Privacy FAQs

Common questions asked regarding privacy and compliance at WebMaxy. To learn more about WebMaxy’s approach to privacy, take a look at Your Privacy & WebMaxy.

About WebMaxy #

What is/who is WebMaxy? #

WebMaxy is behavior analytics software. It is used by website owners to gain a better understanding of how users interact with their website and to identify issues that their users are running into when browsing their website. WebMaxy provides website owners with tools such as Heatmaps, Sessions Recordings, Surveys & Polls that help them to gain insight into their users’ experience on their website. This insight is used by website owners to make changes that improve the overall experience for their users. WebMaxy is used on over 500,000 websites in 180+ countries. Find out more about how WebMaxy works here.

WebMaxy is the product developed by Sphinx Solutions Pvt. Ltd. It is headquartered in Pune, India. Our founding team includes experts in product development, digital marketing, user experience, and conversion rate optimization.

We are now a diverse team of 100+ people working across 25+ countries. Our vision is to give teams of all sizes the insights they need to create experiences their users love. Read our story here.

Back to top

What is WebMaxy’s approach to privacy? #

From its very first day, WebMaxy was designed with the privacy of the end user in mind. We choose not to collect user IP addresses and to block our customers from introducing personal data (such as user IDs and emails) into WebMaxy. However, we decided to shift the responsibility back to where it belongs, and give our customers the ability to responsibly collect the data they need to improve their users’ experience.

We also started rolling out WebMaxy’s Identify API, which allows customers who enable it to pass information they already have about their users (such as spend, signup date, user ID, etc.) into their WebMaxy account. Since safeguarding privacy is a moral and ethical priority for our team, and will always remain so, we limit usage to customers who agree to a Data Processing Agreement (DPA) before being allowed to use the Identify API. You can read more about this in our technical documentation on User Attributes.

We also have clear guidelines in place in our Acceptable Use Policy and WebMaxy remains committed to maintaining the same level of user anonymization by default, honoring Do Not Track (DNT) headers, and allowing users to block WebMaxy from collecting their data.

Back to top

About your privacy and WebMaxy #

What Personal Information has WebMaxy collected about me? #

This will depend on how a website owner who has installed WebMaxy uses our product and its features. Each scenario is unique. You can view a list of the Categories of Personal Data WebMaxy can collect about you.

For example, a website owner using WebMaxy Surveys may set up a new survey and ask for Personally Identifiable Information, such as email or name, to be collected.

WebMaxy is the processor of data that a website may collect about you. We store this data for the website owner to access through WebMaxy’s behavior analytics software. We do not access it for our own needs and will never harvest or sell this data, ever.

As a user of a website that is using WebMaxy you have the right to view and delete information collected about you. More information about our User Lookup feature can be found here.

Back to top

What types of Cookies does WebMaxy use? What do they do? #

In order to process data about your visit to a website, WebMaxy stores first-party cookies on your browser. Cookies are either set by the WebMaxy script, or by visiting the WebMaxy website. These cookies have different purposes and also have different lifespans. More details about WebMaxy and Cookies can be found here.

If you have Cookies disabled, you won’t be tracked by any website using WebMaxy. Most web browsers allow some control of most cookies through the browser settings. To find out what cookies have been set and how to manage and delete them, we recommend visiting All About Cookies.

Back to top

I have enabled the Do-Not-Track setting in my browser. Will this stop WebMaxy processing data about me? #

Yes. WebMaxy respects the Do-Not-Track (DNT) headers in browsers. As a website user browsing websites that have WebMaxy installed, you are able to use the Do Not Track setting in your browser to avoid WebMaxy tracking any data about your visit.

Do-Not-Track is implemented through your browser, so you’ll need to check if the setting is enabled or disabled within your own browser.

We’ve created an how to enable Do-Not-Track page, providing instructions on how to check. This is currently available in English and German.

Back to top

Does WebMaxy harvest/sell data? #

WebMaxy does not sell, has not sold, and will never sell personal data to anyone at any time.

WebMaxy considers data protection and privacy to be of paramount importance. We never sell personal data and we carry out all processing operations in strict compliance with the EU General Data Protection Regulation (“GDPR”) (specifically but not limited to Article 6(1)(b) to (f) and Article 28) as well as the Laws of Malta, where WebMaxy is incorporated, and other applicable global privacy and data protection laws such as the California Consumer Privacy Act (“CCPA”) (collectively, the “Applicable Law”).

Back to top

Do you mine or access my data for profiling or advertising? #

Absolutely not. This isn’t our business, it’s not our data and we have no right to do any of these activities.

Website owners use our software to process data about your visit and we as WebMaxy store this data for them to access. We will never access this data or use it for any reason.

Back to top

About WebMaxy’s privacy features #

My users are requesting access to data processed about them. How can I get them this data? Can it be deleted? #

Using the User Lookup tool you can look up and delete users that have had their data collected. Once the user’s email is submitted, a report will be generated of all the data you have collected on them. More information on this report can be found in Understanding User Lookup Results.

By default, WebMaxy works with anonymized user IDs when tracking your website users.. It’s therefore important to keep in mind that the user will only have results shown in the Visitors Lookup tool if they have previously included their email to a Feedback response.

Back to top

How long does WebMaxy retain data? #

Recordings, Funnels, and Forms data in WebMaxy is kept from date of capture for 365 days. Heatmap data is retained for 365 days from date of creation. Responses gathered from Feedback tools are stored indefinitely until the account owner decides to delete them.

