Building a Privacy-first Session Replay with Amplitude

Learn how Amplitude is enhancing Session Replay to meet customers’ privacy needs.

Inside Amplitude
June 17, 2024
Katie Barnett headshot
Katie Barnett
Director, Product Management, Amplitude
Session Replay privacy

For many enterprises, data privacy, security, and protecting personally identifiable information (PII) are more pressing concerns than ever before. Since the potential for legal exposure varies from jurisdiction to jurisdiction and specific business needs vary considerably, there is no one-size-fits-all solution.

Enterprises are evaluating digital analytics and session replay solutions that meet their data privacy requirements. By building a privacy-first Session Replay solution into the Amplitude platform, we’re meeting customers where they are.

Session Replay powered by Amplitude enables teams to unlock value faster while giving customers peace of mind with built-in privacy and compliance capabilities. Our latest updates reinforce our commitment to being a privacy-first solution with out-of-the-box privacy settings that fit your use case.

Introducing default privacy settings for Session Replay

We believe that managing your data privacy should be seamless—not an annoying afterthought. That's why we're introducing new out-of-the-box ways to manage your data privacy. With three new turn-key settings, Amplitude Session Replay enables you to specify the data you want displayed during a replay and implement your privacy settings with just a few clicks.

These privacy settings are flexible, so you can adhere to your company’s legal and security requirements no matter what they are. Once they’re set, you’ll have peace of mind knowing nothing will inadvertently fall through the cracks.

Amplitude Session Replay’s privacy settings

Amplitude Session Replay’s privacy settings

Three privacy levels in Session Replay

Amplitude Session Replay delivers three levels of privacy settings to fit your specific privacy needs—with the option to implement custom overrides where needed.

Customers can access these out-of-the-box settings and safeguard sensitive data such as PII or financial information in just a few clicks. This helps admins control the way customer data and activity are displayed in replays.

Let's see how these three settings work in action.

1. Conservative level of privacy

This option is for companies that retain large amounts of sensitive customer data. Selecting this choice will mask all text and all form fields, including HTML text, user input, and links.

Session Replay privacy settings

If your company is in an industry where the accidental release of sensitive user data could have serious repercussions, this option is your best choice. Or if your legal team wants to ensure no customer data is inadvertently displayed to your team when watching replays, this is the privacy level for you.

Companies in the following sectors should consider adopting a conservative approach:

  • Customer relationship management systems
  • Online betting companies
  • Financial services firms
  • Healthcare businesses

2. Medium level of privacy

This is the default privacy setting for Session Replay. This setting will mask all form fields and text inputs, but capture all other text.

Session Replay privacy settings

If you want to ensure any text your users type into your app is masked in replays—search terms, form fields like a delivery address, or even general text—this is the privacy level for you.

To learn more about these default privacy settings, check out our help documentation.

3. Light level of privacy

This option is for companies that retain very little sensitive customer data. These companies typically aren’t worried about the text users type into their app, want to get up and running quickly, and want to selectively choose relevant fields to mask.

Session Replay privacy setting

By selecting this level, you will only mask a subset of sensitive inputs, such as passwords, credit card numbers, telephone numbers, or email addresses. No other text your users type—search terms, form fields, general text—will be masked in the replay.

Companies that might choose this option include business productivity apps and ecommerce companies.

Regardless of which level you choose, we also offer the ability to add custom masking overrides using CSS selectors to mask, unmask, or exclude specific elements in a targeted way.

More control over your Session Replay data

As a natively-built solution on the Amplitude platform, Session Replay empowers teams with additional data controls to manage replay data.

Session Replay uses Amplitude's User Privacy API to handle deletion requests. Successful deletion requests remove all session replays for the specified user. Our DSAR API returns metadata about replays and provides information about the user sessions collected, including all metadata captured with each event.

Session Replay also offers the ability to disable replay collections if you don’t want replays to capture a user navigating to a restricted area of your site, or if you want to exclude replays for users based on criteria like location.

These data controls help you meet compliance obligations as you bring Session Replay data into Amplitude and decide how to maintain that data. By default, Amplitude retains raw replay data for 30 days from the date of ingestion. You can also purchase extra session volume to retain raw replay data for 90 days.

Wherever your organization sits along the privacy and compliance spectrum, we meet you where you are so you can deliver better digital experiences with peace of mind because your data is protected.

Session Replay: built on trust

Privacy and trust shouldn’t get in the way of better understanding your customers. With Session Replay, we make compliance easy and seamless, giving you the flexibility to address your organization’s privacy needs. As a privacy-first solution in the digital analytics and session replay space, we help you stay in complete control of how your data is used.

Amplitude is committed to meeting your enterprise privacy and security needs so you can unlock the power of your data without compromise. Get started with our privacy-first Session Replay solution.

About the Author
Katie Barnett headshot
Katie Barnett
Director, Product Management, Amplitude
Katie is a director of product management at Amplitude. She's focused on helping customers use Amplitude to gain user insights to build better products and drive business growth. Previously, she was a staff product manager at Gladly and a senior product manager at AppNexus. She's also worked in strategy & business development at Bloomberg and investment banking at Goldman Sachs.