Last updated November 2020
What should you know when a website or native mobile application uses FullStory?
Thousands of companies use FullStory every day to see their websites and native mobile applications through their users’ eyes. FullStory’s session replay and analytics capabilities help web teams troubleshoot bugs, support their customers, and build better experiences. To learn more about FullStory, visit our home page.
What information is recorded?
A website or app using FullStory may be recording any of the following information:
Typing (except sensitive information*)
Usage patterns illuminate areas of a website or app that are confusing or underused, allowing web designers to improve their customer experience and build better features.
*Passwords, payment information, and Social Security numbers are excluded by default from being recorded. FullStory does not allow its customers to record these sensitive data under any circumstances according to its Acceptable Use Policy.
Bugs and errors are often particular to a specific web browser or device type. This information helps developers build and ship fixes faster.
**FullStory provides an option to actively discard IP data. Whether to use this feature is up to the discretion of individual data controllers according to their interpretation of the GDPR and its application to their business.
Knowing the most popular pages and sources of referral traffic help product managers and marketers improve the quality of content and advertising.
Data controllers may only send this data with consent or legal basis.
Account information helps web teams understand your unique experience and troubleshoot any problems you may be having.
***Websites using FullStory choose how much, if any, of their own app’s unique customer data to store in FullStory.
Does FullStory use this information for its own purposes?
Absolutely not! FullStory hosts data as part of the service it provides to its customers, but doesn’t make any claim to said data, similar to the way a bank provides safe deposit boxes. Websites using FullStory have sole ownership of and access to recorded data.
What rights do I have regarding my information?
Under the GDPR, you have strong rights related to the use of your data, including things like...
knowing what information is being recorded and how it will be used
accessing and viewing the information
having your information erased
correcting the information about you
getting a copy of the information for yourself
restricting specific uses or stopping altogether the usage of your information
To invoke these rights, you'll need to contact the website recording the data (“data controller”) and passing it into FullStory. As mentioned earlier, FullStory is like a bank offering safe deposit boxes: just as a bank wouldn't access to remove the contents of a customer's safe deposit box, FullStory wouldn't access or delete data in one of its customers’ accounts which could contain your data.
However, FullStory provides a suite of tools to help web teams honor the requests of EU citizens under the GDPR, so they should be well-positioned to fulfill your requests.