Session Replay Privacy

Privacy by Default#

JustAnalytics Session Replay is built with a privacy-first approach. By default, all recordings use the mask-all privacy mode, which means:

• All text content is replaced with asterisks (*****)
• All images are replaced with gray placeholder boxes
• All form input values are hidden
• No personally identifiable information (PII) is captured
• Video and canvas elements are replaced with placeholders

This default ensures that even if you enable session replay without configuring privacy settings, no sensitive user data is recorded.

Privacy Modes#

mask-all (Default)#

The most restrictive mode. All visible content is masked. Reviewers can see page structure, layout, click positions, scroll behavior, and navigation flow -- but not what text was displayed or what users typed.

<script
  defer
  src="https://justanalytics.app/monitor.js"
  data-site-id="YOUR_SITE_ID"
  data-privacy-mode="mask-all"
></script>

What is visible in replays:

• Page layout and element positions
• Click locations and mouse movement paths
• Scroll depth and scroll behavior
• Navigation between pages
• Element sizes and colors (backgrounds, borders)
• Error indicators on the timeline

What is masked:

• All text (headings, paragraphs, labels, buttons text)
• All images (replaced with solid gray placeholders)
• Form input values
• Dynamic content
• SVG text elements

mask-user-input#

A balanced mode that masks only user-entered data while leaving static content visible. This allows reviewers to see the full page as the user saw it, but without exposing what users typed into forms.

<script
  defer
  src="https://justanalytics.app/monitor.js"
  data-site-id="YOUR_SITE_ID"
  data-privacy-mode="mask-user-input"
></script>

What is visible in replays:

• All static page content (headings, copy, labels)
• Images and media
• Button text and navigation labels
• Dynamic UI state changes

What is masked:

• <input> values (text, email, password, number, etc.)
• <textarea> content
• <select> selected values
• contenteditable element content
• Elements with [role="textbox"]

allow-all#

No automatic masking. Everything is recorded exactly as displayed to the user. Use this only on sites that do not collect personal information or when you have explicit user consent.

<script
  defer
  src="https://justanalytics.app/monitor.js"
  data-site-id="YOUR_SITE_ID"
  data-privacy-mode="allow-all"
></script>

Warning: Before using allow-all, ensure you have reviewed all pages for PII exposure and have appropriate legal consent mechanisms in place.

Element-Level Masking#

Override the global privacy mode on specific elements using HTML data attributes.

data-ja-mask#

Force an element and all its descendants to be masked, regardless of the global privacy mode:

<div class="user-profile" data-ja-mask>
  <img src="/avatars/user123.jpg" alt="Profile photo" />
  <h2>Jane Smith</h2>
  <p>jane.smith@example.com</p>
  <p>Account #: 4521-8834-2211</p>
</div>

This is useful in allow-all or mask-user-input modes to protect specific sections that contain sensitive data.

data-ja-unmask#

Allow an element and its descendants to be visible, even in mask-all mode:

<header data-ja-unmask>
  <nav>
    <a href="/">Home</a>
    <a href="/products">Products</a>
    <a href="/pricing">Pricing</a>
  </nav>
</header>

<main>
  <!-- This content remains masked in mask-all mode -->
  <h1>Welcome back, ****</h1>
  <p>***** ***** *****</p>
</main>

<footer data-ja-unmask>
  <p>Copyright 2026 Acme Inc.</p>
</footer>

Combining Attributes#

You can nest data-ja-mask and data-ja-unmask to create fine-grained control:

<div data-ja-unmask>
  <h2>Order Summary</h2>
  <p>Order #12345</p>

  <div data-ja-mask>
    <p>Shipping to: 123 Main St, Springfield, IL</p>
    <p>Card ending in: 4242</p>
  </div>

  <p>Total: $149.99</p>
</div>

In this example, the order number and total are visible, but the shipping address and card details are masked.

CSS Selector Configuration#

For complex masking rules that span multiple pages, use the JavaScript configuration object:

// Place BEFORE the monitor.js script tag
window.__JA_REPLAY_CONFIG = {
  maskSelectors: [
    '.pii-field',
    '.credit-card-number',
    '#social-security',
    '[data-sensitive]',
    '.user-email',
    '.phone-number',
    'table.customer-data td:nth-child(2)', // Mask second column
  ],
  unmaskSelectors: [
    '.page-title',
    '.breadcrumb',
    'nav.primary',
    '.product-name',
    '.price-display',
  ],
  maskAttributes: [
    'title',     // Mask title attributes (tooltips)
    'alt',       // Mask alt text on images
    'placeholder', // Mask placeholder text in inputs
  ],
};

<script>
  window.__JA_REPLAY_CONFIG = {
    maskSelectors: ['.pii-field', '[data-sensitive]'],
    unmaskSelectors: ['.page-title', 'nav'],
  };
</script>
<script
  defer
  src="https://justanalytics.app/monitor.js"
  data-site-id="YOUR_SITE_ID"
  data-privacy-mode="mask-user-input"
></script>

Network Body Sanitization#

When data-capture-network="true" is enabled, request and response bodies are captured for replay. Sensitive fields in network payloads are automatically sanitized.

