PrivacyPricing
Get Started FreeLog InGet Started FreeLog In

Legal & Compliance

GDPR

Last Updated: January 13th 2021

The following document is intended to provide you with information on how Squeaky supports GDPR compliance in relation to how you, as our customer, can control your website or web app's visitor data, of which we are a considered a data processor.

To learn how we comply with GDPR with regards to Squeaky's own visitor and customer data, please see our privacy policy.

Can I use Squeaky?

Is using Squeaky GDPR compliant?

Yes, and as the data controller of your website or web app's visitor data you can feel confident that whilst using Squeaky you can easily fulfill your obligations under GDPR.

Can I still use Squeaky if I have customers in the EU?

Of course! The main purpose and spirit of the GDPR is to grant data subjects specific rights to their personal data. Understanding these rights and how to comply with them as a Data Controller is paramount to your ability to comply with GDPR.

Squeaky will be acting as a Data Processor for your customer's data and will provide ways to comply with all of your data subject 's rights under the obligations of a data processor. You will need to decide which data you are recording that may be considered personal, take steps to exclude the data that you do not want Squeaky to process, and understand how you will use consent or other lawful basis when Squeaky will be processing personal data.

We have some amazing tools within our application that help you to avoid catching any personal data from your customer's.

If I'm in a country outside of the EU, do I need to be concerned about GDPR?

Yes, because the GDPR is concerned with the rights of individuals, and it is hard to be sure that you will never process the data of an EU citizen due to the prevalence of international travel, remote work, etc. At Squeaky, we're strong advocates of treating all customer's data as private and sacred, regardless of where they are located, and we encourage you to do so too.

Where is my data stored? Should I be concerned about the data of my customers in the EU being stored outside of the EU?

Squeaky production data is both processed and stored within AWS data centers located in the Republic of Ireland, ensuring GDPR compliance. AWS provide independent documentation on their GDPR compliance, available here.

Explaining GDPR and Squeaky to your visitors or customers

Do you have any resources we can include in our consent flows or Privacy Policy?

Yes, you can include the following text in your Privacy Policy when you mention which tools you are using to collect and analyse visitor data:

Squeaky

We want to process as little personal information as possible when you use our website or service, that's why we've chosen Squeaky for our web analytics. Squeaky doesn't use cookies and complies fully with the GDPR, and CCPA data privacy regulations - ensuring all usage is tracked anonymously unless otherwise defined or requested. Whilst using this privacy-friendly website analytics software, your IP address is briefly processed for screening purposes and never stored. As per the CCPA, your personal information is not identifiable without your express consent. You can read more about this on Squeaky's website.

The purpose of us using this software is to understand our website traffic in the most privacy-friendly way possible so that we can continually improve our website and business. The lawful basis as per the GDPR is "f); where our legitimate interests are to improve our website and business continually." As per the explanation, no personal data is stored over time.

To learn more about Squeaky, you can visit https://squeaky.ai/legal/gdpr.

Additional information

Depending on your business, you may also wish to include the following information in your Terms of Service or Privacy Policy when mentioning your use of Squeaky:

Address: Squeaky B.V., Debussystraat 43, 2324KH Leiden, The Netherlands

Usage data: locale, device width and height, browser width and height, referrer, useragent, timezone, session start and end time, click coordinates, clicked elements, scroll position, mouse position, page views, user feedback (if submitted).

Data storage: AWS eu-west-1 region (The Republic of Ireland).

Does Squeaky use any first, or third-party cookies?

Although this is not GDPR specific, you can rest assured that Squeaky does not use any cookie-based tracking when helping our customer's analyse visitors/visits to their website or web app.

Complying with Data Subjects Rights with Squeaky

Do I need to obtain consent before I do any session recording at all with Squeaky?

Not necessarily. The GDPR is primarily concerned with personal data and defining the rights that an EU citizen has to their own data. Visits tracked by Squeaky are largely anonymous and may not include personal data, so recording a session without consent can be okay.

That said, it is possible to capture personal or sensitive data passively e.g. when personal data is inputed or displayed on your website or application. Squeaky anonymises all form fields by default, and we provide tools (described below) to enable you to anonymise absolutely everything on your website or app. If you feel you may be collecting personal data it is your responsibility to ensure GDPR compliance is adhered to and we recommend that you audit your own site and ensure all appropriate form fields or elements are excluded before you start recording (or that you're recording only after you have consent).

How do I make sure personal data isn't being captured by Squeaky?

There are two types of personal data you can send to Squeaky:

  1. You can actively send linked data from your database e.g. name, email address etc to Squeaky using our data linking service.
  2. You can passively send personal information that your users input (unlikely, as we anonymise form fields by default) or that might get displayed on pages of your website or app that Squeaky captures simply because we are recording the page.

In the case of passively captured information, you have full control over which fields or elements are excluded and it is important that you exclude the personal data that you do not want Squeaky to capture. We provide documentation on how to do this in the privacy section of your site's settings in Squeaky, as well as in our developer documentation.

Can I delete Squeaky data for specific customers when they ask to be forgotten?

Yes, you can easily delete individual users with the click of a button in your Squeaky visitors table.

Is it possible to bulk delete visitors or sessions from Squeaky?

Yes, Squeaky offers bulk actions or deletion of both visitors (and their respective recordings) and for recordings individually. You can even apply filters to find specific segments of your users and bulk delete just that group.

When I delete my account, is my data deleted right away?

Squeaky will automatically erase all your data the moment you delete your site.

If you wish for some for of time-limited data retention beyond the point of deleting your account, please contact us via hello@squeaky.ai.

What can I provide an EU citizen if they request a copy of data being processed by Squeaky?

EU citizens may request a copy of their personal data. Depending on what information you've chosen to send Squeaky for processing, you may or may not have any data in Squeaky that is considered "personal."

Either way, if you'd like to provide an artifact of all personal data to your customer, you can download a .JSON file of all the raw events we have recorded for any visitor by clicking on the button on their visitor profile.

Disclaimer: we're here to help, but we can't give you legal advice. The information on this page is only intended to summarize the main points of the GDPR and inform you, our customers, about how Squeaky can be used in a compliant manner. We recommend that you work with a trusted legal partner to fully understand your obligations under the GDPR.