Skip to main content
Session Replay is designed with privacy as a core principle. By default, sensitive data is masked to protect your users.

Default Privacy Protections

Out of the box, Proliferate:
  • Masks all input values: Form fields show ••••• instead of actual values
  • Only sends on error: Replay data is never transmitted unless an error occurs
  • Stores locally first: Data stays in the browser until needed

Input Masking

All form inputs are masked by default: 
<!-- User types "[email protected]" -->
<input type="email" value="[email protected]" />

<!-- Recorded as -->
<input type="email" value="••••••••••••••••" />
This applies to:
  • <input> fields (text, email, password, etc.)
  • <textarea> elements
  • <select> dropdowns (value is masked, not options)
  • Contenteditable elements
Password fields receive extra protection and are always masked, regardless of other settings.

CSS Class-Based Controls

Use CSS classes to control privacy on specific elements:

Block Elements Entirely

Elements with the blockClass are completely excluded from recording: 
<!-- This entire component is excluded -->
<div class="no-capture">
  <h2>Payment Details</h2>
  <input type="text" name="card-number" />
  <input type="text" name="cvv" />
</div>

Proliferate.init({
  replay: {
    blockClass: 'no-capture',  // Default
  },
});
In the replay, blocked elements appear as empty placeholders.

Ignore Input Recording

Elements with the ignoreClass have their input events ignored: 
<!-- Typing in this field is not recorded -->
<input type="text" class="ignore-input" name="search" />

Proliferate.init({
  replay: {
    ignoreClass: 'ignore-input',  // Default
  },
});

Mask Text Content

Elements with the maskTextClass have their text content masked: 
<!-- Text content is masked -->
<p class="mask">User's full name: John Smith</p>

<!-- Appears as -->
<p class="mask">•••••••••••••••••••••••••••••</p>

Proliferate.init({
  replay: {
    maskTextClass: 'mask',  // Default
  },
});

Configuration Options

maskAllInputs
boolean
default:"true"
Controls whether all inputs are masked. Set to false only if you have specific inputs that should be visible and are confident they don’t contain sensitive data.
recordCanvas
boolean
default:"false"
Controls whether canvas elements are recorded. Disabled by default because it’s computationally expensive and canvas content can contain sensitive data.

Combining Privacy Controls

You can use multiple controls together: 
<!-- Parent container blocked -->
<div class="no-capture">
  <!-- Everything inside is excluded -->
</div>

<!-- Specific input ignored -->
<input type="text" class="ignore-input" name="search" />

<!-- Visible but masked text -->
<div class="mask">
  <p>Account Balance: $1,234.56</p>
</div>

GDPR and Privacy Compliance

Session Replay is designed to support privacy regulations:
  • Only records what’s necessary for debugging
  • Masks sensitive data by default
  • Doesn’t capture data outside the app
  • Contact support to delete replay data
  • Data is automatically deleted after retention period

Best Practices

1

Identify Sensitive Elements

Audit your application for:
  • Payment forms
  • Personal information (SSN, ID numbers)
  • Authentication flows
  • Medical or financial data
  • Private messages
2

Apply Appropriate Classes

<!-- Block entire sensitive sections -->
<section class="no-capture">
  <PaymentForm />
</section>

<!-- Mask visible but sensitive text -->
<span class="mask">{user.socialSecurityNumber}</span>

<!-- Ignore sensitive input events -->
<input class="ignore-input" type="text" name="credit-card" />
3

Test in Development

Enable replay in development to verify masking works:
Proliferate.init({
  replay: {
    enabled: process.env.NODE_ENV !== 'test',
  },
});

// Trigger a test error
setTimeout(() => {
  throw new Error('Test error for replay verification');
}, 5000);
4

Review Replays Regularly

Periodically review actual replays to ensure:
  • Sensitive data isn’t accidentally visible
  • Masking is working correctly
  • No new sensitive elements need protection