Analytics Alternatives: who runs where
Matomo, Plausible, Fathom and others are often cited as privacy-respecting Google Analytics alternatives. But privacy compliance and infrastructure sovereignty are not the same thing. A reference table comparing European analytics vendors by actual infrastructure provider.
The conversation around “privacy-friendly analytics” has grown significantly since GA4 started raising GDPR compliance questions across Europe. But most of that conversation conflates two distinct concepts: data collection practices (what you collect and how you process it) and infrastructure sovereignty (who owns the servers and under which legal jurisdiction they can be compelled to disclose).
A tool can be fully GDPR-compliant and still run on infrastructure subject to US surveillance law. The table below separates the two.
| Vendor | Legal entity | Infra provider | DC regions | CLOUD Act | FISA 702 | Self-hostable | DPA | Verified |
|---|---|---|---|---|---|---|---|---|
| Matomo (Self-Hosted) | NZ | own | user-defined | no | no | yes | yes | 2026-04-12 |
| Matomo Cloud | NZ | Alwaysdata SARL | FR (Île-de-France) | no | no | no | yes | 2026-04-12 |
| Plausible | EE | OVH SAS | PL (Warsaw) | no | no | yes | yes | 2026-04-12 |
| Fathom | CA | AWS | US (main) + EU CDN | yes | yes | no | yes | 2026-04-12 |
| Pirsch | DE | Hetzner | DE (Saxony) | no | no | no | yes | 2026-04-12 |
| Umami Cloud | US | Cloudflare | global CDN (US-owned) | yes | yes | yes | no | 2026-04-12 |
| Simple Analytics | NL | WorldStream / LeaseWeb | NL (South Holland) | no | no | no | yes | 2026-04-12 |
| PostHog | US | AWS | US (main) + eu-central-1 (EU cloud) | yes | yes | yes | yes | 2026-04-12 |
| Countly | US | GCP | US (Iowa) | yes | yes | yes | yes | 2026-04-12 |
Data sourced from the eu-martech-sovereignty public repo. Found an error? Open a PR.
What the data shows
The analytics category has the most genuine EU-sovereign options of the three categories covered in this series.
Four vendors run on EU-incorporated hosting with no US parent company: Matomo Cloud (Alwaysdata SARL, France), Plausible (OVH SAS, France — Warsaw datacenter), Pirsch (Hetzner Online GmbH, Germany), and Simple Analytics (WorldStream B.V. and LeaseWeb Netherlands, both Dutch). For these four, the infrastructure provider itself is not subject to CLOUD Act or FISA 702.
The remaining cloud vendors present a more familiar picture. Fathom runs primarily on AWS (despite offering EU data isolation) and is incorporated in Canada — not EU, and using US-owned infrastructure. PostHog’s EU cloud option uses AWS eu-central-1 (Frankfurt), but PostHog Inc. is a US company, so CLOUD Act exposure persists regardless of data center location. Countly and Umami Cloud both resolve to GCP and Cloudflare respectively.
Two observations on self-hosting: Matomo, Plausible, Umami, PostHog, and Countly all offer genuine self-hosting. For tools on US-owned infrastructure, self-hosting on Hetzner, OVH, or similar EU-owned providers is the only path to removing that exposure. The table’s self_hostable column marks which vendors make this possible.
Self-hosting note
Several vendors in this table offer self-hosting options that fundamentally change the infrastructure picture. When self-hosted on non-US-owned infrastructure, CLOUD Act and FISA 702 exposure drops to whatever the hosting provider’s legal jurisdiction is. The table marks self-hostable vendors — check their documentation for supported deployment targets.
Methodology
Full methodology: methodology.md.
Last full review: 2026-04-12. Open a PR with corrections.
Help keep this accurate
Backed by the eu-martech-sovereignty public repo.
See also: European company ≠ European infrastructure · CMP comparison · sGTM hosting comparison