For many enterprises, data privacy, security, and protecting personally identifiable information (PII) are more pressing concerns than ever before. Since the potential for legal exposure varies from jurisdiction to jurisdiction and specific business needs vary considerably, there is no one-size-fits-all solution.
Enterprises are evaluating digital analytics and session replay solutions that meet their data privacy requirements. By building a privacy-first Session Replay solution into the Amplitude platform, we’re meeting customers where they are.
Session Replay powered by Amplitude enables teams to unlock value faster while giving customers peace of mind with built-in privacy and compliance capabilities. Our latest updates reinforce our commitment to being a privacy-first solution with out-of-the-box privacy settings that fit your use case.
Introducing default privacy settings for Session Replay
We believe that managing your data privacy should be seamless—not an annoying afterthought. That's why we're introducing new out-of-the-box ways to manage your data privacy. With three new turn-key settings, Amplitude Session Replay enables you to specify the data you want displayed during a replay and implement your privacy settings with just a few clicks.
These privacy settings are flexible, so you can adhere to your company’s legal and security requirements no matter what they are. Once they’re set, you’ll have peace of mind knowing nothing will inadvertently fall through the cracks.
Amplitude Session Replay’s privacy settings
Three privacy levels in Session Replay
Amplitude Session Replay delivers three levels of privacy settings to fit your specific privacy needs—with the option to implement custom overrides where needed.
Customers can access these out-of-the-box settings and safeguard sensitive data such as PII or financial information in just a few clicks. This helps admins control the way customer data and activity are displayed in replays.
Let's see how these three settings work in action.
1. Conservative level of privacy
This option is for companies that retain large amounts of sensitive customer data. Selecting this choice will mask all text and all form fields, including HTML text, user input, and links.
If your company is in an industry where the accidental release of sensitive user data could have serious repercussions, this option is your best choice. Or if your legal team wants to ensure no customer data is inadvertently displayed to your team when watching replays, this is the privacy level for you.
Companies in the following sectors should consider adopting a conservative approach:
- Customer relationship management systems
- Online betting companies
- Financial services firms
- Healthcare businesses
2. Medium level of privacy
This is the default privacy setting for Session Replay. This setting will mask all form fields and text inputs, but capture all other text.
If you want to ensure any text your users type into your app is masked in replays—search terms, form fields like a delivery address, or even general text—this is the privacy level for you.
To learn more about these default privacy settings, check out our help documentation.
3. Light level of privacy
This option is for companies that retain very little sensitive customer data. These companies typically aren’t worried about the text users type into their app, want to get up and running quickly, and want to selectively choose relevant fields to mask.
By selecting this level, you will only mask a subset of sensitive inputs, such as passwords, credit card numbers, telephone numbers, or email addresses. No other text your users type—search terms, form fields, general text—will be masked in the replay.
Companies that might choose this option include business productivity apps and ecommerce companies.
Regardless of which level you choose, we also offer the ability to add custom masking overrides using CSS selectors to mask, unmask, or exclude specific elements in a targeted way.
More control over your Session Replay data
As a natively-built solution on the Amplitude platform, Session Replay empowers teams with additional data controls to manage replay data.
Session Replay uses Amplitude's User Privacy API to handle deletion requests. Successful deletion requests remove all session replays for the specified user. Our DSAR API returns metadata about replays and provides information about the user sessions collected, including all metadata captured with each event.
Session Replay also offers the ability to disable replay collections if you don’t want replays to capture a user navigating to a restricted area of your site, or if you want to exclude replays for users based on criteria like location.
These data controls help you meet compliance obligations as you bring Session Replay data into Amplitude and decide how to maintain that data. By default, Amplitude retains raw replay data for 30 days from the date of ingestion. You can also purchase extra session volume to retain raw replay data for 90 days.
Wherever your organization sits along the privacy and compliance spectrum, we meet you where you are so you can deliver better digital experiences with peace of mind because your data is protected.
Session Replay: built on trust
Privacy and trust shouldn’t get in the way of better understanding your customers. With Session Replay, we make compliance easy and seamless, giving you the flexibility to address your organization’s privacy needs. As a privacy-first solution in the digital analytics and session replay space, we help you stay in complete control of how your data is used.
Amplitude is committed to meeting your enterprise privacy and security needs so you can unlock the power of your data without compromise. Get started with our privacy-first Session Replay solution.
