URL AnalyzerSoonAll Tools

Hotjar privacy review | PrivacyDrift

Hotjar

Analytics & TrackingLast updated: 2026-05-18

Hotjar is a behavior analytics platform, reviewed for privacy features, suppression, tracking, retention, sharing, and user lookup controls.

Score Latest Finding Score Breakdown Source & Evidence Company Alternatives

Good

Mixed

Good

Overall Score

Good

AI Training:80

Good

Data Sharing:85

Good

Ads & Tracking:70

Mixed

Data Retention:80

Good

User Control:85

Good

Overall Score

Good

AI Training:80

Good

Data Sharing:85

Good

Ads & Tracking:70

Mixed

Data Retention:80

Good

User Control:85

Good

Latest Policy Findings: 2026-05-18

Hotjar is careful on sharing, but the product still exists to watch behavior, so consent and scope matter more than anything else.

Strongest: Data Sharing

85/100

Hotjar is strongest where it frames sharing around service delivery and gives teams suppression, deletion, and consent-aware setup options.

Weakest: Ads & Tracking

70/100

The weakest area is still tracking by design: recordings, heatmaps, and surveys can capture more user behavior than many visitors expect.

Recommended Action:

Honor consent before enabling recordings or heatmaps on live pages.
Turn on suppression and avoid collecting personal data through surveys or forms.
Set deletion and retention rules so recordings do not stay around longer than needed.

Score Breakdown:

AI Training

Good

Hotjar describes itself as behavior analytics software rather than a service built around model training on customer content.

+30Source [1]

Sensitive fields are blocked by default and data is framed as being used to understand website behavior.

+25Source [2]

Hotjar positions privacy-by-design and compliance controls as part of its product model.

Data Sharing

Good

Ads & Tracking

Mixed

Data Retention

Good

User Control

Good

Source & Evidence Links:

Sources:

Hotjar Privacy Page

Open: hotjar.com

Latest Finding

Open: help.hotjar.com

Evidence:

1. Tracking

Hotjar describes itself as behavior analytics software rather than a service built around model training on customer content.

Open: help.hotjar.com

2. Sensitive Fields

Sensitive fields are blocked by default and data is framed as being used to understand website behavior.

Open: hotjar.com

3. AI Use

Hotjar positions privacy-by-design and compliance controls as part of its product model.

Open: hotjar.com

4. Session Recordings

Session recordings, surveys, and identify features can still capture sensitive business or user context if customers configure collection poorly.

Open: help.hotjar.com

5. Tracking

Behavioral analytics still means individual interactions can be reconstructed in some workflows.

Open: hotjar.com

Company Details:

Founded

Unknown

Founder

Unknown

Parent Company

Hotjar

Lifecycle

Active

Alternatives:

Once you delete a chat, you cannot recover it. Deleting a chat removes it both from your visible chat history and the system after the retention window.

Plausible

Analytics

Excellent

Matomo

Analytics

Excellent

PostHog

Analytics

Good

Power BI

Analytics

Mixed

+25Source [3]

Session recordings, surveys, and identify features can still capture sensitive business or user context if customers configure collection poorly.

-10Source [4]

Behavioral analytics still means individual interactions can be reconstructed in some workflows.

-10Source [5]

Good

Hotjar says collected data must be used solely by the site or app owner unless explicit consent has been received for sharing.

+30Source [6]

The company says it never sells personal data.

+25Source [7]

Hotjar explicitly frames itself as the processor while the website owner remains the controller.

+20Source [8]

The product stores collected data so the website owner can access it through Hotjar.

+10Source [9]

Identify API fields, surveys, and customer setup can still expose more personal data than a site owner intends.

-10Source [10]

Third-party infrastructure and the controller's own implementation choices still affect who may ultimately access the captured data.

-5Source [11]

Mixed

Hotjar still stores first-party cookies and collects behavior analytics about visits, clicks, and recordings.

-15Source [12]

Broad implementation of recordings or heatmaps can create a more intrusive visit profile than users expect.

-15Source [13]

Hotjar respects Do Not Track browser headers and provides visitor suppression features.

+25Source [14]

Users who disable cookies will not be tracked by sites using Hotjar.

+20Source [15]

The product is framed around first-party behavior analytics rather than cross-site ad-targeting.

+25Source [16]

Good

Recordings and heatmaps are retained for 365 days.

+25Source [17]

User Lookup can be used to find and delete data collected about a visitor.

+25Source [18]

Visitors can request access to or deletion of data through the website owner.

+15Source [19]

Suppression and consent controls can reduce what gets retained in the first place.

+15Source [20]

Survey responses can persist longer depending on customer use and manual deletion.

-10Source [21]

Retention and deletion still depend on whether the site owner actually uses the provided privacy features correctly.

-10Source [22]

Good

User Lookup gives controllers a direct way to find and delete a visitor's collected data.

+30Source [23]

Do Not Track, cookie disabling, and suppression features give visitors real ways to reduce collection.

+25Source [24]

Site owners can configure masking, suppression, consent handling, and identify settings.

+15Source [25]

Hotjar documents access and deletion rights clearly for website visitors.

+15Source [26]

Privacy still depends heavily on the website owner enabling suppression and consent correctly.

-10Source [27]

Features like recordings, surveys, and identify fields can override a privacy-friendly outcome if used aggressively.

-5Source [28]