EU DPA declares Google Analytics illegal because it runs on US cloud providers. Fathom is a Canadian company, and all of your EU traffic never leaves German-owned servers.
Sign inFree trial

Security

We use multiple cloud providers to help us deliver our service.

Note: while we do use Amazon Web Services (AWS), all of your EU website traffic is processed via EU isolation. Your EU website visitors' Personal Data (IP address or user agent) never touches US infrastructure. Your compliance is a number one priority for us. We have a detailed section on Privacy law compliance, with a detailed data journey if you'd like to learn more.

The following is an overview of the security of various services we use to power Fathom:

Service providers

The following is a list of the key service providers we rely on to power Fathom Analytics.

bunny.net (CDN)

Analytics collection is routed via our EU-based CDN, bunny.net, to achieve EU isolation. The CDN is distributed worldwide, and your website visitors will hit the data center closest to them.

We use SSL / TLS to ensure connections between your website visitors and our CDN are encrypted.

Bunny automatically routes EU data to Hetzner Online GmbH (for GDPR compliance via EU isolation or to Amazon Web Services (AWS) for non-EU traffic. Additionally, if you use a free custom domain and have Extreme EU Isolation enabled, we will send all of your traffic to Hetzner, and none will reach AWS, even traffic from the US, etc.

Hetzner Online GmbH

Hetzner Online GmbH powers our EU Isolation set-up, where we keep Personal Data (as per GDPR definition) isolated in the EU. Our Hetzner cluster is highly available, distributed across Nuremberg (Germany), Falkenstein (Germany) and Helsinki.

Hetzner employs the following security measures to protect our infrastructure:

Fathom Analytics employs the following security measures to protect our Hetzner infrastructure:

Amazon Web Services (AWS)

Amazon Web Services is utilized to process website traffic for traffic outside of the EU.

As you might imagine, Amazon Web Services has incredible levels of security:

Fathom Analytics employs the following security measures to protect our AWS infrastructure:

SingleStore

SingleStore is the world's leading database provider, and we use them to store analytics data and application data. Of course, when data is routed via EU Isolation, no Personal Data hits SingleStore, as it's a US provider.

SingleStore employés the following security measures:

Fathom Analytics employees the following security measures to protect our SingleStore infrastructure: * Utilization of complex usernames and passwords, which are cycled periodically for maximum security, along with a UUID connection hostname, which nobody ever sees outside of the management team * We practice data minimization, meaning we only store what we need to, with zero excess data entering the database

Additional security measures

We take the following steps to ensure the highest level of protection for the service:

If you have any questions about security at Fathom Analytics, please reach out at support@usefathom.com, and we'd be happy to answer your questions.