Last Updated: January 13th 2021
The following document is intended to provide you with information on how Squeaky supports GDPR compliance in relation to how you, as our customer, can control your website or web app's visitor data, of which we are a considered a data processor.
Can I use Squeaky?
Is using Squeaky GDPR compliant?
Yes, and as the data controller of your website or web app's visitor data you can feel confident that whilst using Squeaky you can easily fulfill your obligations under GDPR.
Can I still use Squeaky if I have customers in the EU?
Of course! The main purpose and spirit of the GDPR is to grant data subjects specific rights to their personal data. Understanding these rights and how to comply with them as a Data Controller is paramount to your ability to comply with GDPR.
Squeaky will be acting as a Data Processor for your customer's data and will provide ways to comply with all of your data subject 's rights under the obligations of a data processor. You will need to decide which data you are recording that may be considered personal, take steps to exclude the data that you do not want Squeaky to process, and understand how you will use consent or other lawful basis when Squeaky will be processing personal data.
We have some amazing tools within our application that help you to avoid catching any personal data from your customer's.
If I'm in a country outside of the EU, do I need to be concerned about GDPR?
Yes, because the GDPR is concerned with the rights of individuals, and it is hard to be sure that you will never process the data of an EU citizen due to the prevalence of international travel, remote work, etc. At Squeaky, we're strong advocates of treating all customer's data as private and sacred, regardless of where they are located, and we encourage you to do so too.
Where is my data stored? Should I be concerned about the data of my customers in the EU being stored outside of the EU?
Squeaky production data is both processed and stored within AWS data centers located in the Republic of Ireland, ensuring GDPR compliance. AWS provide independent documentation on their GDPR compliance, available here.
Explaining GDPR and Squeaky to your visitors or customers
The purpose of us using this software is to understand our website traffic in the most privacy-friendly way possible so that we can continually improve our website and business. The lawful basis as per the GDPR is "f); where our legitimate interests are to improve our website and business continually." As per the explanation, no personal data is stored over time.
To learn more about Squeaky, you can visit https://squeaky.ai/legal/gdpr.
Address: Squeaky B.V., Debussystraat 43, 2324KH Leiden, The Netherlands
Usage data: locale, device width and height, browser width and height, referrer, useragent, timezone, session start and end time, click coordinates, clicked elements, scroll position, mouse position, page views, user feedback (if submitted).
Data storage: AWS eu-west-1 region (The Republic of Ireland).
Does Squeaky use any first, or third-party cookies?
Although this is not GDPR specific, you can rest assured that Squeaky does not use any cookie-based tracking when helping our customer's analyse visitors/visits to their website or web app.
Complying with Data Subjects Rights with Squeaky
Do I need to obtain consent before I do any session recording at all with Squeaky?
Not necessarily. The GDPR is primarily concerned with personal data and defining the rights that an EU citizen has to their own data. Visits tracked by Squeaky are largely anonymous and may not include personal data, so recording a session without consent can be okay.
That said, it is possible to capture personal or sensitive data passively e.g. when personal data is inputed or displayed on your website or application. Squeaky anonymises all form fields by default, and we provide tools (described below) to enable you to anonymise absolutely everything on your website or app. If you feel you may be collecting personal data it is your responsibility to ensure GDPR compliance is adhered to and we recommend that you audit your own site and ensure all appropriate form fields or elements are excluded before you start recording (or that you're recording only after you have consent).
How do I make sure personal data isn't being captured by Squeaky?
There are two types of personal data you can send to Squeaky:
- You can actively send linked data from your database e.g. name, email address etc to Squeaky using our data linking service.
- You can passively send personal information that your users input (unlikely, as we anonymise form fields by default) or that might get displayed on pages of your website or app that Squeaky captures simply because we are recording the page.
In the case of passively captured information, you have full control over which fields or elements are excluded and it is important that you exclude the personal data that you do not want Squeaky to capture. We provide documentation on how to do this in the privacy section of your site's settings in Squeaky, as well as in our developer documentation.
Can I delete Squeaky data for specific customers when they ask to be forgotten?
Yes, you can easily delete individual users with the click of a button in your Squeaky visitors table.
Is it possible to bulk delete visitors or sessions from Squeaky?
Yes, Squeaky offers bulk actions or deletion of both visitors (and their respective recordings) and for recordings individually. You can even apply filters to find specific segments of your users and bulk delete just that group.
When I delete my account, is my data deleted right away?
Squeaky will automatically erase all your data the moment you delete your site.
If you wish for some for of time-limited data retention beyond the point of deleting your account, please contact us via email@example.com.
What can I provide an EU citizen if they request a copy of data being processed by Squeaky?
EU citizens may request a copy of their personal data. Depending on what information you've chosen to send Squeaky for processing, you may or may not have any data in Squeaky that is considered "personal."
Either way, if you'd like to provide an artifact of all personal data to your customer, you can download a .JSON file of all the raw events we have recorded for any visitor by clicking on the button on their visitor profile.
Disclaimer: we're here to help, but we can't give you legal advice. The information on this page is only intended to summarize the main points of the GDPR and inform you, our customers, about how Squeaky can be used in a compliant manner. We recommend that you work with a trusted legal partner to fully understand your obligations under the GDPR.