Overview
Removing users from Hotjar is an essential part of access management and security hygiene. Whether a team member has left the organization, a contractor's project has ended, or you're conducting a security audit, knowing how to properly revoke access ensures your data remains secure.
This guide covers:
- When and why to remove users
- How to remove organization-level and site-level access
- What happens to user data after removal
- Best practices for offboarding
When to Remove Users
Common Scenarios
Employee Departure:
- Team member left the company
- Resignation or termination
- Immediate removal required
Role Change:
- User no longer needs Hotjar access
- Switching to different team or department
- Access to other tools instead
Contractor/Consultant Completion:
- Project finished
- Contract expired
- Temporary access no longer needed
Security & Compliance:
- Quarterly access audit identifies inactive users
- User hasn't logged in for extended period (90+ days)
- Over-privileged access needs reduction
Client Relationship End:
- Agency-client engagement concluded
- No longer working with client
- Remove client's Viewer access
Duplicate Accounts:
- User accidentally created multiple accounts
- Clean up redundant access
Prerequisites
To remove users, you must have:
- Organization Owner or Admin role (to remove org-level users)
- Site Admin role (to remove site-level users)
Important: You cannot remove users with higher privileges than yourself. Only Owners can remove other Owners.
Removing Organization-Level Users
Step 1: Navigate to Organization Settings
- Log in to Hotjar
- Click your profile icon (top right)
- Select Organization settings
- Go to the Team tab
Step 2: Find the User
- Scroll through the user list or use the search function
- Locate the user you want to remove
Step 3: Remove the User
- Click the three-dot menu (⋮) next to the user's name
- Select Remove from organization
- Confirm the removal in the popup dialog
- Click Remove
Step 4: Verify Removal
- User should disappear from the team list immediately
- User loses access to all sites in the organization
- User can no longer log in to view organization data
Step 5: Post-Removal Actions
- Notify relevant team members of the removal
- Transfer ownership of any recordings/surveys created by the user (if needed)
- Document the removal in your access log
- Ensure any shared links or exports are reviewed
Removing Site-Level Users
Step 1: Navigate to Site Settings
- Log in to Hotjar
- Click Sites & Organizations (top navigation)
- Select the site where you want to remove access
- Click Settings (gear icon)
- Go to the Team tab
Step 2: Find the User
- Scroll through or search for the user
- Locate the user you want to remove
Step 3: Remove the User
- Click the three-dot menu (⋮) next to the user's name
- Select Remove from site
- Confirm the removal
- Click Remove
Step 4: Verify Removal
- User disappears from site team list
- User loses access to this specific site
- User retains access to other sites (if applicable)
Note: Removing a user from a site does NOT remove them from the organization. If they have organization-level access, they'll still see all sites.
What Happens After Removal
Immediate Effects
User Access:
- User can no longer log in to view organization/site data
- Active sessions are terminated (may require re-login to take effect)
- User receives email notification of access removal (optional, configurable)
User Data:
- Recordings created by the user remain in Hotjar
- Surveys created by the user remain active
- Heatmaps and insights persist
- User's name appears as "Removed User" in activity logs
Data Retention
Recordings & Surveys:
- All recordings and surveys created by removed users remain in your account
- They are NOT automatically deleted
- Other team members can still access and manage them
Activity Logs:
- Historical actions by the removed user stay in logs
- Useful for auditing and compliance
- User is marked as "Removed User" in logs
Comments & Notes:
- Comments left on recordings remain visible
- Attributed to the removed user's name (or "Removed User")
No Data Loss
Removing a user does not delete:
- Recordings they created
- Surveys they configured
- Heatmaps they generated
- Feedback they collected
All insights remain accessible to other team members.
Bulk User Removal
For large-scale offboarding (e.g., reorganization, contractor end-of-project):
Manual Bulk Process
Create a removal list:
- User name
- Reason for removal
- Removal date
Prioritize:
- Start with highest-privilege users (Admins)
- Then Users, then Viewers
- Critical/sensitive sites first
Remove systematically:
- Organization-level removals first
- Then site-level removals
- Check off each completed removal
Verify:
- Spot-check that users can't access
- Review team lists for accuracy
Document:
- Log all removals with timestamps
- Note business reason for removal
Enterprise Options
Enterprise plans may support:
Contact Hotjar support to explore options.
