Capture elements with consent

Who can use this feature?
- Available on all plans.
- Requires an admin role to configure.

Please see Fullstory's developer documentation for more detailed API information:

Note: We officially released V2 of our User Consent Browser API on November 1st, 2023. If you're still using V1 of our Browser API, please refer to our V1 API documentation found here.

If you were using Fullstory prior to August 3rd, 2023 and aren't sure which version of our Browser API is compatible with the data capture snippet deployed on your website, please refer to these instructions to confirm.

Fullstory consent API gives you the ability to selectively capture parts of your website or mobile application based on explicit user consent.

You can use consent API whenever a user grants or revokes consent to capture data. Depending on a user’s preference, Fullstory will either capture or block specially designated elements (known as “consent-required elements”) within that user’s sessions.

Note: Only Admins or Umbrella Managers (available on select Fullstory Enterprise plans) can modify privacy settings.

To make use of consent functionality, you'll need to:

  • Add consent-required elements to the Excluded Elements section of your Privacy settings, and

  • Call the FS('setIdentity', { consent }) function from the Fullstory JavaScript API when a user gives (or revokes) consent.

  • Consent-required elements are blocked by default. Calling consent API with `true` will enable capturing of all consent-required elements for the current user from that point forward. Similarly, calling it with `false` will block all consent-required elements for the current user once again (useful when the user has revoked their consent).

Additional details can be found in our developer documentation.

Special Considerations

  • Since consent API is a new function in Fullstory’s JavaScript API, you may need to re-install your Fullstory snippet in order to use it.

  • As with any other excluded element, data entered into consent-required elements before invoking the consent API will not be sent to Fullstory. In other words, this is not retroactive.

  • Consent-required elements operate in an “all or nothing” manner. This means that invoking this API will apply to all consent-required elements for the current user. It is not currently possible for users to consent to certain elements but not others.

  • Consent API only affects whether or not certain elements on a page will be captured by Fullstory. Consent settings do not affect or block any other information you may be passing to Fullstory about your users, e.g. with Identify or sending in additional user data. If you wish to avoid passing this information in certain situations, then you should simply not make these API calls in those cases.

  • User consent is set on an app level. If you're capturing sessions across multiple apps (e.g. a web app and a mobile app) within the same Fullstory account, you'll need to call our consent API within each app. 

Example

Consider the example Element data capture rules below:

Screen_Shot_2022-05-18_at_3.15.24_PM.png

Elements can be excluded without consent, masked without consent or unmasked without consent. You’ll notice that we’ve added #email and #full-name as exclude without consent and mask without consent elements. Now consider the example account creation form below:

direct_1525114517057-blank_form_for_copying.png

Let’s assume that the IDs of the “Full name,” “Email,” and “Password” fields are #full-name, #email, and #password respectively. Given our Excluded Elements settings above, here’s how these fields would appear in Fullstory before a user gives their consent:

direct_1525114589664-consent_false.png

All three fields are excluded from Fullstory. “Full name” and “Email” are excluded because we explicitly added them; “Password” is excluded automatically because it matches input[type=password].

In order to capture the “Full name” and “Email” fields to Fullstory based on the user’s consent preference, let’s call FS('setIdentity', { consent }) upon submission of the form. Assuming the form has an ID of #create-account and the consent checkbox has an ID of #consent-check, then the JavaScript code to call FS('setIdentity', { consent }) may look something like this:

Vanilla JavaScript

document.getElementById('create-account').onsubmit = function() {
    var consentValue = document.getElementById('consent-check').checked;
    FS('setIdentity', { consent: consentValue });
  };

JQuery

$('#create-account').submit(function(event) {
    var consentValue = $('#consent-check').is(':checked');
    FS('setIdentity', { consent: consentValue });
  });
Please see Fullstory's developer documentation for how to invoke this API

Now, provided that the user gave their consent, here’s how the form would appear in Fullstory after the consent call:

direct_1525116527131-consent_true.png

Note that the consent-required elements are captured, but the “Password” field remains excluded regardless of consent because it matches input[type=password].

Need to get in touch with us?

The Fullstory Team awaits your every question.

Ask the Community Technical Support