...
Meet legal and contractual obligations.
Maintain Hotjar’s need-to-know access controls.
Educate freelancers themselves on the Hotjar working and security practices.
Protect Hotjar’s reputation, intellectual property, and customer data privacy assurance.
...
Agree and sign a Non-Disclosure Agreement with Hotjar.
Implement and maintain the minimum mandatory security standards outlined in this policy.
Never share any Hotjar system credentials with anyone else, even within Hotjar.
Always request access to systems by speaking to your Hotjar Lead (i.e the Hotjar team member managing the relationship).
Do not email or Slack direct message sensitive information e.g passwords or personal data obtained from Hotjar.
Never leave your laptop unattended or unlocked.
Obey and comply with relevant laws E.g observing copyright, intellectual property rights, and licensing agreements that may apply to information, documents and software.
Minimize project work or data storage on local laptop devices, instead opt to use Hotjar provided Google Drive to host documents, resources, and artifacts.
Report any lost, stolen, or damaged devices or compromised accounts used to support Hotjar systems to security@hotjar.com immediately. CC in your Hotjar Lead for visibility.
...
Operating Systems that are still supported with regular security patches and system updates. Ensure security patches are applied in a timely manner, when available.
Running an Anti-virus solution that receives regular definition updates.
Local storage or disks are encrypted to an adequate standard.
Passwords used to access Hotjar systems are complex and unique.
Ensure that credentials to Hotjar systems are in a secure, encrypted manner e.g. A password manager.
Enable, where possible Multi-factor authentication to systems.
Never backup Hotjar data to an external storage device without approval from security@hotjar.com
Acceptable Use for Freelancers temporarily accessing the approved intellectual property
...
Perform a secure deletion of all resources upon completion of contract with Hotjar.
Only access non-critical resources or repositories.
No deployments to take place outside of business hours, 09:30 AM to 17:30 PM CET.
Freelancers take ownership of any deployments and if needed shall be able to assist with emergency changes, escalation, incidents, or changes to fix issues.
Under no circumstances should you interact, download or alter any Hotjar customer data. If you have accidentally gained access to this then please notify security@hotjar.com immediately.