GDPR Compliance Made Easy

Build trust and transparency around your data by using Hotjar in a GDPR-compliant manner.

On May 25, 2018, a data privacy law called the General Data Protection Regulation (GDPR) came into force, impacting how businesses collect and process data from individuals in the EU.

This meant new rules to follow when it comes to collecting, tracking, or handling EU-based prospects’ and customers’ personal data.

If you have or plan to have website/app visitors who are in the EU, or you process any form of EU data, this one’s for you.

Privacy By Design

Hotjar was designed and built with privacy in mind. We created a service to help understand and interpret user behavior anonymously, without personally identifying individual users.


Our ‘privacy by design’ approach keeps end-user privacy at the center of what we do. We believe we have a responsibility to safeguard privacy and support anonymity in user behavior analysis, so that trust between website/app owners, prospects, and customers can be assured and maintained.

We’re excited to welcome the reinforcing elements of the GDPR. Our top priority is ensuring that our users and customers can use Hotjar in a GDPR-compliant manner and the data they collect with Hotjar is processed securely.

Compliance Controls


Right to Access/Erase

Our Visitor Lookup feature lets you quickly lookup what data your site has collected for an individual visitor (the "data subject") through their email address, and allows you to give them access to view and delete all or part of their data.



Automatic suppression* can be set on all numeric-digits and email addresses in Session Recordings, Heatmaps and Incoming Feedback Screenshots, by activating on-page suppression Suppression tags can be used to suppress specific elements including images on pages that contain Personally identifiable information (PII), and all Form fields have automatic suppression setup for you.

*PII data is automatically anonymized on your end-user’s side so that data containing PII never reaches Hotjar’s servers


Data Portability

All of our feedback tools have the ability to export data and download a file in either a csv or xlsx format.


Data Retention

An automatic 365-day data retention period is enforced to ensure all analytics data older than 365 days collected through Hotjar is systematically deleted.


User Consent

Our feedback tools give you the option to clearly ask for consent whenever personally identifiable information is shared through a Poll or Incoming Feedback widget in order to link your feedback responses with their associated session recordings which can also easily be withdrawn through our Visitor Lookup feature. A direct link to you privacy policy can also be added to all consent widgets.


Further Reading

If you want more information, check out the following:

Acceptable Use Policy

Review our dos and don'ts


GDPR Commitment

Take a look at our commitment to GDPR


Legal Overview

Review all our legal docs


Data Processor Agreement

Review and/or sign our DPA

At Hotjar, we are constantly working towards building a service that helps you create better experiences without compromising the privacy of your users.

Sign up or ask a question if you still have concerns. Our team is here to help you.