A few days ago, the University of Princeton published a study investigating the use of session replay tools. The study identified issues with many of our competitors' tools and was picked up by several news outlets, some more prominent than others.
What It All Means
This coverage stirred up debate and caused questions about the privacy implications of session replay technology. While we're happy that the study directed no criticism at Mouseflow, we'd like to address some of the concerns anyway:
We understand why being recorded might be worrying at first, but it's important to know that we enforce contractual and technical measures to ensure that no personal data ends up in our hands. For us, session replay is a tool that can show you anonymized users' interactions on your website. This is, of course, a great help in improving and optimizing a website.
On our side, we put in a great deal of effort to minimize any personal data that is accidentally recorded and to line up with local privacy regulations. As an example, we block all German websites from recording keystrokes, as it goes against the German privacy laws (BDSG). We also ensure that we never record sensitive information like passwords, credit card numbers, and the like - for any users. We even go as far as blocking all form fields which have more than 3 digits in them. Does this exclude too much data? Maybe, but we'd rather err on the side of caution than do too little.
Our efforts have been intensified recently due to the upcoming privacy legislation in Europe. The "General Data Privacy Regulation", also known as GDPR, introduces a lot of changes to how personal data is handled. We already covered GDPR in a few blog posts, and will continue to keep you updated on our efforts on our GDPR and Security pages.
To sum up: session replay and privacy aren't polar opposites - in fact, when done right, the two can co-exist peacefully.
Let us know your thoughts and contact us at firstname.lastname@example.org if you have any questions.