Skip to main content
Heap logo
Analytics Medium complexity

Heap

by Heap

Sets cookies
Yes
Sends PII
No
Cross-site tracking
No
Consent required
Analytics
Transfer mechanism
Standard Contractual Clauses
Cookies
_hp2_id.XXXXX_hp2_ses_props.XXXXX_hp2_props.XXXXX

Overview

Product analytics platform (acquired by Contentsquare in December 2023) that automatically captures all user interactions (clicks, form submissions, page views) without manual event instrumentation. Provides retroactive analysis, session replay, and funnel visualisation.

Detection Capabilities

Signature count
1
Detection methods
network

Performance Impact

Performance Impact

Script size
50 KB
Requests per page
1

Common Mistakes

  • 1 Relying on auto-capture without configuring suppression rules, inadvertently collecting sensitive form data
  • 2 Not reviewing captured data fields to identify unintended personal data collection
  • 3 Treating Heap as equivalent to explicitly instrumented analytics when its auto-capture collects significantly more data

Compliance Considerations

Auto-captures all user interactions by default, which means it collects more data than explicitly instrumented analytics tools. This broad data collection increases privacy risk — sensitive form field values, page content, and user inputs may be captured. Requires analytics consent at minimum. Configure data suppression rules for sensitive elements.

Related Services

Amplitude

Analytics

Med Amplitude

Product analytics and customer data platform. Tracks user behaviour events, builds behavioural cohorts, and provides funnel, retention, and journey analysis. Used by product teams for feature adoption analysis, experimentation, and data governance.

1 detection signature

Azure Application Insights

Analytics

High Azure Application Insights

Azure Application Insights is a performance monitoring and diagnostics service within Microsoft Azure Monitor that provides real user monitoring (RUM), application performance management (APM), and error tracking for web applications. Its JavaScript SDK collects browser-side telemetry including page load times, dependency call performance, unhandled exceptions, and user session data. Application Insights is widely deployed by enterprise organisations that use the Microsoft Azure cloud platform, particularly in financial services, healthcare, and public sector contexts. While primarily a development and operations tool, its client-side SDK collects data from end-user browsers that may constitute personal data under GDPR, placing it in scope for governance review.

3 detection signatures

Cloudflare Analytics

Analytics

Med Cloudflare Analytics

Privacy-focused web analytics from Cloudflare that measures page views and visitors without using client-side cookies or collecting personal data. Built into the Cloudflare network infrastructure, providing basic traffic metrics.

2 detection signatures

Contentsquare

Analytics

High Contentsquare

Contentsquare is a digital experience analytics platform that captures detailed user interaction data including clicks, scrolls, hovers, and session replays to provide insights into how visitors navigate websites and mobile apps. The platform uses zone-based heatmaps, journey analysis, and frustration scoring to identify UX issues and conversion bottlenecks. Following its acquisition of Hotjar in 2021, Contentsquare operates across both enterprise and SMB segments. Contentsquare's deep interaction capture makes it one of the most data-intensive analytics tags commonly deployed on regulated websites, and its ability to record detailed session behaviour requires careful governance to prevent inadvertent capture of sensitive personal data.

1 detection signature

Need help governing Heap?

Our governance diagnostic identifies compliance gaps across your entire tag estate.

Start your Governance Diagnostic