Hence "reputable", because in the default configuration sensitive data is suppressed https://www.hotjar.com/updates/en/we...ure-recordings

That's beyond the scope of this post anyway - just wanted to make it known that (contrary to OP's proclamation) tools like these exist and can be used maliciously.