Hotjar’s security culture reflects our core values. We challenge ourselves to grow, we’re bold in decision making, and we earn the trust of our loyal customers. We adapt and change with an ever-evolving discipline and continue to provide reassurance that we’re protecting the confidentiality, integrity, and availability of your data.
Harnessing the latest technologies, practices and architecture modeling available, we made a security-conscious decision to keep all our tools and services 'under-one-roof’ by utilizing a market-leader in cloud computing.
Amazon Web Services (AWS) lays the strong foundation Hotjar is built on. It provides our Site-Reliability Engineers the flexibility and capacity to rapidly deploy and scale services on-demand while maintaining a shared-responsibility understanding. In short, we look after your data IN the cloud by implementing a number of security controls, while AWS protects your data ON the cloud. They do this through physical security of their nondescript data centers, and environmental considerations such as site surveying, risk management, and continuous monitoring.
Security is at the forefront of Hotjar’s development mindset. We’ve built both internal and external security checkpoints into the Hotjar application’s development pipeline. Our Engineering team embraces the culture of peer-review, ensuring that our coding guidelines are followed and maintained. We validate our deployments with regular ongoing security assessments, conducted with industry-leading external vendors.
We strive to have a long term architectural vision for our application security that is continuously evolving. As we build new features for our product, we identify reasonable opportunities to further this vision in iterations, while maintaining a conscious security mindset.
Hotjar’s Information Security Policy is the overarching collection of policies implemented to ensure the confidentiality, integrity, and availability of the data we store
Our operational policies ensure that we provide all our Hotjar team members with the necessary practices to build upon the strong foundations of their security onboarding. We utilize these policies daily and review them regularly. Our approach to information security centers on identifying opportunities to optimize, gain efficiencies, and remain effective in our business output and operations.