Privacy policy clauses for Heap Analytics
Heap Analytics is an analytics platform that automatically captures all user interactions on a website, including clicks, page views, and form inputs, without requiring manual event tracking. Websites use it to understand user behavior and optimize digital experiences.
Free scan · No signup · Results in 60 seconds
What data Heap Analytics collects
Your privacy policy must disclose each of the following data types when you use Heap Analytics.
When does Heap Analytics trigger privacy obligations?
Installation triggers immediate data collection
The moment you install Heap Analytics on your website or app, it begins auto-capturing all user interactions—clicks, form inputs, page views, and device information—without requiring explicit user actions to configure tracking rules. This automatic behavior means data flows to Heap Inc (a Contentsquare subsidiary, US-based) immediately upon site load, before users see any consent interface.
GDPR applies if you have EU users
If your site or app is accessible to or targets EU residents, GDPR Article 4(11) classifies Heap as processing personal data (user interactions linked via the `_hp2_*` cookie constitute identifiers under GDPR Article 4(1)). Article 6 requires a lawful basis—typically explicit consent under Article 7 or legitimate interest (Article 6(1)(f))—*before* the SDK fires. The ePrivacy Directive Article 5(3) additionally requires prior informed consent for non-essential cookies.
