Great! You are here to optimize your Hotjar settings in order to make Hotjar GDPR compliant.

Hotjar and GDPR privacy law?

By default, Hotjar is not properly set up to protect the privacy of your visitors. Therefore, before you start using Hotjar, you should configure it properly. After all, you do not want to break the law. If you do not want to change these settings, you must place a cookie notification on your website. When the cookie notification is accepted, you can use Hotjar for those specific visitors. With the following settings, you do not have to use a cookie notification.

Make Hotjar GDPR compliant

For heatmaps and recordings, you should suppress text and images if they contain, or potentially contain, personal data. In the latter case, think of capturing the email address of users when filling out a form or a heatmap with the details of your visitors.

Step 1: Hotjar login

Login via https://insights.hotjar.com/login

Hotjar login

Step 2: Hotjar settings

Click on Settings > Sites & Organizations in the top right-hand corner.

Hotjar Sites & organizations

Step 3: Settings domain

Go to the domain you wish to adjust and click on the small cogwheel.

Hotjar Domain Settings

Step 4: Data suppression

Choose Data suppression and select the following checkboxes:

  1. Suppress location information
  2. Suppress all on-page text
  3. Suppress all on-page numeric text
  4. Suppress all on-page email addresses
  5. Suppress keystroke data on allowed input fields

The only one you do not need to select is to Suppress all on-page content. Then click on Save Changes and make your Hotjar GDPR compliant.

Hotjar GDPR Compliant Settings

Now you are not collecting any personal information. Thus, according to the GDPR law, it is permitted to collect data without consent. I would like to mention that hiding this content also means you have fewer data available from the recordings, heatmaps etc. This makes it harder to make data-driven decisions. This is a short term fix to quickly analyse some data, but you would rather like to have all the data so I highly recommend using two Hotjar versions. One version behind the cookie that will gather more data if visitors accept it and the second version collects general data in case there isn’t enough collected by the Hotjar version with the cookie in front of it.

If you’re using Google Tag Manager it’s easy to set up multiple Hotjar tags in combination with a cookie message that works via Google Tag Manager. Another quick side note, don’t forget to filter your own IP! Otherwise, your data is not reliable, I mean … why should you analyse your own recordings right?

IP filtering in Hotjar

When you filter an IP, Hotjar makes sure that, for example, no screenshots are taken when you or someone on the same IP address visits the website. This makes your data purer, as it is called. As an owner or employee, you use the website differently than the average user. By filtering in this way, the data will reflect reality as closely as possible.

Repeat the first 3 steps above and then go to IP Blocking instead of Data suppression. Click the button Block A New IP and then add your IP. Add both IPv4 and IPv6.

 

Hotjar IP Blocking

If you do not know the difference between IPv4 and IPv6 I highly recommend reading this Google Analytics article which includes IP filtering in the new Google Analytics version (GA4).

Summary of Hotjar GDPR Compliant

Make sure to make your Hotjar GDPR Compliant! But do not forget about the downsides and try to figure out a way to collect as much data as possible, try the way with the double-tracking code like I mentioned using Google Tag Manager or so. If you have any questions related to this article, do not hesitate to get in touch.