GDPR Compliance and Privacy Standards
Mouseflow is fully compliant with GDPR in both the EEA and the UK, ensuring the highest standards of privacy and security. We implement Technical and Organizational Measures (TOMs) such as end-to-end encryption, IP masking, access controls, and data minimization to protect customer and end-user data. Our Data Processing Agreement (DPA) outlines customer rights, retention policies, and privacy controls to help businesses meet compliance obligations. EU customer data is stored within the EU, reinforcing compliance with GDPR’s data residency requirements. For international data transfers, we rely on Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework (DPF) to ensure lawful and secure data flows. To learn more about our robust security measures, visit our Security Pages.
We take every measure to comply with GDPR and protect visitor privacy to the highest standard, but compliance is a shared responsibility. To ensure your use of Mouseflow aligns with privacy best practices, please review our checklist below and take the necessary steps to safeguard your website visitors’ data.
GDPR compliance checklist
No matter where you are located, GDPR is relevant for you if you handle data coming from EU citizens. While Mouseflow automatically checks off a lot of boxes regarding GDPR, a few actions might be required from you.
What you need to do
First, we ask you to review the EEA GDPR Legislation, the UK GDPR Legislation, and the definition of Personal Data.
You need to audit your website(s) to ensure Personal Data is excluded from tracking — across all page content and form fields.
No action is required. We mask IP addresses automatically. You can contact us to have complete IP exclusion enabled (stricter).
You should make a test recording in our platform to ensure all exclusions of Personal Data are functioning correctly.
You may need to obtain active and explicit consent to track users on your website(s). We recommend checking the laws and regulations that apply to your website(s) and obtaining legal advice.
You may be required to offer an opt-out for tracking on your website, depending on local laws/regulations. We recommend describing that you use Mouseflow, what it’s for, and providing a link to our opt-out page.