Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Overheat is a European privacy-focused session recording and heatmap tool designed as a GDPR-compliant alternative to Hotjar. It captures user interactions to help website owners understand how visitors navigate their site. With EU-based infrastructure and privacy-by-design principles, Overheat eliminates the third-country transfer risk associated with US-based analytics tools. Consent is still required before session recordings begin under the ePrivacy Directive.
Overheat is a European privacy-focused session recording and heatmap analytics tool that provides website owners with visual insights into how visitors interact with their pages. It records mouse movements, clicks, scroll depth, and navigation patterns to create heatmaps and session replays. Overheat is specifically designed as a GDPR-compliant alternative to US-based tools like Hotjar and Microsoft Clarity, with EU-based data storage and privacy-by-design features such as automatic masking of sensitive input fields.
Overheat records mouse movements, click positions, scroll depth, page navigation sequences, and session duration. It may also capture form interaction data (fields focused, not necessarily values). IP addresses and browser information are collected. Sensitive form fields such as passwords and payment inputs are automatically masked. Session recordings are stored on EU-based servers.
Overheat''s EU data storage eliminates the primary GDPR risk associated with US-based session recording tools. No transfer mechanism is required. The privacy-by-design approach including automatic form field masking reduces the risk of inadvertently capturing sensitive personal data in recordings. The ePrivacy Directive still requires consent before session recording begins, as recording user behaviour constitutes non-essential data collection regardless of storage location.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Consent is required before Overheat scripts load and session recording begins. The consent notice should explain that session recordings and heatmaps are used to improve the website, describe the data captured, and confirm EU data storage. Given the EU location, no US transfer disclosure is needed. Users who decline must not have their sessions recorded.
All data is processed in the EU. No transfer mechanism required. This makes Overheat suitable for organisations with strict data localisation requirements who need session recording analytics.
Obtain ePrivacy consent before Overheat loads. Verify automatic form field masking is active. Update your privacy policy to describe Overheat as a processor with EU data storage. Sign a DPA with Overheat. Configure session recording sampling rates and retention periods to minimise data collection. Document the processing in your RoPA noting the EU data location.
Websites using Overheat must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is advisable when Overheat session recordings capture sensitive user interactions at scale, such as form completions, health-related page visits, or financial account pages. The EU data location significantly reduces risk compared to US-based alternatives.
Sample consent text
We use Overheat to record and analyse how visitors use our website through session recordings and heatmaps. Overheat collects interaction data including mouse movements, clicks, and scroll behaviour. Data is processed in the EU. Please accept to enable session recording and heatmap analytics.
Third-party domains contacted
overheat.iocdn.overheat.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| oh_session | session | Session | Session identifier used to maintain the active session recording and associate interaction events |
| oh_uid | persistent | 1 year | Visitor identifier used to stitch sessions across page loads for complete session replay |
Overheat collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Overheat records mouse movements, click positions, scroll depth, page navigation sequences, and session duration. Sensitive form fields such as passwords and payment inputs are automatically masked. Recordings are stored on EU-based servers.
Yes. Session recording and heatmap tracking are non-essential and require prior ePrivacy consent regardless of EU data location. Users who decline must not have their sessions recorded.
Consent (Art. 6(1)(a)) is required for session recordings and individual heatmap tracking. Legitimate interest may apply to aggregate, anonymised heatmap data with a documented balancing test.
No. All data is processed within the EU. No GDPR Chapter V transfer mechanism is required — a major advantage over US-based tools like Hotjar or FullStory.
Advisable when recordings capture sensitive interactions at scale (health, finance, legal pages). The EU data location significantly reduces the risk profile versus US alternatives.
Obtain ePrivacy consent before loading. Verify automatic form masking is active. Sign a DPA with Overheat. Update your privacy policy noting EU data storage. Configure retention periods and document the processing in your RoPA.
Overheat stores all data in the EU, eliminating the US transfer risk. Hotjar requires SCCs; Overheat does not. Both require ePrivacy consent. For EU organisations, Overheat is the simpler compliance choice.
List the Overheat session cookie under analytics, note the EU data storage, reference Overheat as processor, and link to their privacy policy. No third-country transfer disclosure is required.