For answers to frequently answered questions about our compliance commitments, you can take a look at our Compliance FAQ.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union (EU). The regulation became effective and enforceable on the 25th of May 2018. The GDPR enhances EU individuals’ privacy rights and places significantly enhanced obligations on handling data.
You can see more information on our GDPR commitment here.
California Consumer Privacy Act (CCPA)
As a privacy-centric company, Hotjar is excited to see the subject of privacy get more attention. We’ve made a number of enhancements in preparation for the CCPA.
You can see more information on our CCPA commitment here.
EU-US Privacy Shield Framework
You can see more information on our EU-US commitment here.
Payment Card Industry - Data Security Standard
Hotjar has completed a self-assessment process (SAQ-A) that permits us to accept card-not-present payments by fully outsourcing all cardholder data functions to our PCI-DSS compliant third-party vendor, Braintree, with no electronic storage, processing or transmission of any cardholder data on Hotjars infrastructure.
You can find our latest Self-Assessment Certificate (SAQ-A) here.