Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Nope, they use US providers. The servers are in the EU but the providers are US companies and that means that they aren’t GDPR compliant at all. This is exactly what Schrems II targets.


All site data plausible.io stores on behalf of the customers is hosted in Germany on servers owned by Hetzner, a European-owned company. Previously it was hosted by Digital Ocean in Germany but the move to Hetzner was made last year.

For our self-hosted version, you can install it with any cloud provider and in any country you wish. Even in the USA.


Can someone tell me if this is even true? Plausible doesn't save any GDPR related data as far as I know?

https://plausible.io/privacy-focused-web-analytics#no-person...

And the backend is hosted @ Hetzner in Germany


All site data plausible.io stores on behalf of the customers is hosted in Germany on servers owned by Hetzner, a European-owned company. Previously it was hosted by Digital Ocean in Germany but the move to Hetzner was made last year.


That's written on their site, but isn't true:

https://imgur.com/a/9wEanqD


All site data plausible.io stores on behalf of the customers is hosted in Germany on servers owned by Hetzner, a European-owned company. Previously it was hosted by Digital Ocean in Germany but the move to Hetzner was made last year.


By its very nature, an analytics product must process personal data.

Personal data is "any information relating to an identifiable individual" (see GDPR art 4(1).

Your IP address, browser and OS (via user agent), the website you visited, the pages you visited, time of visit, the site you came from (via referrer) are all personal data.

If Plausible have put a US owned cloud provider in-front of their Hetzner infrastructure, even if for a legitimate purpose (CDN, DDoS prevention) then that is likely an unlawful transfer of personal data to the USA.


>> Your IP address, browser and OS (via user agent), the website you visited, the pages you visited, time of visit, the site you came from (via referrer) are all personal data.

No. These are all not considered PII. Only the IP address in this list definitely is.

All other information with a wholly anonymized user would be considered by most interpretations to be ok. Often it depends on the context and presence of other meta-data on whether something is PII or not.


“PII” is not a term the EU or UK GDPR recognises. It may have a specific meaning in American law; but the GDPR definition of personal data is significantly broader.

It certainly includes the items I listed; particularly when linked to an identifier like an IP address.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: