Session Recording Privacy
Session Recording provides privacy controls to ensure customers of any scale do not expose sensitive or personal information.
Privacy controls are provided to protect end user privacy & prevent from sensitive data being collected ensuring confidentiality by masking sensitive elements from being recorded through RUM browser SDK.
When data is masked, the data is not collected in its original form by Middleware SDK & thus prevents data being sent to the Middleware backend.
Configuration
Mask Sensitive Inputs
By default, Middleware will obfuscate all inputs and any text that matches commonly used Regex expressions of personally identifiable information. This offers a base level protection from recording info such as addresses, phone numbers, social security numbers, and more. It will not obfuscate any images or media content. It is possible that other, non PII text is obfuscated if it matches the expressions for larger number, or contact information on the site.
Email: '[a-zA-Z0-9.!#$%&'*+=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*'
SSN: '[0-9]{3}-?[0-9]{2}-?[0-9]{4}'
Phone number: '[+]?[(]?[0-9]{3}[)]?[-\s.]?[0-9]{3}[-\s.]?[0-9]{4,6}'
Credit card: '[0-9]{4}-?[0-9]{4}-?[0-9]{4}-?[0-9]{4}'
Unformatted SSN, phone number, credit card: '[0-9]{9,16}'
Address: '[0-9]{1,5}.?[0-9]{0,3}\s[a-zA-Z]{2,30}\s[a-zA-Z]{2,15}'
IP address: '(?:[0-9]{1,3}.){3}[0-9]{1,3}'However, masking of sensitive inputs can be disabled from installation page. We don't recommend disabling masking of sensitive inputs as it can expose crucial information in session recordings.
Mask All Inputs
When maskAllInputs is set to true, form fields such as inputs, text areas, select, password, number, checkbox values, etc are masked while recording replacing inputs with asterisks (***).
recordingOptions: {
maskAllInputs: true,
}
Masked data is not stored on Middleware servers.
Mask All
To mask all text use the maskTextSelector parameter in combination with maskAllInputs. This will mask all HTML texts, inputs, labels, paragraphs, spans, links, etc. with the provided character.
recordingOptions: {
maskTextSelector: "*",
maskAllInputs: true,
}
Mask None
Records everything unmasked.
recordingOptions: {
maskAllInputs: false,
}
Privacy options
| Key | Default | Description |
|---|---|---|
| blockClass | 'mw-block' | Use a string or RegExp to configure which elements should be blocked. |
| blockSelector | null | Use a string to configure which selector should be blocked. |
| ignoreClass | 'mw-ignore' | Use a string or RegExp to configure which elements should be ignored. |
| ignoreSelector | null | Use a string to configure which selector should be ignored. |
| ignoreCSSAttributes | null | Array of CSS attributes that should be ignored. |
| maskTextClass | 'mw-mask' | Use a string or RegExp to configure which elements should be masked. |
| maskTextSelector | null | Use a string to configure which selector should be masked. |
| maskSensitiveInputs | true | Mask sensitive information like email, credit card number, phone number, address, SSN number & IP address. |
| maskAllInputs | false | Mask all input content as *. |
| maskInputOptions | { password: true } | Mask some kinds of input - color, date, datetime-local, email, month, number, range, search, tel, text, time, url, week, textarea, select, password. |
| maskInputFn | - | Customize mask input content recording logic. |
| maskTextFn | - | Customize mask text content recording logic. |