Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Contentsquare is a French digital experience analytics platform providing session recording, heatmaps, zone-based click analytics, AI-powered insights, and customer journey analysis. It records individual user interactions including mouse movements, clicks, scroll depth, and navigation paths. Under GDPR and CNIL guidelines, session recording and heatmap features constitute personal data processing requiring opt-in consent. Contentsquare is a leading player in experience analytics but carries significant GDPR compliance obligations due to the nature of behavioural recording.
Contentsquare is a French digital experience analytics platform that captures and analyses every user interaction on websites and mobile apps. It provides session recording (watching individual user sessions), heatmaps (aggregate click and scroll visualisations), zone-based analytics (measuring engagement with specific page sections), AI-powered insights, and customer journey mapping. Contentsquare is used by large enterprise retailers, financial services firms, and media companies to optimise their digital experiences.
Session recording tools record the full behaviour of individual website visitors — mouse movements, clicks, keystrokes, form interactions, and navigation paths. This is among the most personal and sensitive forms of web analytics. The CNIL (French data protection authority) has specifically addressed session replay tools in its guidance, noting that they require consent and careful data minimisation including: masking of all form inputs, exclusion of sensitive pages (login, payment, health), and strict access controls for recordings.
Contentsquare provides data masking capabilities to prevent capture of sensitive data. Configure automatic masking of all form inputs (text fields, dropdowns, checkboxes). Exclude authenticated user areas, payment pages, and any pages with sensitive content from recording. Enable IP anonymisation. Limit who within your organisation can view individual session recordings. Apply retention limits to auto-delete recordings after a defined period.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Contentsquare must not load until analytics consent is obtained. The Contentsquare tag must be blocked by your CMP until the user accepts analytics cookies. Contentsquare provides CMP integration documentation for major platforms. Without consent, Contentsquare must remain inactive — recording sessions of non-consenting visitors is a serious GDPR violation.
Conduct a DPIA before deployment. Sign the Contentsquare DPA. Load only after analytics consent via CMP. Configure comprehensive data masking for all form fields and sensitive pages. Apply recording retention limits. Restrict access to session recordings. Add Contentsquare to your cookie policy and privacy policy. Implement a process for erasure requests using Contentsquare data deletion APIs.
Websites using Contentsquare must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is strongly recommended for Contentsquare deployments. Session recording and heatmap tools record the behaviour of all website visitors at individual level, constituting large-scale systematic monitoring. CNIL guidelines specifically address session replay tools as requiring consent and careful data minimisation.
Sample consent text
We use Contentsquare to analyse how visitors use this website through session recordings and heatmaps. This involves recording your mouse movements, clicks, and navigation. You can refuse this analysis without affecting your ability to use the website.
Third-party domains contacted
contentsquare.comt.contentsquare.netuxa.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _cs_id | persistent | 13 months | Contentsquare unique visitor identifier for session recording and behavioural analytics |
| _cs_s | session | Session | Contentsquare session identifier grouping interactions within a single user session |
Contentsquare collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Yes. Contentsquare session recording, heatmaps, and behavioural analytics constitute personal data processing requiring opt-in consent under the ePrivacy Directive and CNIL guidelines. The Contentsquare tag must be blocked until analytics consent is given.
Contentsquare records mouse movements, click positions, scroll depth, navigation paths, page views, and time spent on page elements. Session recordings capture the full visual replay of individual user sessions. Heatmaps aggregate interaction data across all visitors.
By default, Contentsquare can capture form interactions. This must be configured with comprehensive input masking to prevent capture of names, emails, passwords, payment data, or any sensitive information. Enable masking for all text inputs as a baseline configuration.
Yes. Session recording of all website visitors at individual level constitutes large-scale systematic monitoring of individuals, which is one of the specific triggers for a mandatory DPIA under GDPR Article 35.
Consent (Art. 6(1)(a)) is required. The CNIL has specifically addressed session replay tools as requiring consent. Legitimate interest cannot justify recording individual user sessions across an entire website.
Enable comprehensive input masking. Exclude authenticated areas, payment pages, and sensitive content from recording. Set recording retention limits (30-90 days recommended). Restrict access to session recording features. Load only after analytics consent. Implement IP anonymisation.
Contentsquare is a French company but operates global infrastructure. Verify with Contentsquare whether your account is configured for EU data residency. Sign the Contentsquare DPA which addresses any transfer mechanisms required.
EU-based session recording alternatives include Hotjar (EU region available), Microsoft Clarity (free, but US-hosted requiring SCCs), and Lucky Orange (US). For pure EU residency without US transfers, Hotjar with EU region is the most established alternative.