Last updated Jun 01 2021

Privacy-first website tracking

Website tracking and data collection will help you optimize your website and products—but how do you do it ethically, and with your users’ privacy in mind?

In this guide, we explain why you should care about user privacy and review the features and settings you need to look for when choosing a website tracking tool. We’ll use our own tool, Hotjar, as an example throughout so you can see what privacy-first tracking can look like.

Hotjar’s approach to privacy

GDPR header

We like to lead by example: since Hotjar launched in 2014, we've been designing our tools with privacy in mind. That’s why we:

  • Use first-party cookies that only collect data on a customer’s website
  • Follow the ‘Do Not Track’ flag on browsers
  • Don’t collect users' IP addresses
  • Allow users to view and delete their data on request
  • Never sell data to third parties

If you want to learn more, here’s our privacy overview and full Privacy Policy.

Why you should care about user privacy

Privacy matters to your users and customers, so it ultimately matters to you and your business.

Privacy-focused and transparent data collection helps you:

  • Build and maintain trust with your audience
  • Meet growing online privacy expectations
  • Comply with global web tracking regulations (e.g. the GDPR and CCPA)

7 ways to protect users' privacy while tracking website metrics

Rather than just being reactive to privacy legislation, we think it’s best to take a privacy-first approach.

Here are some pointers to help you find the right balance between tracking business-critical data and protecting your users’ privacy.

1. Only track and collect the data you need

hotjar-survey-results-anonymous-users
Anonymous Hotjar Survey responses tagged with each user’s country

As a general rule, ask yourself if you really need to track something, particularly when it could be considered Personally Identifiable Information (PII). For example, do you really need to store user IP addresses, or is it sufficient to know which country users are browsing from?

For example, Google Analytics has an opt-in IP anonymization feature for Universal Analytics enabled by default in the new version, GA4. Likewise, Hotjar suppresses user IP addresses as standard and automatically suppresses user input data from Recordings, Heatmaps, and Incoming Feedback to ensure our tracking is used to optimize the user experience, not just to see what users are typing.

keystroke-data-masking-hotjar
A screenshot of a Hotjar Recording with keystroke data masked

2. Use tools that allow you to comply with privacy regulations

hotjar-homepage-gdpr
GDPR and CCPA logos on the Hotjar homepage, with links for more compliance details

Tools with privacy compliance features give users and customers peace of mind that their data will be used ethically—plus, your legal team might require that tools include compliance features before you can use them.

To find out if a tool allows compliance with privacy regulations, search for the terms “GDPR”, “CCPA”, or “LGPD” on the homepage or privacy policy. And if you want to know what these acronyms stand for, there’s a short summary below.

A quick look at website tracking regulations

1. GDPR

brand gpdr stars

What is it? The General Data Protection Regulation (GDPR) regulates how companies manage personal data from all EU (European Union) users, regardless of where a company is based. “Personal data” means any information related to an identifiable person, including name, email, and IP address. The UK GDPR (also known as The Data Protection, Privacy and Electronic Communications Regulations 2019) applies to users in the United Kingdom.

How does it apply to you? GDPR applies if you collect any personal data from website visitors or product users from an EU country or the UK, either directly or via a website tracking tool.

See an example: we can't give you legal advice, but if you’re interested you can read the steps Hotjar took to comply with the GPPR.

2. CCPA

brand ccpa

What is it? The California Consumer Privacy Act (CCPA) regulates how the personal information of residents of California, USA is collected, stored, and used. “Personal information” refers to any data that can be linked to a person, and can include IP addresses if they can be used to identify a household.

How does it apply to you? CCPA applies if you collect any personal data from website visitors or product users from California.

See an example: these are the steps Hotjar took to comply with the CCPA.

3. LGPD

What is it? The Lei Geral de Proteção de Dados (LGPD) regulates how companies process the personal data of residents of Brazil, regardless of where the company is based. “Personal data” refers to any data collected from an individual, even if it cannot be used to directly identify them.

How does it apply to you? LGPD applies if you collect any personal information from website visitors or product users from Brazil.

See an example: these are the steps Hotajr took to comply with the LGPD.

3. Turn on optional privacy features

survey_onsite_questions_consent_options
Option to ask respondents to consent to connect feedback with session recordings in Hotjar

Some tracking tools have optional privacy features and settings that allow you to both comply with privacy laws and give users the autonomy to opt out of additional tracking.

hotjar-feedback-opt-in-consent-notice
User consent opt-in to connect feedback with session recordings

For example, we allow Hotjar account owners to turn on an additional privacy feature and require explicit consent from Incoming Feedback or On-site Survey respondents before their comments are connected with any other data Hotjar stores (like Session Recordings of their browsing activity).

4. Choose tools that follow DNT (Do Not Track) browser requests

do-not-track-setting-google-chrome

Do Not Track (DNT) is a browser setting that acts as a universal tracking opt-out notice. Aside from it being a legal requirement under the CCPA, abiding by DNT requests helps you respect your users’ preference for not being tracked online. Not all tracking tools follow DNT requests, but Hotjar honors DNT and will not track users with this setting activated on any browser.

5. Give users the right to view and delete their data

user_lookup_org_selection
Hotjar’s User Lookup feature

The GDPR, CCPA, and LGPD require you to give users the right to view and delete all personal data you have stored about them.

To make this simple, Hotjar has a User Lookup feature that allows any Hotjar account owner to find and delete individual session recordings or survey responses in just a couple of clicks if a visitor requests it.

6. Create a clear Privacy Policy for users

hotjar-privacy-page
A section from Hotjar’s privacy page, written in clear, everyday language

Privacy policies can be hard to read if they’re long (the average takes just under 18 minutes to finish) or packed with confusing legalese like “forthwith” and “hereunto”.

Using plain language in privacy documents is a requirement of GDPR—and is just plain kind to your users. In addition to our legal privacy policy, we created a simple privacy page and a Privacy FAQs page that explain Hotjar’s privacy features to anyone looking for more information.

7. Avoid invasive tracking technologies

hotjar-cookie-list
Some of the cookies installed by Hotjar and what they’re for

Not all tracking technologies are equally transparent. For example, fingerprinting identifies users by their unique computer settings (e.g. operating system, browser version, and add-ons) and tracks them across multiple websites, making it difficult or impossible for people to opt out. Third-party cookies can also be used to track users across many sites (known as cross-site tracking).

First-party and session cookies, however, are only active on the website they’re installed by, making them much better for user privacy. A reputable tracking tool will provide you with a list of the cookies they install and what their purpose is, so you can communicate this information to your own users. Here’s the full list of all cookies used by Hotjar’s tracking script and why they’re needed.

💭 Understand your users with Hotjar

Use Hotjar to safely track user behavior and understand how people experience and interact with your website or app.

Sign up now. It's free!

FAQs

Website owners can track the behavior and attributes of visitors, and:

  • See where visitors click, tap, and scroll on a page
  • Know if users are browsing on desktop or mobile
  • Find the best- and worst-performing pages
  • Compare how website traffic from different sources converts
  • Remarket an advertisement to previous website visitors

Website tracking is legal, providing you comply with all applicable regulations and laws covering both the region where you operate and where users are resident. This includes the GDPR (General Data Protection Regulation) in the EU and UK, CCPA (California Consumer Privacy Act) in California, and LGPD (Lei Geral de Proteção de Dados) in Brazil.

Tracking users online could be considered a violation of privacy if you do not disclose what you’re tracking, how you’ll store and use the data, and provide users with a way of opting out. The easiest way to track users online while respecting their privacy is to use a tracking tool with privacy features, like Hotjar.