The Mouseflow platform is 100% compliant with the CCPA The (California Consumer Privacy Act). IP addresses from Californian visitors are automatically anonymized, Mouseflow does not track ISP’s for visitors within California. In addition, Mouseflow also allows disabling the capture/tracking of keystrokes. This is useful if you don’t want to track data entered into input fields on your website.
The Mouseflow platform is 100% compliant with the GDPR (General Data Protection Regulation) as set out by the European Union. We do our best to keep you and your visitors safe by aligning you with the industry's best practices. We anonymize all IP addresses within the EU and do not track any keystrokes across all EU visitors (non-PII fields can be whitelisted). Read more about Mouseflow's compliance with the GDPR here.
Mouseflow is a Privacy Shield participant. Privacy Shield is designed to protect European, Swiss, and UK customers when transferring data to the United States. However, that being said, all collected data by European customers of Mouseflow is stored and located at data centers within the EU. None of the collected data by our EU customers are transferred outside of the EU.
On July 16th, 2020, the European Court of Justice (CJEU) struck down the Privacy Shield that secured unrestricted EU-US data flow on the grounds that personal data transferred to and stored in the US could not be guaranteed an adequate level of data protection as that under the GDPR. The decision by the CJEU to rule the Privacy Shield invalid renders the US a non-adequate country without any special access to Europe’s personal data streams. The CJEU however, validated the Standard Contractual Clauses (SCCs), another commonly used mechanism for transatlantic data transfers, saying that this mechanism does make it possible in practice to ensure compliance with the level of protection required by EU law. Mouseflow has Standard Contractual Clauses (SCCs) in place with all subcontractors within the United States.