EuroTools360

Analysis and opinion about umami as a European alternative

Written by

EuroTools360

Umami Germany

Umami: An open-source, privacy-first, self-hosted web analytics platform &nbsp umami.is

What is Umami?

Umami is an analytics tool built for those who want to reclaim both simplicity and respect for user privacy. As an open-source, self-hosted platform, Umami gives website owners full control over their data. It tracks essential metrics—pageviews, referrers, device types, custom events—and strips away the complexity, feature bloat, and invasive data collection typical of many US-based analytics giants such as Google Analytics, Mixpanel, or Adobe Analytics. Unlike many of those tools, users of Umami are not forced to hand over personal data to companies operating under exclusive control of third parties or cloud providers outside of the EU context.

GDPR Compliance and Privacy Features

One of Umami’s strongest selling points is that it was designed to align closely with GDPR obligations. It:

  • Does not collect personally identifiable information (PII) by default, and anonymizes IP addresses—visitor identities are not stored permanently.
  • Operates without cookies for tracking, meaning no cookie consent banner is strictly needed under many EU laws—provided tracking is limited to aggregated, anonymized data with no cross-site profiling.
  • Supports self-hosting and the ability to run servers within the EU, or choose an EU region when using its cloud option, helping avoid issues with data being transferred to the US without proper legal safeguards.

Still, there are caveats. Under GDPR, “cookieless” setups can still require consent depending on how identifiers, even pseudonymous ones, are used, whether IPs are stored (even transiently), and whether features like returning visitor tracking are involved. Umami’s documentation and discussions acknowledge these gray areas—using built-in features that collect identifiable data (e.g., emails or identities via events) will increase compliance obligations.

Hosted vs Self-Hosted: Where and How Umami Is Run

Umami can be used in two primary modes:

  • Self-hosted: you install Umami on infrastructure you control—your choice of server provider, and geographic location, often inside the EU. You manage the database, app updates, and infrastructure. This gives you maximum control over data sovereignty and privacy.
  • Cloud / Managed option (“Umami Cloud”): for users who prefer not to manage servers, there’s a hosted version. Umami Cloud allows you to choose between EU or US regions and provides plans with fixed rates. This still follows GDPR-friendly practices in data collection and anonymization.

Using EU-based hosting providers for your Umami deployment—whether via a cloud plan or self-hosted environments like Scaleway, or DigitalOcean’s EU regions—helps ensure that data stays in Europe and that GDPR’s cross-border restrictions on transfers are satisfied.

Plans, Pricing, and Free Usage

Umami offers a variety of pricing options:

Mode Cost Limits / Features
Self-hosted Free You supply infrastructure no license fee you manage setup and hosting.
Cloud plans ~US9 to US49/month Includes a free tier at 100,000 events/month higher plans offer more event volume, better retention, and team features.

The free option is usable both via the open-source self-hosted version or a free tier in the hosted service—making Umami particularly attractive for hobby sites, small businesses, or anyone wanting analytics without paying a large premium.

Comparisons with US-Based Big Tech Analytics

Contrast Umami with services like Google Analytics 4 or Mixpanel, both based in the United States. These tools often collect a broad range of user data, including IP addresses, device fingerprints, and sometimes persistent identifiers or cookies. Under GDPR, they face scrutiny when data flows from the EU to US servers, amid concerns about lawful data transfer mechanisms, adequacy decisions, and privacy protections. The EU-US “Privacy Shield” was invalidated (Schrems II), and Standard Contractual Clauses or other safeguards are often required—and may be challenged.

Umami sidesteps many of these issues by minimising what data is collected, offering self-hosting and EU-based options, and avoiding third-party tracking. It is a GDPR-adequate alternative in many scenarios—especially when set up appropriately—whereas Google Analytics often requires additional configuration (e.g., IP anonymization, data retention settings), consent banners, and legal boilerplate to support compliance.

Best Practices for Using Umami Compliantly

  1. Decide whether you need consent: if you store any data that can be considered personal (even pseudonymous) or track returning users, you may need a cookie consent banner and a privacy policy. Use features that maintain full anonymity if you want to avoid those requirements.
  2. Host your deployment inside the EU or select an EU region when using Umami Cloud to ensure data residency.
  3. Monitor your use of features like custom events, email capturing, or identify() functions—these can introduce personally identifiable information and raise compliance obligations.
  4. Document your data collection practices in a privacy policy or legal notice: what you collect, how long you retain data, how its anonymized, and what legal basis you rely on (legitimate interest, for example).
  5. Understand local interpretations (e.g. CNIL in France, the EDPB across the EU) of when “necessary” analytics are exempt from consent. Laws and guidance can shift.

In Summary

Umami represents one of the most compelling European -friendly alternatives to big-tech analytics tools. It combines openness, minimal data collection, cookieless tracking, and the option for full data sovereignty through self-hosting or EU-region cloud deployment. When compared to Google Analytics or Mixpanel, Umami offers a cleaner, less invasive, and more compliant way to understand web traffic—especially for those operating under GDPR or preparing for similar privacy regulations.

For any organization willing to forgo the depth of some enterprise-grade feature sets in exchange for simplicity, ethical design, and legal safety, Umami provides a strong path forward. By using it conscientiously—avoiding PII collection, hosting in the EU, and following consent rules where needed—you can achieve meaningful analytics without compromising on privacy or legal compliance.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by