Your site and visitor data are safe with Hotjar. There are a number of steps we take to ensure you are the only person who can access your site data and that your visitors' privacy is respected.
- Data Storage
- Visitor Privacy
- Data Collection and Transmission
- Data Access and Authorization
- Data Access and Backup
- Compliances, Certificates, and Audits
- Hotjar Architecture & Security
Data storage
All data Hotjar collects is stored electronically in Ireland, Europe on the Amazon Web Services infrastructure, eu-west-1 datacenter. Our application servers and database servers run inside an Amazon VPC, Virtual Private Cloud. The database containing visitor and usage data is only accessible from the application servers and no outside sources are allowed to connect to the database. Our data retention times are no longer than 365 days.
Visitor privacy
- Site visitors are assigned a unique user identifier, UUID, so that Hotjar can keep track of returning visitors without relying on any personal information, such as the IP address.
- IP addresses of visitors are always suppressed before being stored using Hotjar's core featureset. We set the last octet of IPv4 addresses, all connections to Hotjar are made via IPv4, to 0 to ensure the full IP address is never written to disk. For example, if a visitor's IP address is 1.2.3.4, it will be stored as 1.2.3.0. The first three octets of the IP address are only used to determine the geographic location of the visitor.
IP Addresses can optionally be passed to Hotjar as a User Attribute
In the case of IP addresses passed to Hotjar via the Identify API, IP addresses will be stored. They are subject to the same privacy requirements as any other personal information passed to Hotjar. This includes requiring user consent, and for you to have accepted our Data Processing Agreement.
- When collecting data with Recordings, Hotjar automatically suppresses keystroke data on all input fields. In all cases, the data is suppressed client-side, the visitor’s browser, which means it never reaches our servers.
Data collection and transmission
- Firewalls are in place exposing only the necessary ports through the internet and between different servers. Intrusion protection system (IPS) software is in place as a second layer of security, which will block access as soon as any suspicious login activity is detected.
- Hotjar transmits data from the visitor's browser to our system using HTTPS.
- The protocols and ciphers suite used to encrypt data in transit are available at the end of this article.
Data access and authentication
Only Hotjar engineers who require such access to perform their job efficiently are given this type of access. Different engineers are given different access rights on different system components as well depending on what their job requires. Engineers who do have access, have their own credentials and these are only valid when used from specific IPs. SSH Key-Based authentication is used for server access.
Data collected through Hotjar is exclusively reserved for use by our users and customers. Hotjar does not make use of the data collected in any form or way unless consent is officially given by an admin of the Hotjar account, clearly outlining what the data will be used for.
Data access and backup
At Hotjar we use Database replication to keep your data safe in the case of system failure. Full database backups are taken every day, stored on Amazon Cloud Storage (AWS S3), and kept for three days as an electronic copy. In case two or more database nodes would fail concurrently we would have to revert to a backup.
Data back up does not apply to Visitor Recordings
All Recording data is currently not backed up.
Compliances, Certificates, and Audits
Hotjar utilizes Amazon Web Services (AWS) where our client data resides. Certifications and audit reports for AWS are:
- ISO-27001 Certification for AWS: https://aws.amazon.com/compliance/iso-27001-faqs/
- SOC2 third-party audit reports for AWS: https://aws.amazon.com/compliance/soc-faqs/
Hotjar has completed a self-assessment process (SAQ-A) that permits us to accept card-not-present payments by fully outsourcing all cardholder data functions to our PCI-DSS compliant third-party vendor, Braintree, with no electronic storage, processing or transmission of any cardholder data on Hotjars infrastructure.
- PCI Compliant with Braintree's Hosted Fields: https://www.braintreepayments.com/features/hosted-fields.
- Hotjar's SAQ-A
Hotjar Architecture & Security
Data in transit is encrypted using the following protocols and ciphers:
SSL Protocols
TLSv1.2
SSL Ciphers
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
Updating your Privacy Policy for use with Hotjar
As a company based in the European Union, our technology and processes adhere to the strictest legal privacy requirements. In fact, we engaged a specialized law firm to assist us with the process of drafting a policy that is suitable for us, as well as for Hotjar users around the world.
While we always recommend you seek legal advice within your territory, we suggest you review the provisions of our Privacy Policy and ensure your own policy mirrors the same principles we have included at https://www.hotjar.com/legal/policies/privacy.
Need more details or have any questions?
If you are interested in additional details, we can also provide you with a security Q&A document we created ourselves by analyzing over a hundred security questionnaires we were sent to fill-in. The document outlines the most common queries these documents typically contain.
Reach out to our support team if you would like us to send you our in-depth security Q&A document. We can also answer any additional questions.
For a more in-depth understanding of our approach to privacy, check out this blog post written by Hotjar's CEO and Founder: https://www.hotjar.com/blog/hotjar-approach-privacy.