ConsentMark
Free Scan
CrazyEgg logo
Session RecordingHigh complexity

CrazyEgg

by crazyegg

All product names, logos, and trademarks are the property of their respective owners. Their inclusion here is for identification purposes only and does not imply endorsement by Obscurity Ltd.

Sets cookies
Yes
Sends PII
No
Cross-site tracking
No
Consent required
Session Recording
Cookies
_ceir_CEFT_ceg.s_ceg.u

Overview

Session recording and heatmap tool that captures mouse movements, click positions, scroll depth, and page interactions. Carries elevated data protection risk because recordings can inadvertently capture personal data displayed on screen or entered into form fields. Often deployed by marketing teams without governance oversight due to its perceived simplicity relative to full analytics platforms.

Detection capabilities

Signature count
2
Detection methods
network
Property types
hostnamepathname

Performance impact

Performance Impact

Script size
20 KB
Requests per page
2

Common mistakes

  • 1Deploying CrazyEgg without explicit consent, treating it as a basic analytics tool when session recordings and heatmaps constitute more intrusive data processing
  • 2Not configuring input field masking, allowing CrazyEgg to capture sensitive data entered into forms such as passwords, payment details, and personal information
  • 3Failing to conduct a data protection impact assessment before deployment, which is typically required for session recording tools under GDPR Article 35
  • 4Running CrazyEgg on all pages including those displaying sensitive data (account balances, health information, personal details) without page-level restrictions
  • 5Not informing users about session recording in the privacy notice, violating GDPR transparency requirements

Compliance considerations

CrazyEgg sets first-party cookies and transmits interaction data including mouse movements, clicks, and scroll behaviour to CrazyEgg servers in the United States. Session recordings can capture personal data visible on screen, making this a higher-risk processing activity under GDPR. European DPAs generally consider session recording tools to require explicit consent under the ePrivacy Directive, as they go well beyond what is strictly necessary for providing the service. Organisations should ensure CrazyEgg is blocked until explicit consent is granted, configure comprehensive input field masking, restrict recording to non-sensitive pages, and conduct a DPIA before deployment. Data transfers to the US should be assessed against the EU-US Data Privacy Framework requirements.

Related services

Fullstory

fullstory

Session RecordingLow risk

1 detection signature

Glassbox

glassbox

Session RecordingLow risk

1 detection signature

Hotjar

Contentsquare (Hotjar)

Session RecordingLow risk

6 detection signatures

LogRocket

logrocket

Session RecordingLow risk

1 detection signature

Scan your site for crazyegg

Run a free Consentmark scan to see how crazyegg is loading on your site, whether it respects consent, and where governance gaps exist across your wider tag estate.

Start a free scan