any other of WordPress data. Or you could create a basic user with any role plus give that user extra the “Matomo Super User capability”.

    Getting started with Matomo is btw as easy as installing and activating the plugin and then clicking on “Activate Tracking”. The plugin comes with a getting started page explaining what to do. Eg we recommend to also add a shortcode to the privacy page so users can opt out.

    Does this maybe help @eftcolumbus ?

    Thread Starter eftcolumbus

    (@eftcolumbus)

    Thank you this helps, I think…I just want to confirm because when I was googling around for the answer I went to this page:

    https://developer.matomo.org/guides/database-schema#users

    When it says email, I wasn’t sure if that meant only users with access to editing Matomo or all my users (granted I’m not a developer so maybe that would be clear to a dev).

    I planned on installing it myself and giving him permissions, but if it’s anything like Google Analytics I set up the basics and then lose all interest and my will to live. ?? Thought I’d just skip that part and have someone set it all up.

    And I was planning on making sure his wordpress capabilities exclude viewing or exporting my users, so I’ll follow those directions.

    • This reply was modified 4 years, 10 months ago by eftcolumbus.
    • This reply was modified 4 years, 10 months ago by eftcolumbus.
    Plugin Author Thomas

    (@tsteur)

    @eftcolumbus I’m so sorry I forget about the users table. I was only thinking of tracking data. What this users table contains is information of users within your WordPress that have access to your Matomo reports. That would be only your user, and the contractor you choose unless you later decide to give other users access too.

    The contractor cannot edit or see any of this user info directly. The contractor could query the Matomo API and fetch the data through the Matomo UsersManager API, but it would only include user information of users that have access to view Matomo reports. That’s by default only administrators (or super admins if plugin is network enabled in WP multisite).

    The installation is btw heaps easier (really just one click mostly) compared to GA which I wouldn’t want to do either ??

    Hope that helps.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Protect data from export?’ is closed to new replies.