Security & privacy

The best data policy is not collecting it.

Session replay carries an obvious privacy question, so we designed around it: sensitive values are stripped in the browser, before anything is transmitted. What we never receive, we can never leak.

Masking at the source

Redaction happens on your users' machines.

Password and payment fields are masked by default — the SDK records that typing happened, never what was typed. Beyond the defaults, you can block any selector, mask any text and strip fields from request bodies before capture.

Blocked content doesn't reach our servers in any form. There is no “unmask” button, because there is nothing to unmask.

•••• •••• •••• ••••masked in browser
Layered controls

Protection for the data and the people around it.

Capture controls

Mask inputs and text, block DOM subtrees, redact request and response fields — all declared in SDK config and versioned with your code.

Encryption

TLS for every byte in transit, encryption at rest with managed keys. Session data is isolated per workspace.

Access management

Role-based workspace permissions, SAML SSO on the Business plan, and an audit log of who watched which session.

Infrastructure

Isolated production environments, least-privilege internal access, continuous monitoring and dependency scanning.

Data lifecycle

A short path, with checks at every step.

Capture rules run before transmission. Stored sessions inherit your workspace retention policy and can be deleted on demand — per session, per user, or wholesale.

Collect

The SDK records approved DOM changes, events and logs.

Redact

Privacy rules strip protected values inside the browser.

Transmit

Encrypted batches travel over TLS to your chosen region.

Expire

Data is deleted automatically when retention runs out.

Operations

The unglamorous parts, done properly.

Secure development

Mandatory code review, dependency scanning, separated staging and production environments.

Employee access

Least privilege by default, hardware-key authentication, quarterly access reviews.

Incident response

Documented runbooks, 24/7 alerting and a commitment to notify affected customers without delay.

Data requests

Deletion and export workflows for GDPR and CCPA requests, scoped to a user identifier.

Questions

Security review coming up? Send it our way.

We answer questionnaires without complaining (much).