Notice of Terms of Service, Policy Change
We have made changes to our Terms of Service, Privacy Policy, and Data Privacy effective March 2, 2018 effective May 25, 2018. Please read and review the updated terms and privacy policies. A few sections are added or updated, including but not limited to:
- Collected Information: We have provided more information about the data being collected, and the reason for them. We have also updated the data privacy to reflect our recent changes made to the product to limit the collected data.
- GDPR: While our previous terms of service were still supporting the GDPR changes, we made some changes to make it more clear and direct, including your responsibilities for being in compliance with GDPR by asking for user consent.
GDPR
We have made some changes to our product related to privacy aspects:
- Text Fields: Previously for Analytics services, you had to mark fields as sensitive if it was any PII in them. Now, all fields are considered as sensitive. All entered texts in website text fields will be obfuscated before transmitting to our servers. For example, if a user enters "hello world" in a field, it will be changed to: "***** *****"
- IP: We had an option to enable obfuscating visitor IPs.
Now, we obfuscate IPs by default for all visitor without an option to disable itNow, we obfuscated IP of visitors from EU countries without an option to disable it. You can enable IP obfuscation for all countries in your account global settings in the panel if you wish to. - Identify API: We have retired our "identify" API. It is no longer possible to mark recordings with visitor IDs.
- Reviewing Privacy Protection Features: We have reviewed and updated sections related to the user data. We have also reviewed server logging, analytics installed, account removal, etc. and made changes to maximize the protection.
As an account holder:
- User Consent: Asking for user consent has always been required prior to enabling MouseStats services on your website. Make sure you are asking for user consent before activating any service related to MouseStats. It is a must and mandatory.
- Data Processing Addendum (DPA): If you are the organization administrator and would like to sign a DPA with us for your organization, please send an email to support@mousestats.com. A draft version is available online for your review: DPA Draft v1. The material maybe be get updated in a non-draft version, while we do our best to put the latest version here. Please send us your information to support@mousestats.com to receive a non-draft and signed form, if needed to enter into a contractual data processing agreement. Any DPA signed would not potentially modify our terms of service: it does not grant you any permission to collect PII information using MouseStats. To ensure we don't collect any PII (Personally Identifiable Information) or PHI (Personal Health Information), you need to be extremely cautious if your company needs to adhere to data privacy legislation. We are not responsible for ensuring your compliance by using MouseStats, and suggest consulting legal counsel to determine if using MouseStats complies with your local governing laws.
- Data removal requests: Send an email to support@mousestats.com to instruct us a data removal. We may check and verify some information with you to make sure you are the real account owner. Then we will remove all data we have on file about your account.
We have always been against storing any PII, which was/is also reflected to our Terms of Service. However, with recent changes we are minimizing the risk for possible mistakes. Without collecting PII, it is not possible to link captured data to a specific user.
Please make sure you are following all GDPR rules as a client, and let us know if we can do anything to help.
The following documentation can be helpful on privacy terms:
Opting out tracking by cookie using URL
Opting out sensitive HTML content
Opting out EU visitors
