When you use Hotjar to record and collect data from your site, Hotjar takes on the role of the Data Processor. This means Hotjar is processing data on your behalf whereas your are the owner and Controller of the data.
As the Data Controller you are principally responsible for (among other things) collecting consent, managing consent-revoking and enabling right to access. Hotjar's Data Processing Agreement specifies the obligations of both parties (your the Controller and Hotjar the Processor).
What counts as "personal data"?
According to the GDPR, personal data is any information relating to an identified or identifiable individual, which could mean any information that could be used either on its own or in conjunction with other data, to identify an individual.
Unless clear and advance consent has been given by the individual or end-user, Hotjar’s behavior tools should not be used to monitor personally identifiable information that would allow you to gain insight into individual visitor behavior. For more information about this please read Hotjar’s Acceptable Use Policy.
How might I be capturing personal data with Hotjar?
There are two types of personal data you can send to Hotjar.
1) You can passively send personal data to Hotjar if personal data is embedded in the page content of your website when using Recordings, or in Heatmap screenshots. For example, you may have a profile page for your site containing a user’s personal information. This content will appear in your site content unless you take steps to suppress it. There are two approaches you can use here:
User keyboard input (e.g. form inputs) is suppressed by default, and will only appear in Recordings if whitelisted.
2) You can actively send personal data (e.g. email address, user ID, purchase data etc.) to Hotjar using Hotjar’s Identify API. This feature is optional and requires you to sign a Data Processing Agreement with Hotjar before using it.
How can I know what data I have on any specific user?
In the event you've gathered consent to associate data about a user using a feedback widget, or over the Identify API, you can use Hotjar's Visitor Lookup features to find (and delete) personal data about your user that Hotjar may have processed.
Visitor Lookup does not inspect HTML content within Recordings or Heatmaps
Session Recordings associated with user records via email addresses or User IDs will be found. Unassociated Recordings that contain personal information in HTML must be found and deleted manually. It’s easiest to use content suppression to prevent this.
Heatmaps that include personal data will never be included in Visitor Lookup results. Heatmaps containing personal data can be deleted manually. Like with Session Recordings, it’s easiest to prevent this through content suppression.