Learn / Blog / Article
Our approach to privacy (2019 and beyond)
TL;DR: as Hotjar's CEO, I’m writing this article to talk openly about what we’ve learned around privacy, mistakes we’ve made, and how this is changing the way we are building Hotjar going forward.
Last updated9 Sep 2021
From its very first day in 2014, Hotjar was designed with privacy of the end user in mind. We believed that looking at how people use a website as a whole was enough to get actionable insight, and set out to build a tool that could only collect anonymized behavioral data.
In those pre-GDPR days, we chose not to build functionality that would allow customers to see user IP addresses or assign other parameters and attributes to data within Hotjar, out of concern that some of it could be misused. For example, that people would watch a recording of somebody abandoning a shopping cart, find their email address, and message them to solicit a purchase.
In 2018, the General Data Protection Regulation (GDPR) was introduced into EU law, finally giving the industry a framework of how data can be collected and processed. We welcomed this legislation and the underlying principles of ‘Privacy by Design’ and ‘Privacy by Default’. At that point, we looked back and realized we had made the right call to not collect user IP addresses and block personal data (such as user IDs and emails) from being introduced into Hotjar, both of which had been common practices in the industry at that point.
But in completely blocking our customers from adding data to Hotjar, and forcing them to use our consent mechanism in feedback tools, we also went one step too far. We took away our customers’ ability to responsibly collect the data they needed and gave ourselves the power to dictate exactly what they could or could not do instead.
In doing so, we also blocked customers from passing data to Hotjar that would allow their users to request the deletion of personal data. Yes, the ability to pass a custom ID can be potentially mis-used, but it can also be used for good and even, in this example, to further safeguard users’ privacy—but our approach did not allow for it.
We know all this because YOU, our customers, have been telling us in customer interviews, through our feature-request page, and when talking to our Support team.
We have learned that you (as do we) have increasingly specific, sophisticated needs when it comes to understanding the behavior of your website visitors—and also the behavior of registered users or existing customers whose data and consent you already collect and safely store. There are many things Hotjar could help you do (e.g. investigate a bug, a ticket, or review a specific behavior of certain customer segments) to really improve your website experience, but we have basically prevented you from doing any of it.
It’s time for us to practice what we preach: listen to feedback and mature our product to give you, our customers, what you need. We want to shift that responsibility right back to where it belongs and give you the tools, control, and decision-power you need to best improve your users’ experience, while keeping privacy at the core of what we do.
Upcoming changes to Hotjar
In November 2019, we will start rolling out Hotjar’s Identify API (our first API), which allows customers who enable it to pass user attributes into their Hotjar account.
(It's important to note upfront that this feature will be optional to use, and customers who use Hotjar precisely because it allows them to understand user behavior without identifying individuals will continue to be able to do so. We know the importance of managing personal information with respect to privacy law, and a bit further on I’ll detail the steps we’ll ask customers to take to be sure they’re being compliant.)
As a Hotjar customer using the Identify API, you will be able to send information you already have about your website visitors (attributes such as spend, customer since, user ID, etc.) into Hotjar, and use it across your account for more advanced targeting and/or more granular filtering and segmentation—which will make it faster for you to find insights from the customer segments you’re interested in.
Actions such as ‘reviewing Hotjar Recordings to analyze the behavior of users on your product landing pages who made a purchase in the last 7 days, having arrived from a specific social campaign’ or ‘showing a Hotjar Survey to non-paying customers from the UK’ will now become possible in Hotjar.
The Identify API is disabled by default, making it easy to avoid accidentally capturing personal information until you have handled privacy concerns appropriately. For more details, read our technical documentation.
Protecting end-user privacy with an acceptable use policy and a DPA
We are aware that an API like this one can still be used in unintended ways. And since safeguarding privacy is a moral and ethical priority for our team, and will always remain so, we will limit usage to customers on our business plan who agree to a Data Processing Agreement (DPA) before being allowed to use the Identify API.
We also have clear guidelines in place for our acceptable use policy, which continues to state that all data collected and processed with Hotjar must solely be used by the site or app owner and not shared with third parties, unless explicit consent has been received from all data parties.
Our continued commitment to privacy
As the leading and most popular platform on the market, used on over 500,000 websites in 180+ countries, we believe we don’t just have a responsibility to give our users and customers the tools they need to create better user experiences—we also have the responsibility to offer tools and methods to safeguard data so that trust between website owners, prospects, and customers can be assured and maintained.
After the rollout of our API Identify function, Hotjar will still be committed to maintaining the same level of user anonymization by default, honoring Do Not Track (DNT) headers, and allowing people to opt out of being tracked.
We intend to keep developing Hotjar in line with our commitment to privacy and the needs of our customers. While the changes I outlined above are another step in the right direction, we know there is more that can be done: during 2020, we will be giving updates on progress made as well as announcing the next planned milestones.
Behind the scenes
Building a new brand filled with empathy
Today, we’re launching our new brand. As you’re reading this blog post, we’re guessing you’d have noticed on your own eventually—what with our new shiny logo, a blazing new set of colors, and a playful new typeface—but we wanted to share more about what’s happening and why.
In true Hotjar spirit and in line with one of our values, we’re building trust with transparency.
Behind the scenes
Building in Public 2: Product OKRs that unify, excite, and deliver
Would you believe that we managed to get every discipline equally excited about a single OKR? One that encouraged paying down some expensive tech debt, brought in some much-needed delight to a rather dull area of our product experience, and drove impressive business metrics—all at the same time?
Behind the scenes
Building in Public 3: competency frameworks that help product managers flourish
How do you measure a product manager’s performance? And how do you make sure the criteria you’re using is setting them up for a successful and rewarding career?
At Hotjar, we believe competency frameworks should be empowering. They should help others give feedback, provide transparent guidance about the expectations of a PM's role, and clearly signpost how they can reach the next step in their career.