Overview
CrazyEgg is a website optimisation tool that provides heatmaps, scroll maps, click reports, and session recordings to help organisations understand how users interact with their web pages. It captures detailed interaction data including mouse movements, click positions, and scroll depth, which is visualised through overlay reports on page screenshots. CrazyEgg is often deployed by marketing and UX teams seeking quick visual insights without the complexity of full analytics platforms. Like all session recording tools, it carries elevated data protection risk because it can inadvertently capture personal data displayed on screen or entered into form fields.
Detection Capabilities
- Signature count
- 2
- Detection methods
- network
Performance Impact
Performance Impact
- Script size
- 20 KB
- Requests per page
- 2
Common Mistakes
- 1 Deploying CrazyEgg without explicit consent, treating it as a basic analytics tool when session recordings and heatmaps constitute more intrusive data processing
- 2 Not configuring input field masking, allowing CrazyEgg to capture sensitive data entered into forms such as passwords, payment details, and personal information
- 3 Failing to conduct a data protection impact assessment before deployment, which is typically required for session recording tools under GDPR Article 35
- 4 Running CrazyEgg on all pages including those displaying sensitive data (account balances, health information, personal details) without page-level restrictions
- 5 Not informing users about session recording in the privacy notice, violating GDPR transparency requirements
Compliance Considerations
CrazyEgg sets first-party cookies and transmits interaction data including mouse movements, clicks, and scroll behaviour to CrazyEgg servers in the United States. Session recordings can capture personal data visible on screen, making this a higher-risk processing activity under GDPR. European DPAs generally consider session recording tools to require explicit consent under the ePrivacy Directive, as they go well beyond what is strictly necessary for providing the service. Organisations should ensure CrazyEgg is blocked until explicit consent is granted, configure comprehensive input field masking, restrict recording to non-sensitive pages, and conduct a DPIA before deployment. Data transfers to the US should be assessed against the EU-US Data Privacy Framework requirements.
Related Services
Fullstory
High Fullstory
Digital experience analytics platform providing session replay, heatmaps, and event analytics. Captures user interactions including clicks, scrolls, and form inputs to analyse user behaviour and identify friction points.
1 detection signature
Glassbox
High Glassbox
Digital experience analytics platform providing session replay, interaction maps, and struggle detection. Captures user sessions to identify UX issues, conversion blockers, and application errors across web and mobile.
1 detection signature
Hotjar
High Contentsquare (Hotjar)
Behaviour analytics platform providing session recordings, heatmaps, and on-site surveys. Captures mouse movements, clicks, scrolls, and form inputs in real time. Now part of Contentsquare. Among the highest-risk analytics tags - session recordings can inadvertently capture sensitive personal data displayed on screen.
6 detection signatures
LogRocket
High LogRocket
Session replay and product analytics platform. Records user sessions including DOM changes, network requests, and console logs. Provides error tracking, performance monitoring, and user journey analysis.
1 detection signature
Need help governing CrazyEgg?
Our governance diagnostic identifies compliance gaps across your entire tag estate.
Start your Governance Diagnostic