Mouseflow only uses the most trusted and secure data centers for our platform. Access is restricted to a few select employees and data is only transmitted across encrypted SSL connections.

Your data is isolated in either our European (Amsterdam) or United States (Virginia) data center, based on the region you sign up from. No data is shared between these two centers, and we never transmit or store data outside the European Union or the United States, respectively.

If your site collects any sensitive data, you need to exclude non-input fields that may contain personal data from being recorded using our Visual Privacy Tool, the Settings, or via code. Mouseflow excludes all password and credit card number fields automatically, though it is recommend that you verify that they are properly excluded. Customers must agree to exclude any PII, confidential, proprietary, or sensitive information from capture as necessary.

The current version of Mouseflow does not collect and store the visitor's IP address, and cannot be configured to do so.
​
The IP address is commonly accepted as being PII (Personal Identifiable Information). It is difficult to pin-point a specific person using an IP address, in addition, browsers require an IP address to successfully communicate across the internet. However, it is generally accepted that IP addresses should not be collected or stored for the safety and security of all users. Mouseflow follows this best practice, and does not collect and store IP addresses as it is not relevant for the analytics provided.

Mouseflow is also fully GDPR and CCPA/VCDPA compliant. You can read more about these on our Compliance page.

To receive our security kit that includes copies of audits, certificates, policies and more. Please visit this page and fill out the form titled Request the Mouseflow Security Kit.