Request the Mouseflow Security Kit

We’ll include copies of audits, certificates, policies and more.

Frequently asked questions

Mouseflow has data centers in both Europe (Amsterdam, EU) and United States (Virginia). Based on where your location during  sign-up your data will be located either in the EU or the US. We never transmit or store data outside of the European Union or United States, respectively.

All Mouseflow Data centers
SOC 1 Type II
PCI DSS Compliance

Mouseflow US Data center
All of the above

You can request the “Mouseflow Security Kit” via the form above.

Yes, Mouseflow does have an ISP in place, and it’s also available from the Mouseflow Security Kit.

Yes – Mouseflow conducts frequent penetration and vulnerability tests.

All customer data is completely compartmentalized. All data is saved using unique keys that prevent any cross-contamination or pollution from other data-sets.

Mouseflow customers signing up from North and South America (USA, Canada, Mexico, Brazil etc.) will have the data located at the Mouseflow US data center.

All customers signing up from within the EU will have the data located at the Mouseflow EU data center.

For Enterprise plans, Mouseflow provides the option to enforce SSO (Single Server Sign-On) for all users under an account. In addition, two-factor authentication can optionally be enforced for all users with access to your account.

Your data collected by Mouseflow is stored in the region you signed up for an account (separate US/EU data centers) and written to our database(s) with a unique account identifier. When we query records, all queries limit the result set returned to only those records with the unique account identifier.

Personal Identifiable Information data is by default not stored in Mouseflow. Learn more. 

The Mouseflow platform is 100% compliant with the GDPR (General Data Protection Regulation) as set out by the European Union. We do our best to keep you and your visitors safe by aligning you with the industry’s best practices. We mask all IP addresses within the EU and do not track any keystrokes across all EU visitors (non-PII fields can be whitelisted). Read more about Mouseflow’s compliance with the GDPR here.

All Personal Identifiable Information (“PII”) is pseudonymized prior to being collected by Mouseflow. Mouseflow does not need PII to provide valuable website analytics.

As Mouseflow does not collect any Personal Identifiable Information it’s not a requirement under the GDPR to enter into a DPA. However, Mouseflow does offer a DPA for customers who are looking to ensure a data processor relationship with Mouseflow. You can find and digitally sign the DPA here.

Although we do have SOC1 type II in place for all the Mouseflow data centers. The SOC1 is a similar standard as the SOC2, both are reports on controls at a service organization and are audited by accountants. The difference is that SOC2 has a mandatory set of controls. At the moment we consider the SOC1 as the preferred internal standard due to its flexibility, it allows us to completely tailor and update the framework to our activities, risks and client expectations.

Our historical uptime is 99.99%.

Mouseflow provides 24/7 support from our in-app communication interface. In addition, you can reach out to our customer service team via or by phone. See the “Contact Us” page for information on how to contact the Mouseflow customer service team.

Yes – Mouseflow maintains PCI assessed by ControlScan on a frequent basis. Please refer to the Mouseflow Security Kit for further information.