Privacy first

The Smartlook SDKs are written with Privacy first in mind. Privacy first means that we do not record any potentially sensitive data by default. This means that inputs, IP addresses, on-page emails and long numbers are not recorded unless you enable it explicitly via Record API.

Moreover, if you have more elements you want to mask or not record at all, you can always use our Privacy API.

To gain further insights into your users, you can attribute data to their sessions. This data can only be collected if your project already collect his data, such as during login. This identifying data can be parsed into Smartlook using the Identify API.

Legal requirements about personal data collection may vary across countries. It’s best to consult a local lawyer in your country if you are unsure about your legal obligations.

Should I inform visitors that I record them?

The answer depends on if you record personal data of your users and also on local laws in your country. If you don’t record any personal data, you don’t need to inform your users about the recording. However, if you do record personal data through Smartlook, you most likely are required to inform them. The best way is to include this is in your Privacy Policy that is easily accessible on your website.

If one of your users doesn’t want to be tracked by Smartlook, they can Opt out.

Is recording visitors legal?

Yes. Tracking the behavior and movement of your users using Smartlook is legal, just like using Google Analytics or other services for tracking users.

From a legal point of view, the important point is if you record any personal data of users. This is something you can set up with Smartlook. The main element users can enter personal data is in forms. Due to Smartlook's Privacy first approach, the SDKs don't record any form inputs by default. To record form inputs, you must enable it explicitly using the Record API.