It is important to note that Fullstory is acting both as a Data Controller and as a Data Processor within the realm of GDPR compliance.
We are a controller with respect to our visitors and customers interacting with any domain within our control (e.g. www.fullstory.com, app.fullstory.com, help.fullstory.com, blog.fullstory.com, etc.).
We are a processor (and occasionally a subprocessor) with respect to the end users whose data Fullstory receives: our customers’ users. Sessions that are captured and stored in your Fullstory account fall under Fullstory as Data Processor.