Capture controls
Mask inputs and text, block DOM subtrees, redact request and response fields — all declared in SDK config and versioned with your code.
Session replay carries an obvious privacy question, so we designed around it: sensitive values are stripped in the browser, before anything is transmitted. What we never receive, we can never leak.
Password and payment fields are masked by default — the SDK records that typing happened, never what was typed. Beyond the defaults, you can block any selector, mask any text and strip fields from request bodies before capture.
Blocked content doesn't reach our servers in any form. There is no “unmask” button, because there is nothing to unmask.
Mask inputs and text, block DOM subtrees, redact request and response fields — all declared in SDK config and versioned with your code.
TLS for every byte in transit, encryption at rest with managed keys. Session data is isolated per workspace.
Role-based workspace permissions, SAML SSO on the Business plan, and an audit log of who watched which session.
Isolated production environments, least-privilege internal access, continuous monitoring and dependency scanning.
Capture rules run before transmission. Stored sessions inherit your workspace retention policy and can be deleted on demand — per session, per user, or wholesale.
The SDK records approved DOM changes, events and logs.
Privacy rules strip protected values inside the browser.
Encrypted batches travel over TLS to your chosen region.
Data is deleted automatically when retention runs out.
Mandatory code review, dependency scanning, separated staging and production environments.
Least privilege by default, hardware-key authentication, quarterly access reviews.
Documented runbooks, 24/7 alerting and a commitment to notify affected customers without delay.
Deletion and export workflows for GDPR and CCPA requests, scoped to a user identifier.
We answer questionnaires without complaining (much).