For answers to frequently answered questions about our compliance commitments, you can take a look at our Compliance FAQ.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union (EU). The regulation became effective and enforceable on the 25th of May 2018. The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on handling data.
You can see more information on our GDPR commitment here.
California Consumer Privacy Act (CCPA)
As a privacy-centric company, Hotjar is excited to see the subject of privacy get more attention. We’ve made a number of enhancements in preparation for the CCPA.
You can see more information on our CCPA commitment here.
EU-US Privacy Shield Framework
The Court of Justice of the European Union (CJEU) has struck down the EU-US Privacy Shield Framework. This means that data controllers in the European Union (EU) can no longer rely on certifications of data recipients in the United States (US) under the Privacy Shield to justify the transfer of personal data from the EU to the US.
You can see more information on our EU-US commitment here.
Payment Card Industry - Data Security Standard
Hotjar has completed a self-assessment process (SAQ-A) that permits us to accept card-not-present payments by fully outsourcing all cardholder data functions to our PCI-DSS compliant third-party vendor, Braintree, with no electronic storage, processing or transmission of any cardholder data on Hotjars infrastructure.
You can find our latest Self-Assessment Certificate (SAQ-A) here.