Privacy guide

What is Hotjar? The tool that watches how you use a page.

Hotjar explained simply: heatmaps, recordings and surveys on Indian websites, what behaviour it can capture, and the privacy questions to ask.

The simple answer

Hotjar is a behaviour-analytics tool. It can build heatmaps of where people click, record how visitors move through a page, and run on-page surveys. Product teams use it to understand where users get stuck.

For you, this means your scrolling, clicking and sometimes form behaviour can be captured and replayed. Responsible setups mask sensitive fields, but you usually cannot verify that from outside.

What to check

1
Check whether the site discloses session recording.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

2
Be careful typing sensitive details into forms.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

3
Look for Hotjar, Clarity, FullStory or similar replay tools.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

4
Ask whether recordings mask personal fields.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

From our investigation

The page can replay your behaviour.

State of Privacy flags behaviour-replay tools as high-signal because they capture how you act, not just which pages you open. Companies should be able to explain when replay runs and how fields are masked.

What to do next

1
Avoid entering sensitive data on pages that feel unnecessary.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

2
Use a tracker blocker if you want less behavioural capture.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

3
Ask companies why session recording is needed.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

People also ask

Does Hotjar record everything I type?

It can capture behaviour, but responsible setups mask sensitive inputs. Users usually cannot confirm masking from outside.

Why do websites use Hotjar?

To see where users struggle, improve pages and increase conversions.

Should websites tell me about Hotjar?

Yes. Behaviour recording should be disclosed clearly in the privacy policy or a notice.

If you are a company
Check your own website.

How many trackers run on your pages? Does your privacy policy name them? Can you answer a data-rights email? If you don't know, we can help you find out.

Talk to Meridian Bridge Strategy →
Your right under Indian law
Mera data mera hai.

Your personal data belongs to you. Under DPDP, every company must tell you what they have and delete it if you ask. One email is all it takes.

Get the template email →
Read the full investigation.

We investigated 107 Indian company websites. The public report shows what we found.

Read the reportTry the experience