Updated May 2021
FullStory serves up all your General Data Protection Regulation needs
Here’s what we implemented to help you manage GDPR requirements and protect user privacy using FullStory.
The right to be forgotten
Ever wanted to delete your data in FullStory but found it overly cumbersome?
GDPR gave us an opportunity to streamline our data deletion process, placing the focus on an individual’s data. Now FullStory users with admin permissions can entirely erase users from their account at the click of a button (with confirmation, of course).
After a user is completely deleted, you’ll receive a discreet email, a receipt of sorts, to confirm that the appropriate action has been taken. We also offer an API endpoint for deleting users.
Better exclusions and consent tools
While we’ve always offered the ability to exclude any element from recording, we concluded the general feeling of our UI for element exclusions was slapdash. It was just a textarea to dump CSS selectors that left some users intimidated and uncertain.
We also massively enhanced our excluded elements by allowing users to selectively record them based on user consent. Using the FS.consent API, you can now let FullStory know, with a little bit of code, whether or not to record any consent-sensitive parts of your webpages.
Keep user IP addresses out of FullStory (if you want to)
For our users who consider IP addresses to be personally identifiable information, we now offer the ability to discard IP addresses from FullStory. We will hold the IP address while the session is cooking, but once it’s been served, ready to consume, the IP address will be in the virtual garbage can.
The rigorous demands of GDPR may feel complicated, but FullStory’s foray of feature functionality should leave you feeling just fine. And while the future under GDPR may still be murky, we’re confident we have good options in place to keep our users satisfied and, as always, we’ll be open to trying new things when they’re right for us and our users.