The Mouseflow platform is 100% compliant with the CCPA The (California Consumer Privacy Act). IP addresses from Californian visitors are automatically anonymized, Mouseflow does not track ISP’s for visitors within California. In addition, Mouseflow also allows disabling the capture/tracking of keystrokes. This is useful if you don’t want to track data entered into input fields on your website.
What is Mouseflow?
Mouseflow is a tool used by 190,000+ clients to analyze, understand, and improve user experience on websites.
We offer session replay/recordings, heatmaps, funnels, forms, and feedback campaigns.
To learn more about these features, visit our Tour page.
What information is collected?
When you visit a webpage that has Mouseflow, the following information may be collected:
- Clicks, Mouse Movements/Hovers, Scrolling
- Browser
- Device (Desktop/Tablet/Phone)
- Language
- Operating System
- Screen Resolution
- Duration (Time on Site)
- Navigation (URLs)
- Page Content (HTML)
- ISP (Not for EU and California, USA visitors)
- Approx. ISP Location (City, State/Region, Country)
- Keystrokes (only for non-EU/EEA Data Subjects in non-EU/EEA accounts and never for any password, digit, or excluded fields)
- Referrer URL
- Visitor Type (First Time/Returning)
- Custom Tags or Variables
- Replies in Feedback Tool
The data is stored from 1-12 months, depending on the specific plan associated with a client account.
What can I do?
Data Access
If you wish to obtain a copy of your data*, please contact the website owner where the data was collected/obtained (the Data Controller). If they are unable to process your request or do not respond in a timely manner, please contact us at privacy@mouseflow.com.
Data Correction
If you wish to correct your data*, please contact the website owner where the data was collected/obtained (the Data Controller). If they are unable to process your request or do not respond in a timely manner, please contact us at privacy@mouseflow.com.
Data Erasure
If you wish to erase your data*, please contact the website owner where the data was collected/obtained (the Data Controller). If they are unable to process your request or do not respond in a timely manner, please contact us at privacy@mouseflow.com.
Revoking Consent
If you gave your consent to have information processed by Mouseflow (in our feedback widget) and wish to revoke it, please both contact the website owner where the data was collected/obtained (the Data Controller) and us at privacy@mouseflow.com.
Opt out
If you do not wish to be tracked, you can opt out at:
This places a cookie on your computer which will prevent any further tracking (unless deleted).
* We require clients to exclude Personal Data from being captured. As such, the data stored by Mouseflow is expected to be anonymous in nature. This may alter your rights above or our ability to obtain a copy, correct, or erase your data as there is no way to trace it to you.
What You Need to Do
First, we ask you to review the CCPA Legislation and the definition of Personal Data.
Next, please view the appropriate column in the table below based on where your account was created.
| California | Rest-of-the-world accounts | |
| Website Audit | You need to audit your website(s) to ensure Personal Data is excluded from tracking — across all page content and form fields (which should be blocked automatically). | You need to audit your website(s) to ensure Personal Data is excluded from tracking — across all page content and form fields. |
| IP Addresses | No action is required. We anonymize or exclude IP addresses automatically from visitors from California, USA. You can contact us to have IP exclusion enabled (stricter) for added protection. | You may wish to anonymize IP addresses (just click Settings > Anonymize IPs). This removes the last tuple of IP address data. You can contact us to have IP exclusion enabled (stricter) for added protection. |
| Test Recording | You should make a test recording in our platform to ensure all exclusions of Personal Data are functioning correctly. | You should make a test recording in our platform to ensure all exclusions of Personal Data are functioning correctly. |
| Explicit Consent | You may need to obtain active and explicit consent to track users on your site. We recommend checking the laws and regulations that apply to your website(s) and obtaining legal advice. | You may need to obtain active and explicit consent to track users on your site. We recommend checking the laws and regulations that apply to your website(s) and obtaining legal advice. |
| Opt-Out | You may be required to offer an opt-out for tracking on your website, depending on local laws/regulations. We recommend describing that you use Mouseflow, what it’s for, and providing a link to our opt-out page: | You may be required to offer an opt-out for tracking on your website, depending on local laws/regulations. We recommend describing that you use Mouseflow, what it’s for, and providing a link to our opt-out page: |
What we do
| California | Rest-of-the-world accounts | |
| Data Protection Officer | Email: privacy@mouseflow.com | Email: privacy@mouseflow.com |
| [tooltips keyword=»Privacy Shield» content=»This framework from the US Department of Commerce and European Commission/Swiss Administration is a mechanism to comply with data protection requirements when transferring data from the European Union/Switzerland to the United States in support of transatlantic commerce.»] |  |
|
| [tooltips keyword=»Dispute Resolution» content=»We appointed an independent dispute resolution mechanism for unresolved complaints related to privacy. Please contact the BBB at https://bbb.org/EU-privacy-shield/for-eu-consumers/ if you have an unresolved privacy complaint.»] | |
|
| [tooltips keyword=»Data Processing Agreement» content=»We prepared a standard Data Processing Agreement which can be executed at the bottom of this page.»] | |
|
| [tooltips keyword=»Encryption in Transit» content=»This is what data is stored in an encrypted manner when sent or transmitted to/from our platform.»] | All Data | All Data |
| [tooltips keyword=»Encryption at Rest» content=»This is what data is stored in an encrypted manner when sent on our file servers.»] | HTML Data Only | HTML Data Only |
| [tooltips keyword=»Data Separation» content=»This determines in which region the data for your account is stored.»] | We never send recording data outside the region in which it is originally stored (United States). | We never send recording data outside the region in which it is originally stored (Europe/EEA). |
| [tooltips keyword=»Opt-Out» content=»We have a dedicated opt-out page where users can prevent themselves from being tracked»] | We never send recording data outside the region in which it is originally stored (United States). | We never send recording data outside the region in which it is originally stored (Europe/EEA). |
| [tooltips keyword=»No Keystrokes» content=»This is a configuration option which determines whether Mouseflow tracks keystroke data in most form fields (except credit cards, passwords, and. fields with more than three (3) consecutive digits which are always excluded).»] | Optional | Optional |
| [tooltips keyword=»Playback Masking» content=»We enable masking of data entered in form fields from appearing later in playback or heatmaps. This helps with order confirmation pages and prevents user-typed input from appearing later on, if a Data Controller (you) failed to adequately exclude it.»] | |
|
| [tooltips keyword=»IP Addresses» content=»This is a configuration option that determines whether Mouseflow tracks/stores full, partial (anonymized), or no IP address data»] | Automatically Anonymized for visitors from California, USA. | Optional for non EU/EEA accounts. |
| [tooltips keyword=»Support for Do Not Track» content=»This is a configuration option that determines whether Mouseflow handles browser settings.»] | Optional | Optional (Automatic for EU/EEA Mouseflow accounts) |
| [tooltips keyword=»Vulnerability Scans» content=»We conduct external vulnerability scans on all public endpoints across our platform – at least once per quarter.»] | |
|
| [tooltips keyword=»Penetration Testing» content=»We conduct external penetration testing on all public endpoints across our platform and our application itself – at least once per year.»] | |
|
| [tooltips keyword=»Security Policies & Training» content=»We have strict policies/procedures and thoroughly train all staff on security and privacy best practices.»] | |
|
Questions?
If you have any questions, please email privacy@mouseflow.com and we’re happy to assist.