GDPR-Compliant Analytics Without Google

Google Analytics has a problem in the DACH region

In December 2021, the Austrian Data Protection Authority (DSB) ruled that using Google Analytics violates the GDPR. The reason: personal data is transferred to the US without an adequate level of protection. France, Italy, and other EU countries followed with similar decisions.

Google has made improvements. GA4 offers EU-only data processing, IP anonymization, and shorter retention periods. Yet the fundamental problem remains: you are using a service from a US company subject to the CLOUD Act. The EU-US Data Privacy Framework (DPF) exists, but after Safe Harbor and Privacy Shield, its long-term stability is anything but certain.

The consent problem

Even if you want to keep using Google Analytics: in the DACH region, the typical consent rate is 30-50%. That means you only see half of your visitors. Every analysis is based on a skewed dataset.

The alternative: analytics tools that require no consent. This sounds too good to be true, but has clear prerequisites:

• No cookies set
• No personal data processed (no IP addresses, no fingerprints)
• No data transferred to third countries
• Aggregated data instead of individual user profiles

Tools like Plausible, Fathom, and Umami meet these criteria and can be used without a cookie banner. Your data protection officer should confirm the legal assessment for your specific case.

The candidates

Matomo (Self-Hosted or Cloud)

The most well-known open-source analytics tool. Matomo is the direct Google Analytics replacement with feature parity.

Strengths:

• Full feature parity with GA (funnels, heatmaps, session recording)
• Self-hosted: data never leaves your server
• No consent needed with correct configuration (cookieless mode)
• Import of historical GA data possible
• PHP-based, runs on any web server

Weaknesses:

• Self-hosted requires maintenance (updates, database, performance)
• Cloud version on EU servers, but paid (from €23/month)
• Interface is complex (GA-like, not minimalist)
• Performance at high traffic requires tuning (MySQL/MariaDB)

Plausible Analytics

Lightweight, privacy-first alternative. Developed in the EU (Estonia), open source.

Strengths:

• Script under 1 KB (vs. 45 KB for GA)
• No cookie banner needed
• EU hosting (Hetzner, Germany)
• Simple, clear dashboard
• Open source, self-hosting possible

Weaknesses:

• No funnels, heatmaps, or session recordings
• No e-commerce tracking
• Fewer segmentation options
• Limited API for custom reports

Fathom Analytics

Privacy-first analytics from Canada. Similar approach to Plausible, but closed source.

Strengths:

• No cookie banner needed (EU-isolated data processing)
• Simple dashboard
• Automatic UTM parameter tracking
• EU data processing via isolated servers
• Excellent support

Weaknesses:

• Closed source (no self-hosting)
• Canadian company (not EU)
• More expensive than Plausible (from $15/month)
• Fewer features than Matomo

Umami

Minimalist open-source tool. Focus on simplicity and self-hosting.

Strengths:

• Fully open source (MIT license)
• Lightweight, fast dashboard
• Self-hosting on your own server
• PostgreSQL or MySQL as database
• No cookie banner needed

Weaknesses:

• Minimal feature set
• No heatmaps, funnels, or session recordings
• Community-driven, small team
• Cloud version only recently available

The comparison

Criterion	Matomo	Plausible	Fathom	Umami
Price (Cloud, 100k views)	€23/mo	€19/mo	$15/mo	€9/mo
Price (Self-Hosted)	€0	€0	N/A	€0
Cookie banner needed	No*	No	No	No
Data location	EU/Self	EU (DE)	EU-isolated	Self-hosted
Feature scope	Very high	Low	Low	Minimal
Script size	~22 KB	under 1 KB	~2 KB	~2 KB
Open source	Yes (GPL)	Yes (AGPL)	No	Yes (MIT)

*Matomo configured without cookies, not in default mode.

Self-hosted vs. cloud

The fundamental question with open-source analytics: run it yourself or use the hosted version?

Server-side tracking: The middle ground

If you cannot do without advanced analytics, server-side tracking is an option. Instead of having the user's browser communicate directly with the analytics service, everything runs through your own server.

How it works:

1. Your frontend sends events to your own API
2. Your API anonymizes the data (IP hashing, no user IDs)
3. Your API forwards the aggregated data to the analytics service

Advantages: Ad blockers are bypassed, full control over data flows, no third-party cookies.

Disadvantages: Additional infrastructure, higher development effort. For teams that have a subscription development partner, this can be implemented in a few days. For teams without dedicated developers, it can be disproportionately expensive.

Our recommendation

For startups and small SaaS: Plausible Cloud. Best ratio of simplicity, GDPR compliance, and cost. No cookie banner, EU hosting, 5-minute setup.

For feature-hungry teams: Matomo self-hosted on Hetzner. Complete GA replacement with funnels, heatmaps, and e-commerce tracking. Requires DevOps capacity though.

For maximum control: Umami self-hosted. Open source, minimalist, PostgreSQL-based. Ideal if you only need pageviews, referrers, and UTM parameters.

Conclusion

Google Analytics is not a technical problem, but a legal one. The alternatives are mature, affordable, and in many cases even better because they show you 100% of your visitors instead of only the 40% who accept the cookie banner.

The migration takes an afternoon. This is one of the few infrastructure decisions that simultaneously improves compliance and increases data quality.

---

Related Topics

• Hosting Germany: Hetzner vs AWS vs Vercel
• Email Infrastructure for SaaS in DACH
• Authentication for SaaS Done Right
• GDPR in Software Development