Default Sanitized Fields#

The following field names are automatically redacted from network bodies:

• password, passwd, pass
• secret, token, apiKey, api_key
• authorization, auth
• ssn, social_security
• credit_card, card_number, cvv, cvc
• phone, email

Custom Sanitization Rules#

Add custom field names to sanitize:

window.__JA_REPLAY_CONFIG = {
  networkSanitizeFields: [
    'date_of_birth',
    'mothers_maiden_name',
    'drivers_license',
    'bank_account',
    'routing_number',
    'tax_id',
  ],
  networkSanitizeUrls: [
    /\/api\/auth\/.*/,     // Sanitize all auth endpoint bodies
    /\/api\/payments\/.*/,  // Sanitize all payment endpoint bodies
  ],
};

Disabling Network Body Capture#

To capture network timing without bodies:

window.__JA_REPLAY_CONFIG = {
  captureNetworkBodies: false, // Only capture URL, method, status, duration
};

PII Auto-Detection#

JustAnalytics includes automatic PII detection that scans DOM content and network payloads for common patterns. When PII is detected, it is automatically masked even if the element is not explicitly configured for masking.

Detected Patterns#

| Pattern | Example | Action | |---------|---------|--------| | Email addresses | user@example.com | Masked to ****@****.*** | | Phone numbers | (555) 123-4567 | Masked to (***) ***-**** | | Credit card numbers | 4111 1111 1111 1111 | Masked to **** **** **** **** | | Social Security numbers | 123-45-6789 | Masked to ***-**-**** | | IP addresses | 192.168.1.100 | Masked to ***.***.***.*** |

Configuring Auto-Detection#

window.__JA_REPLAY_CONFIG = {
  piiDetection: {
    enabled: true,        // Default: true
    detectEmails: true,
    detectPhones: true,
    detectCreditCards: true,
    detectSSN: true,
    detectIPs: false,     // Disable IP detection if not needed
    customPatterns: [
      {
        name: 'employee_id',
        pattern: /EMP-\d{6}/g,
        replacement: 'EMP-******',
      },
      {
        name: 'medical_record',
        pattern: /MRN-\d{8}/g,
        replacement: 'MRN-********',
      },
    ],
  },
};

GDPR Compliance#

To comply with GDPR when using session replay:

1. Inform Users#

Add session replay to your privacy policy. Explain what is recorded and why:

We use session replay technology to understand how users interact with our website.
This helps us identify usability issues and improve your experience. Replay recordings
capture page interactions (clicks, scrolls, navigation) but sensitive information
such as form inputs and personal data is automatically masked.

2. Obtain Consent#

Use your cookie consent banner to gate replay recording. Since replay is on by default, start with consent denied to disable it until the user consents:

<script
  defer
  src="https://justanalytics.app/monitor.js"
  data-site-id="YOUR_SITE_ID"
  data-consent="denied"
></script>

Then enable after the user grants consent:

// Called by your consent banner when the user accepts
function onConsentGranted() {
  JA.updateConsent('granted');
  // Replay recording starts automatically
}

3. Honor Data Deletion Requests#

When a user requests data deletion under GDPR Article 17, use the JustAnalytics API to delete their session data:

curl -X DELETE "https://justanalytics.app/api/v1/sessions?visitor_id=VISITOR_ID" \
  -H "Authorization: Bearer YOUR_API_KEY"

4. Data Retention#

Configure how long replay data is retained:

• Navigate to Settings > Data Retention in your dashboard
• Set the session replay retention period (default: 30 days)
• Replays older than the retention period are automatically purged

CCPA Compliance#

For California Consumer Privacy Act compliance:

1. Include session replay in your "Categories of Personal Information Collected" disclosure
2. Provide opt-out via your "Do Not Sell My Personal Information" page
3. Honor the browser's Global Privacy Control (GPC) signal:

// JustAnalytics automatically checks navigator.globalPrivacyControl
// If GPC is enabled, replay is disabled unless explicitly overridden

Compliance Checklist#

Use this checklist to ensure your session replay implementation meets privacy requirements:

• [ ] Privacy mode is set to mask-all or mask-user-input
• [ ] Sensitive sections are marked with data-ja-mask
• [ ] Network body sanitization covers all sensitive endpoints
• [ ] PII auto-detection is enabled
• [ ] Privacy policy mentions session replay
• [ ] Cookie consent banner gates replay activation
• [ ] Data retention period is configured
• [ ] Process exists for honoring deletion requests
• [ ] GPC/DNT signals are respected
• [ ] Internal team has reviewed sample replays for PII leaks

Next Steps#

• Session Replay Setup -- enabling and configuring replay
• Frustration Detection -- find sessions with UX issues
• Consent Mode -- full consent management integration