Freelancers are external consultants (either independently or employed by an agency, vendor, or company) that provide assistance to Hotjar for an agreed time, service, or project outcome.
While this is maybe temporary, it plays an integral part in ensuring Hotjar maintains a “be bold and move fast” culture. We are super appreciative that you are able to help us. As a privacy-focused company we need to consider each situation involving a freelancer to be unique due to the nature of the work, interaction with Hotjar tooling, and working with different stakeholders within the business. As such, the following policy looks to provide base guidelines and controls that will need to be maintained while working with us.
Scope
This policy sets out to empower freelancers, by making the right choices to:
Meet legal and contractual obligations.
Maintain Hotjar’s need-to-know access controls.
Educate themselves on the Hotjar working and security practices.
Protect Hotjar’s reputation, intellectual property, and customer data privacy assurance.
Acceptable Use for Freelancers
All freelancers, regardless of their tenure or role are required to follow and adhere to this policy for the duration of their contract with Hotjar.
All freelancers must:
Agree and sign a Non-Disclosure Agreement with Hotjar.
Implement and maintain the minimum mandatory security standards outlined in this policy.
Never share any Hotjar system credentials with anyone else, even within Hotjar.
Always request access to systems by speaking to your Hotjar Lead (i.e the Hotjar team member managing the relationship).
Do not email or Slack direct message sensitive information e.g passwords or personal data obtained from Hotjar.
Never leave your laptop unattended or unlocked.
Obey and comply with relevant laws E.g observing copyright, intellectual property rights, and licensing agreements that may apply to information, documents and software.
Minimize project work or data storage on local laptop devices, instead opt to use Hotjar provided Google Drive to host documents, resources, and artifacts.
Report any lost, stolen, or damaged devices or compromised accounts used to support Hotjar systems to security@hotjar.com immediately. CC in your Hotjar Lead for visibility.
Minimum Mandatory Security Standards
Any freelancer working with Hotjar is required to maintain a safe working environment. All devices used to access Hotjar systems or tools must meet these minimum standards and is the responsibility of the freelancer to set and maintain them.
Operating Systems that are still supported with regular security patches and system updates. Ensure security patches are applied in a timely manner, when available.
Running an Anti-virus solution that receives regular definition updates.
Local storage or disks are encrypted to an adequate standard.
Passwords used to access Hotjar systems are complex and unique.
Ensure that credentials to Hotjar systems are in a secure, encrypted manner e.g. A password manager.
Enable, where possible Multi-factor authentication to systems.
Never backup Hotjar data to an external storage device without approval from security@hotjar.com
Acceptable Use for Freelancers temporarily accessing the approved intellectual property
Freelancers accessing or interacting with any pre-approved intellectual property of Hotjar are expected to follow the above acceptable use as well as:
Perform a secure deletion of all resources upon completion of contract with Hotjar.
Only access non-critical resources or repositories.
No deployments to take place outside of business hours, 09:30 AM to 17:30 PM CET.
Freelancers take ownership of any deployments and if needed shall be able to assist with emergency changes, escalation, incidents, or changes to fix issues.
Under no circumstances should you interact, download or alter any Hotjar customer data. If you have accidentally gained access to this then please notify security@hotjar.com immediately.