Mouseflow Privacy Program


The Mouseflow platform is 100% compliant with the CCPA The (California Consumer Privacy Act). IP addresses from Californian visitors are automatically anonymized, Mouseflow does not track ISP’s for visitors within California. In addition, Mouseflow also allows disabling the capture/tracking of keystrokes. This is useful if you don’t want to track data entered into input fields on your website.


The Mouseflow platform is 100% compliant with the GDPR (General Data Protection Regulation) as set out by the European Union. We do our best to keep you and your visitors safe by aligning you with the industry's best practices. We anonymize all IP addresses within the EU and do not track any keystrokes across all EU visitors (non-PII fields can be whitelisted). Read more about Mouseflow's compliance with the GDPR here.

Privacy Policy

We handle your and your visitor's information with great care. Our Privacy Policy explains what information will be collected by Mouseflow when you access a website having the Mouseflow Service installed. By default, all collected data is anonymized prior to being sent to our data centers. Furthermore, our customers having Mouseflow installed must comply with all applicable laws including, but not limited to, privacy and data security laws. Mouseflow provides easy-to-use tools that help our customers honor privacy when using our platform. Learn more here.

Privacy Shield

Mouseflow is a Privacy Shield participant. Privacy Shield is designed to protect European, Swiss, and UK customers when transferring data to the United States. However, that being said, all collected data by European customers of Mouseflow is stored and located at data centers within the EU. None of the collected data by our EU customers are transferred outside of the EU.


On July 16th, 2020, the European Court of Justice (CJEU) struck down the Privacy Shield that secured unrestricted EU-US data flow on the grounds that personal data transferred to and stored in the US could not be guaranteed an adequate level of data protection as that under the GDPR. The decision by the CJEU to rule the Privacy Shield invalid renders the US a non-adequate country without any special access to Europe’s personal data streams. The CJEU however, validated the Standard Contractual Clauses (SCCs), another commonly used mechanism for transatlantic data transfers, saying that this mechanism does make it possible in practice to ensure compliance with the level of protection required by EU law. Mouseflow has Standard Contractual Clauses (SCCs) in place with all subcontractors within the United States.

Cookie Policy

Mouseflow does not use cookies in any way that allows the identification of specific visitors. Cookies used by the Mouseflow platform are purely functional and are documented here. We do recommend that website visitors are informed about Mouseflow under the privacy policy (or equivalent). We have prepared an example statement you can use to include in your Privacy Policy.

Request our Security Kit

We'll include copies of audits, certificates, policies and more.