Versions Compared

Old Version 3

changes.mady.by.user Dan Whitty

Saved on

compared with

New Version 4

changes.mady.by.user Dan Whitty

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Meet legal and contractual obligations.

  • Maintain Hotjar’s need-to-know access controls.

  • Educate freelancers themselves on the Hotjar working and security practices.

  • Protect Hotjar’s reputation, intellectual property, and customer data privacy assurance.

...

  • Agree and sign a Non-Disclosure Agreement with Hotjar.

  • Implement and maintain the minimum mandatory security standards outlined in this policy.

  • Never share any Hotjar system credentials with anyone else, even within Hotjar.

  • Always request access to systems by speaking to your Hotjar Lead (i.e the Hotjar team member managing the relationship). 

  • Do not email or Slack direct message sensitive information e.g passwords or personal data obtained from Hotjar.

  • Never leave your laptop unattended or unlocked.

  • Obey and comply with relevant laws E.g observing copyright, intellectual property rights, and licensing agreements that may apply to information, documents and software.

  • Minimize project work or data storage on local laptop devices, instead opt to use Hotjar provided Google Drive to host documents, resources, and artifacts.

  • Report any lost, stolen, or damaged devices or compromised accounts used to support Hotjar systems to security@hotjar.com immediately. CC in your Hotjar Lead for visibility.

...

  • Operating Systems that are still supported with regular security patches and system updates. Ensure security patches are applied in a timely manner, when available.

  • Running an Anti-virus solution that receives regular definition updates.

  • Local storage or disks are encrypted to an adequate standard. 

  • Passwords used to access Hotjar systems are complex and unique.

  • Ensure that credentials to Hotjar systems are in a secure, encrypted manner e.g.  A password manager.

  • Enable, where possible Multi-factor authentication to systems.

  • Never backup Hotjar data to an external storage device without approval from security@hotjar.com

Acceptable Use for Freelancers temporarily accessing the approved intellectual property

...

  • Perform a secure deletion of all resources upon completion of contract with Hotjar.

  • Only access non-critical resources or repositories.

  • No deployments to take place outside of business hours, 09:30 AM to 17:30 PM CET.

  • Freelancers take ownership of any deployments and if needed shall be able to assist with emergency changes, escalation, incidents, or changes to fix issues.

  • Under no circumstances should you interact, download or alter any Hotjar customer data. If you have accidentally gained access to this then please notify security@hotjar.com immediately.