You can sanitize what OpenReplay captures at both a global and/or granular level. Any obscured or ignored data will not be captured at the source. In other words, that data will never leave the user's browser.
We are constantly improving our privacy related features, so let us know if you need something that which we don't yet support.
Data can be sanitized at the tracker level, when setting up OpenReplay.
I'm using OpenReplay Script
1) Click on the Tracking Code of your Project under 'Preferences > Projects'. 2) The data recording options should appear right before the code snippet:
- Inputs: To ignore, obscure or record all your users' input values.
- Do not record any numeric text: To ignore numeric values contained in text elements.
- Do not record email addresses: By default, all emails contained in text elements are obscured and won't appear in the replays. You can disable that by unticking the box. 3) Changing data recording options impacts the code snippet. Make sure to copy/paste the updated script in your web app.
I'm using OpenReplay NPM
There are a set of privacy related options you can pass to the constructor:
obscureTextEmails?: booleanObscure emails in text elements. Emails will be converted to a random chain of asterisks. Default: true.
obscureTextNumbers?: booleanObscure numbers in text elements. Numbers will be converted to a random chain of asterisks. Default: false.
obscureInputEmails?: booleanObscure emails in input fields. Email values will be converted to a random chain of asterisks. Default: true.
defaultInputMode?: 0 | 1 | 2Default capture mode for input values. Respectively: plain, obscured or ignored. Default: 0 (plain).
Sanitized text, email and numbers are obscured or suppressed before sending the data to OpenReplay servers. Therefore, changes applied to the above options cannot be retroactive and will only apply to newly collected data.
You can also sanitize your data at the code level for better granularity. This is useful for obscuring or ignoring DOM elements and input fields.
data-openreplay-obscured (mask the value) or
data-openreplay-hidden (completely ignore) HTML attributes on any input tag.
<form action="/action_page.php">First name: <input type="text" name="fname" data-openreplay-obscured><br>Last name: <input type="text" name="lname" data-openreplay-hidden><br><input type="submit" value="Submit"></form>
Obscuring any UI component/part using the
data-openreplay-masked HTML attribute (see example below).
<div style="background-color:lightblue" data-openreplay-masked><h3>This is a sensitive information</h3><p>This is an important paragraph.</p></div>
Excluded DOM elements, as well as their children, will be sanitized at the tracker level and therefore won't be visible in the session replays. In the below example, we masked user events so they won't appear in our session recordings.