Privacy Settings in Fullstory

Who can use this feature?
- Available with all plans.
- Requires an Admin role.

Fullstory offers a set of in-app tools for managing privacy settings. This article will explore the privacy configuration tools available within the Fullstory settings page.

Privacy Settings - Overview

Privacy overview

This article will focus on the privacy configuration settings available within the Fullstory application. In addition to in-app configuration options, teams may wish to explore a code-first approach to managing privacy.

See the Privacy Resource Hub for a complete set of resources for managing privacy in Fullstory.

The privacy settings page

Navigate to the privacy settings page:

  1. Click your account name in the top left.
  2. Click Settings.
  3. Under Data Capture and Privacy, click Privacy.

In the top right of privacy settings, you'll see Your Privacy Mode, which matches the privacy configuration that was chosen when your account was first set up. It includes the following options:

The privacy settings page is divided into the following tabs:

General Privacy Settings

The General Privacy Settings tab contains the following configuration options:

  • Discard user IP addresses
    When disabled, Fullstory actively discards IP addresses after the session has been processed. Learn more.
  • Capture elements based on consent
    Provides guidance on how to use the Fullstory Browser API to selectively capture certain excluded elements. Learn more.

URL Privacy Rules

The URL Privacy Rules tab gives you the ability block data capture for parts of a URL in future sessions. Learn more.

Element Privacy Rules

The Element Privacy Rules tab is for configuring new element data capture rules and viewing any automatically configured rules that may have been set up. This approach—configuring element data capture rules within Fullstory—serves as an alternative to the code-first privacy method.

For a detailed overview of configuring privacy rules in Fullstory, see How do I protect my users' privacy in Fullstory?.

Element Privacy Rules are grouped into three potential groupings:

  • Configured Rules are the individual rules that Fullstory Admins have added. When you click Create Rule, it will be added here.
  • Form Privacy Rules are the element data capture "Mask" and "Exclude" rules that are automatically configured when the account is set up with the Form Privacy privacy mode when the account is first set up. Learn more about Form Privacy.

    Admins can click Opt out of Form Privacy Rules to disable Form Privacy selectors and can click Opt in to Form Privacy Rules to enable them.
  • Mobile Unmask Rules are a set of default element data "Unmask" capture rules that are generally considered to be free of sensitive data. Developers will want to review these selectors. Learn more about Default Mobile Unmask Rules.

    Admins can click Opt opt out of Mobile Default Rules to disable Form Privacy selectors and can click Opt in to Mobile Default Rules to enable them.
Note: The set of default privacy rules that come with Form Privacy Rules and Mobile Default Rules will only be present for accounts that were created after this functionality was implemented. If you don't see the default rules on your account and would like them to be added, please contact us.

Filtering and searching element data capture rules

All groupings of element data capture rules contain the ability to Filter by and Search to group and find specific capture rules. 

Options for Filter by include:

  • Created by me
  • Native Platform
    • Web
    • iOS
    • Android
  • Privacy State
    • Exclude
    • Mask
    • Unmask
  • Rule Scope
    • No sessions
    • All sessions
    • Preview sessions only
    • Live sessions only

Use Search to quickly find element data capture rules by URL, type, user, and more.

Network Privacy Rules

The Network Privacy Rules tab is for configuring a Network Allowlist of URL patterns, specifying how their request and response bodies should or should not be captured. Learn more.

Header Privacy Rules

The Header Privacy Rules tab allows you to manage which request and response headers Fullstory captures. By default, Fullstory captures a set of safe headers that are known to be free of sensitive information. You can view the complete list of default captured request headers and response headers in this tab.

In addition to the default headers, you can configure custom rules to capture additional headers specific to your application's needs. Custom headers can be added as a comma-separated list or with each header on a new line for easy copy-pasting from spreadsheets. Learn more about managing header privacy rules.

Privacy - Header Privacy Rules
Was this article helpful?

Articles in this section

See more

Got Questions?

Get in touch with a Fullstory rep, ask the community or check out our developer documentation.

Technical Support Support
Ask the Community Community
Dev Docs Dev Docs