Legal / Compliance

Back to legal overview

PCI compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry-mandated requirements for any business that handles, processes, or stores credit cards – regardless of the business's size or location. The PCI Security Standards Council was founded by 5 of the major card brands, and they each share equal responsibilities in the council's work.

Hotjar is PCI DSS compliant which means that our security policies, and procedures meet the requisite standard.

Hotjar does not store any credit card information but uses Braintree as our payment data processors. Braintree is a validated Level 1 PCI DSS compliant service provider. For more details, please head to Braintree’s page about this.

We also perform an annual PCI DSS assessment. Here is our most recent certificate.