FullStory, GDPR, and You

What should you know when a website uses FullStory?

Meet FullStory

Thousands of companies use FullStory every day to see their websites through their users’ eyes. FullStory’s session replay and analytics capabilities help web teams troubleshoot bugs, support their customers, and build better experiences. To learn more about FullStory, visit our home page.

What information is recorded?

A website using FullStory may be recording any of the following information:

Usage Patterns Tech Specs Navigation Personal Info
  • Clicks
  • Mouse movements
  • Scrolling
  • Typing (except sensitive information1)
  • Browser
  • Device type
  • Operating system
  • Viewfinder size
  • Script errors
  • IP address2
  • Pages visited
  • Referrers
  • URL parameters
  • Session duration

Data controllers may only send this data with consent or legal basis.

  • Display name
  • Email address
  • App-specific data3
Usage patterns illuminate areas of a website that are confusing or underused, allowing web designers to improve their customer experience and build better features. Bugs and errors are often particular to a specific web browser or device type. This information helps developers build and ship fixes faster. Knowing the most popular pages and sources of referral traffic help product managers and marketers improve the quality of content and advertising. Account information helps web teams understand your unique experience and troubleshoot any problems you may be having.
1 Passwords, payment information, and Social Security numbers are excluded by default from being recorded. FullStory does not allow its customers to record these sensitive data under any circumstances according to its Acceptable Use Policy.
2 FullStory provides an option to actively discard IP data. Whether to use this feature is up to the discretion of individual data controllers according to their interpretation of the GDPR.
3 Websites using FullStory choose how much, if any, of their own app’s unique customer data to store in FullStory.

Does FullStory use this information for its own purposes?

Absolutely not! FullStory hosts data as part of the service it provides to its customers, but doesn’t make any claim to said data, similar to the way a bank provides safe deposit boxes. Websites using FullStory have sole ownership of and access to recorded data.

What rights do I have regarding my information?

Under the GDPR, you have strong rights related to the use of your data, including things like...

  • knowing what information is being recorded and how it will be used
  • accessing and viewing the information
  • having your information erased
  • correcting the information about you
  • getting a copy of the information for yourself
  • restricting specific uses or stopping altogether the usage of your information

To invoke these rights, you'll need to contact the website recording the data (“data controller”) and passing it into FullStory. As mentioned earlier, FullStory is like a bank offering safe deposit boxes: just as a bank wouldn't access to remove the contents of a customer's safe deposit box, FullStory wouldn't access or delete data in one of its customers’ accounts which could contain your data. However, FullStory provides a suite of tools to help web teams honor the requests of EU citizens under the GDPR, so they should be well-positioned to fulfill your requests.