Your site and user data are safe with Hotjar. There are a number of steps we take to ensure you are the only person who can access your site data and that your users' privacy is respected.
- Data Storage
- User Privacy
- Data Collection and Transmission
- Data Access and Authorization
- Data Access and Backup
- Compliances, Certificates, and Audits
- Hotjar Architecture & Security
User and usage data that Hotjar collects through its software is stored in Ireland, European Union (EU) on the Amazon Web Services infrastructure, eu-west-1 data centers. Our application and database servers run inside an Amazon Virtual Private Cloud (VPC). Access to the VPC is limited to Hotjar team members on a need-to-know basis. Data stores within the VPC are not directly exposed to the internet. Only systems with a direct technical need are exposed (e.g. frontend web servers, load balancers, and other systems, which directly serve customer traffic).
For exception-based logging, Hotjar has designated sub-processors which are based outside of the EU. Hotjar uses these designated sub-processors to provide reliable service to its users for infrastructure and application monitoring. The data they process is used solely by Hotjar's engineering team to operate and improve the software's reliability. It is not queried or used for any other purposes.
- Site users are assigned a unique user identifier, UUID, so that Hotjar can keep track of returning users without relying on any personal information, such as the IP address.
- No end-user IP addresses are stored at rest.
IP Addresses can optionally be passed to Hotjar as a User Attribute
In the case of IP addresses passed to Hotjar via the Identify API, IP addresses will be stored. They are subject to the same privacy requirements as any other personal information passed to Hotjar. This includes requiring user consent, and for you to have accepted our Data Processing Agreement.
- When collecting data with Recordings, Hotjar automatically suppresses keystroke data on all input fields. In all cases, the data is suppressed client-side, the user's browser, which means it never reaches our servers.
Data collection and transmission
- Firewalls are in place exposing only the necessary ports through the internet and between different servers. Intrusion protection system (IPS) software is in place as a second layer of security, which will block access as soon as any suspicious login activity is detected.
- Hotjar transmits data from the user's browser to our system using HTTPS.
- The protocols and ciphers suite used to encrypt data in transit are available at the end of this article.
Data access and authentication
Only Hotjar engineers who require such access to perform their job efficiently are given this type of access. Different engineers are given different access rights on different system components as well depending on what their job requires. Engineers who do have access, have their own credentials and these are only valid when used from specific IPs. SSH Key-Based authentication is used for server access.
Data collected through Hotjar is exclusively reserved for use by our users and customers. Hotjar does not make use of the data collected in any form or way unless consent is officially given by an admin of the Hotjar account, clearly outlining what the data will be used for.
Data access and backup
At Hotjar we use Database replication to keep your data safe in the case of system failure. Full database backups are taken every day, stored on Amazon Cloud Storage (AWS S3), and kept for three days as an electronic copy. In case two or more database nodes would fail concurrently we would have to revert to a backup.
Data back up does not apply to User Recordings
All Recording data is currently not backed up.
Compliances, Certificates, and Audits
Hotjar utilizes Amazon Web Services (AWS) where our client data resides. Certifications and audit reports for AWS are:
- ISO-27001 Certification for AWS: https://aws.amazon.com/compliance/iso-27001-faqs/
- SOC2 third-party audit reports for AWS: https://aws.amazon.com/compliance/soc-faqs/
Hotjar has completed a self-assessment process (SAQ-A) that permits us to accept card-not-present payments by fully outsourcing all cardholder data functions to our PCI-DSS compliant third-party vendor, Braintree, with no electronic storage, processing or transmission of any cardholder data on Hotjars infrastructure.
- PCI Compliant with Braintree's Hosted Fields: https://www.braintreepayments.com/features/hosted-fields.
- Hotjar's SAQ-A
Hotjar Architecture & Security
Data in transit is encrypted using the following protocols and ciphers:
As a company based in the European Union, our technology and processes adhere to the strictest legal privacy requirements. In fact, we engaged a specialized law firm to assist us with the process of drafting a policy that is suitable for us, as well as for Hotjar users around the world.