The Mouseflow platform is 100% compliant with the GDPR (General Data Protection Regulation) as set out by the European Union. We do our best to keep you and your visitors safe by aligning you with the industry’s best practices. We anonymize all IP addresses within the EU and do not track any keystrokes across all EU visitors (non-PII fields can be whitelisted). Read more about Mouseflow’s compliance with the GDPR below.
What is Mouseflow?
Mouseflow is a tool used by 190,000+ clients to analyze, understand, and improve user experience on websites.
We offer session replay/recordings, heatmaps, funnels, forms, and feedback campaigns.
To learn more about these features, visit our Tour page.
What information is collected?
When you visit a webpage that has Mouseflow, the following information may be collected:
- Clicks, Mouse Movements/Hovers, Scrolling
- Browser
- Device (Desktop/Tablet/Phone)
- Language
- Operating System
- Screen Resolution
- Duration (Time on Site)
- Navigation (URLs)
- Page Content (HTML)
- ISP (Not for EU and California, USA visitors)
- Approx. ISP Location (City, State/Region, Country)
- Keystrokes (only for non-EU/EEA Data Subjects in non-EU/EEA accounts and never for any password, digit, or excluded fields)
- Referrer URL
- Visitor Type (First Time/Returning)
- Custom Tags or Variables
- Replies in Feedback Tool
The data is stored from 1-12 months, depending on the specific plan associated with a client account.
What Can I Do?
Data Access
If you wish to obtain a copy of your data*, please contact the website owner where the data was collected/obtained (the Data Controller). If they are unable to process your request or do not respond in a timely manner, please contact us at privacy@mouseflow.com.
Data Correction
If you wish to correct your data*, please contact the website owner where the data was collected/obtained (the Data Controller). If they are unable to process your request or do not respond in a timely manner, please contact us at privacy@mouseflow.com.
Data Erasure
If you wish to erase your data*, please contact the website owner where the data was collected/obtained (the Data Controller). If they are unable to process your request or do not respond in a timely manner, please contact us at privacy@mouseflow.com.
Revoking Consent
If you gave your consent to have information processed by Mouseflow (in our feedback widget) and wish to revoke it, please both contact the website owner where the data was collected/obtained (the Data Controller) and us at privacy@mouseflow.com.
Opt Out
If you do not wish to be tracked, you can opt-out at:
This places a cookie on your computer which will prevent any further tracking (unless deleted).
* We require clients to exclude Personal Data from being captured. As such, the data stored by Mouseflow is expected to be anonymous in nature. This may alter your rights above or our ability to obtain a copy, correct, or erase your data as there is no way to trace it to you.
What You Need to Do
First, we ask you to review the GDPR Legislation and the definition of Personal Data.
Next, please view the appropriate column in the table below based on where your account was created.
| Eu/EEA Accounts | Rest-of-the-world accounts | |
|---|---|---|
| Website Audit | You need to audit your website(s) to ensure Personal Data is excluded from tracking — across all page content and form fields (which should be blocked automatically). | You need to audit your website(s) to ensure Personal Data is excluded from tracking — across all page content and form fields. |
| IP Addresses | No action is required. We anonymize or exclude IP addresses automatically, according to local law. You can contact us to have IP exclusion enabled (stricter) if your country only requires anonymization. | You may wish to anonymize IP addresses (just click Settings > Anonymize IPs). This removes the last tuple of IP address data. You can contact us to have IP exclusion enabled (stricter) for added protection. |
| Test Recording | You should make a test recording in our platform to ensure all exclusions of Personal Data are functioning correctly. | You should make a test recording in our platform to ensure all exclusions of Personal Data are functioning correctly. |
| Explicit Consent | You may need to obtain active and explicit consent to track users on your site. We recommend checking the laws and regulations that apply to your website(s) and obtaining legal advice. | You may need to obtain active and explicit consent to track users on your site. We recommend checking the laws and regulations that apply to your website(s) and obtaining legal advice. |
| Opt-Out | You may be required to offer an opt-out for tracking on your website, depending on local laws/regulations. We recommend describing that you use Mouseflow, what it’s for, and providing a link to our opt-out page. | You may be required to offer an opt-out for tracking on your website, depending on local laws/regulations. We recommend describing that you use Mouseflow, what it’s for, and providing a link to our opt-out page.. |
What we do
| Eu/EEA Accounts | Rest-of-the-world accounts | |
|---|---|---|
| Data Protection Officer | ||
| Privacy Shield |  | |
| Dispute Resolution | | |
| Data Processing Agreement | | |
| Encryption in Transit | All Data | All Data |
| Encryption at Rest | HTML Data Only | HTML Data Only |
| Data Separation | We never send data outside the region in which it is originally stored (Europe/EEA). | We never send data outside the region in which it is originally stored (United States). |
| Opt-Out | | |
| No Keystrokes | All Visitors | EU/EEA Visitors |
| Playback Masking | | |
| IP Addresses | Automatically Anonymized (EU/EEA) or Excluded (Germany) | Optional |
| Support for Do Not Track | Automatic | Optional |
| Vulnerability Scans | | |
| Penetration Testing | | |
| Security Policies & Training | | |
Questions?
If you have any questions, please email privacy@mouseflow.com and we’re happy to assist.