Managing GDPR and FullStory Session Replay
Product Updates · 4 min read

Managing GDPR and FullStory Session Replay

The FullStory Team
Posted May 09, 2018

FullStory serves up all your General Data Protection Regulation needs

Inbox a little more active lately? You've likely received a handful of emails in recent weeks talking about May 25th, a.k.a. the day the General Data Protection Regulation or "GDPR" goes into effect. We've shared much about what GDPR means FullStory session replay, generally, as well as the GDPR nitty gritty specifics (See also the FullStory GDPR FAQ).

What follows is an overview of what we've done to help you manage GDPR requirements and protect user privacy using FullStory.

Whaddya have?

Imagine you’re a fairly capable cook. You work the morning griddle at the local diner with elegance and grace. The spatula is a natural extension of your arm. Flapjacks are a breeze. Eggs sunny-side up is just as easy as a scramble. Abominable biscuit sandwiches are stacked and plated in a blink.

When we dug into designing and developing product enhancements for the GDPR we could have thought that meant imposing serious compromises and constraints on our software. We worried, continuing the metaphor, that would mean trying to deliver the same dishes while tying one arm behind our back, swapping our griddle for a hot-plate, our oven with a microwave.

The coming of the GDPR could have been viewed as an immense and bothersome challenge, but we flipped our expectations, like a slowly-goldening hot cake, and, instead, saw it as a delicious opportunity. We embraced the GDPR as an extension of the things we truly believe in like clarity and empathy.

We adopted the stance that the GDPR should apply to everyone, not just European humans. That decision was freeing. It immediately removed the onerous notion of supporting two geographically-sensitive use cases. A Denver omelet is still an omelet even if it’s only made with egg whites.

It was also a great chance to assess how we do things and why we do them. Perhaps we source more local ingredients, revisit our recipes, reupholster that one booth with the springs that jab you in the thigh.

What did we do, exactly? We hope you’re hungry. Grab your fork and knife and let’s dig in. Here’s a review of some of the new things we introduced to FullStory to help our users approach the GDPR and, more generally, user privacy.

CHECK PLEASE! The right to be forgotten

Ever wanted to delete your data in FullStory but found it overly cumbersome?

The GDPR gave us an opportunity to streamline our data deletion process, placing the focus on an individual’s data. Now FullStory users, with admin privileges, can entirely erase users from their account at the click of a button (with confirmation of course).

After a user is completely deleted, you’ll receive a discreet email, a receipt of sorts, to confirm that the appropriate action has been taken. If, like certain discerning salad-eaters, you prefer your dressing on the side, we also offer an API endpoint for deleting users.

... A LA MODE. Better exclusions and consent tools

While we’ve always offered the ability to exclude any element from recording, we concluded the general feeling of our UI for element exclusions was slapdash. It was just a textarea to dump CSS selectors. Like a long neglected deep-fryer, this part of our settings left some users intimidated and uncertain.

We also massively enhanced our excluded elements by allowing users to selectively record them based on user consent. Using the FS.consent API, you can now let FullStory know, with a little bit of code, whether or not to record any consent-sensitive parts of your webpages. It’s just another (powerful) topping in for your favorite dessert.

HOLD THE ONIONS! Keep user IP addresses out of FullStory (if you want to)

For our users who consider IP addresses to be personally identifiable information we now offer the ability to discard IP addresses from FullStory. We will hold the IP address while the session is cooking, but once it’s been served, ready to consume, the IP address will be in the virtual garbage can.

WE’RE OPEN (to improvements) 24 HOURS!

Metaphorically speaking, we want to make sure that bacon is crisped the way you like, the eggs are, in fact, just how you ordered them, and there are ice cubes in your juice (no questions on that one, we’ll just do it!).

The rigorous demands of GDPR may leave you feeling covered, smothered, chunked, and diced, but FullStory’s initial foray of feature functionality should leave you feeling just fine. And while the future under GDPR may still be murky, we’re confident we have a good menu of options in place to keep our users satisfied and, as always, we’ll be open to trying new things when they’re right for us and our users.

If you want to stay up on all things GDPR, be sure to subscribe to our GDPR email list.

The FullStory TeamContributor

About the author

Over the years, many FullStorians from many different departments have contributed their expertise and ideas to the blog. This blog's author is either a one-time contributor, or has since moved on to a new opportunity.

Return to top

Stay up to date with FullStory by signing up for our newsletter.