Session replay is an add-on feature for paying customers only. You may try the feature for free for 14 days or 10,000 sessions (whichever comes first), after which you must contact Sales to continue use.
If you decide to capture text inputs, by default we provide additional safeguards against capturing PII.
Passwords are not captured as long as the password fields have been tagged appropriately (as password type inputs) in the DOM (e.g. <input type="password">).
Heap has a set of rules to automatically avoid capturing credit card numbers:
- Any inputs that have an
idornameattribute included in the list below are considered credit card inputs and will not be captured. The matching logic is case insensitive and will ignore ‘-‘ or ‘_’.‘cc’,’creditcard’, ‘ccnum’, ‘ccname’, ‘ccnumber’, ‘ccexpiry’, ‘ccexp’, ‘ccexpmonth’, ‘ccexpyear’, ‘cccvc’, ‘cccvv’, ‘cctype’, ‘cvc’, ‘cvv’, ‘cccid’, ‘expiration’,’paymentnumberinput’, ‘securitycodeinput’,'ssn'
- Any input where a user enters 9 or more consecutive digits is considered potential SSN or credit card information and will not be captured.