Session Replay Data Privacy

Session Replay Setup Checklist

After you have enabled session replay, go through the following list to ensure all your Heap settings are configured correctly.…

What privacy settings does Session Replay inherit from Heap?

The general security settings you have chosen for Heap (found by going to Security Settings) will be the first settings…

How do I prevent session replay from capturing certain data, such as passwords and credit card numbers?

If you decide to capture text inputs, by default we provide additional safeguards against capturing PII.  Passwords are not captured…

How do I block bot behavior from being captured in session replay?

Many of our customers run Heap on public-facing, content-rich sites, and robots can generate unwanted sessions. Heap blocks a list…

I accidentally captured PII in a session replay. What do I do?

The impacted sessions and associated PII can be manually purged by Heap.  Visit our Get support page and contact us to resolve…

Why can’t I see what users are typing into forms?

This is a privacy setting that is enabled by default to prevent you from accidentally collecting PII (Personal Identifiable Information).…

Are you recording my user’s screens?

No, a session replay is not a video recording of your end user’s entire screen.  A session replay combines user…

Do I need end user consent for session replay?

Your session replay tool is covered by your cookie disclosure and consent policy for analytics. If you have not done…

What does session replay capture?

What we capture Session replay captures a copy of your website, as well as the following user/behavioral events: Pageviews Clicks…

How long are session replays stored?

Heap session replays are stored for a period of 90 days by default. Any replay that is viewed (e.g. played…