Back to top

How do I process sensitive data safely with WebMaxy? #

At WebMaxy, we believe in our customers’ (and their customers’) rights to privacy. We include features on every plan level that allow you to process sensitive data without putting your customer data at risk. Features range from text and image suppression, to easily being able to look up the data you collected on a user to delete information that is requested to be removed.

For more detail, see our full guide to Processing Personal Data in WebMaxy.

Back to top

How do I prevent sensitive data from being processed in WebMaxy? #

WebMaxy has four types of suppression: on-page text, specific element, location, or all content suppression.

On-Page text suppression converts text, email addresses, or numbers present within the HTML of a page to a random number of asterisks (***) or 1s (111111). It can be enabled by clicking a checkbox in site settings in the WebMaxy dashboard. By default, WebMaxy will suppress a sequence of numbers, like a credit card number or phone number, without turning on numeric text suppression.

Specific element suppression requires additional HTML to be pasted to your site’s code in order to “hide” information from WebMaxy. A step by step guide can be found in How to Suppress Specific Elements.

Location suppression hides any information about the user’s country/location in collected WebMaxy data when enabled.

Hiding all on-page content is an option as well, easily enabled from within your site settings. This will not only suppress on-page text, but will also hide images.

For a full guide on suppressing collected data, head to How to Suppress Information from Data.

Back to top

How do I make sure I am compliant with WebMaxy’s Acceptable Use Policy #

WebMaxy is designed to empower you and your team to build a better experience for your site users and customers, while ensuring their rights to privacy are respected.

Because of this, all data collected and processed with WebMaxy must solely be used by the site or app owner and not shared with third parties, unless explicit consent has been received from all data parties. This includes but is not limited to:

  • Selling or sharing the data with third parties
  • Marketing automation
  • Re-targeted advertising

For more detail, have a read of our full Acceptable Use Policy here.

Back to top

About security #

Where does WebMaxy store my end-user data? #

User and usage data that WebMaxy collects is stored with Amazon Web Services, which is located at the us-east-1 datacenters located in North Virginia. Please check out Data Safety, Privacy & Security for more detailed information.

More detail on this can be found over in Security.

Back to top

How does WebMaxy protect my data? #

WebMaxy has implemented a number of technical and organizational controls that help protect the confidentiality, integrity, and availability of customer data.

More detail on this can be found over in Security.

Back to top

Does WebMaxy support Content Security Policies? #

In order for WebMaxy to function with your current Content Security Policy, you’ll need to add additional directives to your policy. Details of this can be found on our Content Security Policy help page. We have outlined our minimum requirements, and have also suggested some additional steps that can be taken to provide greater security granularity.

Back to top

About legal matters #

Does WebMaxy own my data? #

Short answer: No.

WebMaxy is the processor of data that is collected through WebMaxy. We are not the owners of this data. The data collected is owned by you as a WebMaxy customer who manages the website where it was gathered. The data collected is hosted in datacenters by a third party, Amazon Web Services (AWS). They do not access or use the content for any purpose other than as legally required and for maintaining the AWS services.

Back to top

What steps do I need to take to use WebMaxy in a legally compliant manner? #

Depending on your situation and jurisdiction, below are the measures which we can foresee you needing to take as a result of using WebMaxy:

Make sure your Terms of Service or Privacy Policy properly communicate to your users how you are using WebMaxy (and any other similar services) on your website or app. This requirement has always been part of WebMaxy’s Terms of Service, but the GDPR can heavily penalize you if you’ve not done this clearly. We recommend you ensure your policies are up to date and clear to your readers. We have a sample version of the wording which you can include in your Privacy Policy. Note that this is a very generic statement and might need to be tailored to fit your particular use of our services.

If you are in the European Union, you’ll likely want to sign a Data Processing Agreement with WebMaxy. We’re happy to do so. Working with outside counsels in Germany and Malta we’ve updated this document to be in compliance with the GDPR and other generally acceptable privacy laws. If you have any questions about its contents email

Back to top

How should I describe WebMaxy in my Privacy Policy? Do you have sample language for this? #

We recommend you ensure your policies are up to date and clear to your readers. We have a sample version of the wording which you can include in your Privacy Policy. Note that this is a very generic statement and might need to be tailored to fit your particular use of our services.

Back to top

What is WebMaxy’s commitment to compliance with GDPR? #

WebMaxy has undertaken the required business and technological steps to operate in a manner compliant with GDPR. For more information take a look at our documentation on our GDPR commitment page.

Back to top

What is WebMaxy’s commitment to compliance with the CCPA? #

As a privacy-centric company, at WebMaxy we’re excited to see the subject of privacy get more attention. We’ve made a number of enhancements in preparation for the CCPA. Our commitment to CCPA compliance and further information about the efforts undertaken by WebMaxy in this respect can be found on our CCPA commitment page.

Back to top

Contacting us #

I have a question that you haven’t answered here. How do I get in touch? #

We’re here to help! Reach out to us here.

Back to top

My organization has compliance requirements – how can I best reach you to discuss these? #

If you’d like to make a request relating to your specific or custom compliance requirements, reach out to us here.

Back to top

Adam Wilson #

Adam Wilson comes with an experience of 12+ years in the IT industry. As a Customer Success Manager, he has been researching and trying to understand the customers’ behavior in different scenarios. He has also studied human psychology to relate it to the purchase journey of the customers. His published books on customer psychology and behavior have received many honors and awards from various enterprises.

Copyright @ 2023 WebMaxy | All rights reserved.