Best Practices for Removing Users
Do:
Remove access immediately upon departure
- Don't wait until end of day or week
- Revoke access as soon as employment/contract ends
Follow a checklist
- Ensure all access points are covered
- Organization-level AND site-level
- Don't miss secondary sites
Document the removal
- Record who was removed, when, and why
- Useful for audits and compliance
- Helps avoid re-adding accidentally
Transfer ownership of critical items
- Reassign important recordings/surveys to active team members
- Ensure continuity of ongoing projects
Notify relevant stakeholders
- Let team know user no longer has access
- Update any documentation or workflows that reference the user
Review periodically
- Monthly: Remove users who haven't logged in for 90+ days
- Quarterly: Full team access audit
Don't:
Delay removal "until they log out"
- Access should be removed immediately
- Users can remain logged in for hours
Forget to remove from all sites
- User might have organization AND site-specific access
- Check both levels
Delete recordings/surveys created by the user
- Unless there's a specific reason, preserve insights
- Data belongs to the organization, not the individual
Remove without documentation
- Always log who removed whom and why
- Essential for compliance and auditing
Remove Organization Owners accidentally
- Ensure at least one Owner remains
- Owners can only be removed by other Owners
Special Scenarios
Removing the Last Organization Owner
Problem: You can't remove the last Owner (Hotjar prevents this for security)
Solution:
- Promote another user to Owner first
- Then remove the outgoing Owner
- Ensure new Owner understands their responsibilities
Transferring Content Before Removal
If the user created valuable recordings, surveys, or dashboards:
Option 1: Keep as-is
- Content remains in account
- Attributed to removed user
- Other team members can still access
Option 2: Duplicate/Clone
- Create copies under active user's account
- Useful for long-term ownership clarity
Option 3: Export and Document
- Export key recordings or survey data
- Store in internal knowledge base
- Link to Hotjar insights in documentation
Removing a User Who Created Integrations
If the user set up integrations (Slack, HubSpot, etc.):
Before removal:
- Review integrations the user configured
- Determine if they're linked to user's account
- Re-configure under a team account or service account if needed
After removal:
- Test integrations still work
- Update credentials if necessary
Handling Pending Invitations
If you invited someone but need to revoke before they accept:
- Go to Organization or Site Settings > Team
- Find user in Pending Invitations section
- Click Cancel Invitation
- User can no longer accept the invitation link
Security & Compliance
Immediate Removal Protocol
For security incidents or immediate departures:
Remove access first, ask questions later
- Protect data over procedure
- Can always re-add if mistake
Notify security team
- Log the removal
- Document reason
Review recent activity
- Check what user accessed recently
- Look for suspicious behavior
- Review exports or shares
Reset any shared credentials
- If user had access to API keys, reset them
- Change shared passwords (if any existed)
GDPR/CCPA Considerations
Right to be Forgotten:
- Removing a user from Hotjar doesn't delete their personal data from recordings
- If a data subject requests deletion:
- Remove them from team access
- Contact Hotjar support to delete any recordings containing their data
- Document compliance with request
Data Processing Agreements:
- Ensure removed users can't access data they shouldn't retain
- Remind departing users of confidentiality obligations
- Verify no data was exported improperly
Audit Trail
Track all removals:
- Go to Organization settings > Activity Log
- View history of user removals
- Export for compliance documentation (if available)
Internal documentation:
- Maintain spreadsheet or log of all access removals
- Include: name, email, removal date, removed by, reason
Offboarding Checklist
Use this checklist when removing users:
Before Removal:
- Confirm user should be removed (verify with manager)
- Identify all sites/orgs user has access to
- Review and transfer ownership of critical content
- Document reason for removal
- Notify relevant team members
During Removal:
- Remove organization-level access (if applicable)
- Remove site-level access from all sites
- Cancel any pending invitations
- Verify user appears as removed in team list
After Removal:
- Verify user can no longer log in
- Test that integrations still work (if user configured any)
- Update internal documentation
- Log removal in audit trail
- Set reminder to review team access in 90 days
For Contractors/Clients:
- Send final summary of insights (if applicable)
- Thank them for collaboration
- Archive any project-specific recordings
- Update client database/CRM
Troubleshooting
Can't Remove a User
Possible Causes:
- You don't have permission to remove that user
- User has higher privileges than you
- User is the last Organization Owner
Solutions:
- Verify you have Admin or Owner role
- Ask an Owner to remove the user
- If removing last Owner, promote another user first
User Still Has Access After Removal
Possible Causes:
- User has multiple accounts with different emails
- User has access via another organization
- Browser session still active (cached)
Solutions:
- Check if user has alternative email accounts
- Verify they're not accessing via different organization
- Ask user to log out and log back in
- Wait for session timeout (usually 24 hours)
Removed User's Content Disappeared
Possible Causes:
- Content was accidentally deleted separately
- User deleted content before being removed
- Viewing wrong site/organization
Solutions:
- Check trash/archived items (if feature exists)
- Verify you're on the correct site
- Contact Hotjar support for data recovery (if recent)
Need to Re-Add Removed User
Process:
- Follow standard Add User Access process
- Re-invite with email address
- User may need to create new password
- Previous content remains but not automatically linked to new account
Emergency Removal
For immediate security concerns:
Critical situations:
- Account compromise suspected
- Disgruntled employee with access
- Legal requirement to revoke access
Immediate actions:
- Remove user access IMMEDIATELY
- Notify organization Owner and security team
- Review user's recent activity in Hotjar
- Check for suspicious exports or shares
- Reset any shared credentials or API keys
- Document incident for compliance
- Consider contacting Hotjar support for assistance
Post-Removal Review
After removing users, conduct a review:
Weekly:
- Verify removed users can't access
- Check for any issues from removal
Monthly:
- Review list of recent removals
- Ensure documentation is complete
- Identify patterns (e.g., high contractor turnover)
Quarterly:
- Full team access audit
- Remove inactive users (90+ days no login)
- Verify all current users still need access
Related Guides:
- Add User Access - Invite new team members
- Update Access - Change user roles
- User Management Overview - Understand roles and permissions
Additional Resources: