Privacy by Design

Hotjar is an analytics and feedback service that was designed and built with privacy in mind. We created a service to help understand and interpret user behavior anonymously, without personally identifying individual users.

 

Our ‘privacy by design’ approach keeps end-user privacy at the center of what we do. We believe we have a responsibility to safeguard privacy and support anonymity in user behavior analysis, so that trust between website/app owners, prospects, and customers can be assured and maintained.

Your data, your rules

Data collected using our service belongs to you and only you and is stored electronically in Ireland, Europe on the Amazon Web Services infrastructure, eu-west-1 datacenter. As the data controller, you are the only one with direct access to your data, which can never be used by any third party for any other purpose other than for that which you give direct consent. Our data retention times are no longer than 365 days, ensuring no data is stored unnecessarily. We also have a data processing agreement that can be signed, giving you full transparency over how your data is stored and maintained.

We track behavior, not individuals

To protect and guarantee visitor privacy, Hotjar is built on anonymous insights and not on personal data. Site visitors are assigned a unique user identifier, so that Hotjar can keep track of returning visitors without relying on any personal information. When collecting data with Recordings, Hotjar also has various automated suppression features in place and data is suppressed client-side, in the visitor’s browser, meaning personally identifiable information never reaches our servers keeping their session private.

We respect your privacy

Hotjar honors the Do Not Track (DNT) header, and provides an additional layer of privacy through our opt-out option, which sets a third-party cookie that specifically tells the Hotjar script not to track a visitor once they have opted out. To learn more about viewing the data collected by Hotjar's users, visit our Visitor Lookup article.

GDPR compliance & privacy simplified

Hotjar is fully committed to achieving compliance with the GDPR prior to the regulation’s effective date (May 25th 2018).

We have ensured that the required controls and application features are in place to allow our users to use Hotjar in a GDPR-compliant manner.

Security

Security is key to fulfilling our commitment to our users and protecting their privacy. We have certifications, processes, and audits in place to systematically help ensure the safe and secure use of our service for everyone. Learn more about our security practices here.

At Hotjar, we are constantly working towards building a service that helps you create better experiences without compromising the privacy of your users.

If you think we can do anything to further protect privacy and enhance our service, please get in touch with our team at support@hotjar.com.

Read more about our Commitment to the GDPR,  Data Safety, Privacy & Security, Privacy Policy & Terms of Service.