We believe that customer experience data is critical to your business, so it should come as no surprise that we take security extremely seriously at FullStory. Our founding team is former Google engineers who have been trained in security-aware development practices and sensitized to the importance of a strong security culture.
First, though, the key point: you control what data FullStory records and stores.
You can and should exclude from recording any information that could appear in your web pages that you or your users would deem too sensitive to store. Please keep in mind as you review the security information below that the most effective way to minimize security exposure is to avoid storing unnecessarily sensitive data in the first place. You can read more about this philosophy in the Acceptable Use Policy.
FullStory services are hosted on the Google Cloud Platform, and many of the specifics in this document reflect the ways in which we leverage the massive investments that Google itself makes in security to the benefit of our customers.
FullStory production data is processed and stored within world-renowned data centers, which use state-of-the-art multilayer access, alerting, and auditing measures, including
- perimeter fencing
- vehicle access barriers
- custom-designed electronic access cards
- biometric checks
- laser beam intrusion detection
- continuous external and internal security camera surveillance
- 24x7 trained security guards
Servers and Networking
All servers that run FullStory software in production are recent, continuously patched Linux systems. Additional hosted services that we utilize, such as Google Cloud Storage, are comprehensively hardened Google infrastructure-as-a-service (IaaS) platforms.
Our web servers use the strongest grade of HTTPS security (TLS 1.2) so that requests are protected from eavesdroppers and man-in-the-middle attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256.
Internal tier-to-tier requests are signed and authenticated to prevent request forgery, tampering, and replay.
All persistent data is encrypted at rest using the AES-128 standards or similarly high standards, allowing Google Compute Engine to have successfully completed ISO 27001, SSAE-16, SOC 1, SOC 2, and SOC 3 certifications.
Employee computers have strong passwords, encrypted disks, firewalls, and, where applicable, inbound and outbound network traffic monitoring and alerting. No Windows computers or servers are used at all other than in isolated testing environments. A large and increasing percentage of employees use Chromebooks exclusively for maximum defense against malware, including powerful security measures such as verified boot.
We follow the principle of least privilege in how we write software as well as the level of access employees are instructed to utilize in diagnosing and resolving problems in our software and in response to customer support requests.
We use Google account infrastructure to verify employee account identity and require physical security keys and/or two-factor authentication for all internal applications without exception. Access to administrative interfaces additionally enforce administrator permissions where applicable, and all administrative access is logged and auditable both in the form of traditional web server logs as well as via FullStory itself to make it easy to find and review any administrative activities with full fidelity. For third-party SaaS providers, we utilize Google as an identity provider whenever possible to provide a single point of access control across all the apps that employees access as part of their job.
Code Reviews and Production Signoff
All changes to source code destined for production systems are subject to pre-commit code review by a qualified engineering peer that includes security, performance, and potential-for-abuse analysis.
Prior to updating production services, all contributors to the updated software version are required to approve that their changes are working as intended on staging servers.
Service Levels, Backups, and Recovery
FullStory infrastructure utilizes multiple and layered techniques for increasingly reliable uptime, including the use of autoscaling, load balancing, task queues and rolling deployments. Due to the very large amount of data that FullStory stores, we do not currently make point-in-time backups, although we do use highly redundant data stores and/or rapid recovery infrastructure, making unintentional loss of received data due to hardware failures very unlikely.
Excluding Sensitive Data
As emphasized in the introduction, the most important security consideration — one that you control — is the choice of what data to collect in the first place. By responsibly excluding sensitive information, you can gain full benefit from FullStory without sensitive data ever leaving an end user’s computer.
Under the ‘Settings’ tab in FullStory, there is an area to add CSS selectors for Excluded Elements which designates DOM elements to be excluded from capture. Not only will elements matched by specified selectors not be recorded, they will never be sent across any network. Excluded elements stay on the client. We don’t receive them. We don’t store them. Learn more
Client and Server Hardening
Exposed server endpoints are recurrently tested for vulnerabilities using multiple types of scanning software as well as manual testing. Request-handling code paths have frequent user re-authorization checks, payload size restrictions, rate limiting where appropriate, and other request verification techniques. All requests are logged and made searchable to operations staff.
Client code utilizes multiple techniques to ensure that using the FullStory application is safe and that requests are authentic, including
- IFRAME sandboxing
- XSS and CSRF protection
- signed and encrypted user auth cookies
- remote invalidation of extant sessions upon password change/user deactivation
API and Integrations
All access to FullStory REST API endpoints require an access key that can be regenerated on demand by customers. Learn more
Integrations with other applications are all opt-in and authenticate via OAuth or other applicable mechanisms required by the third party application. Integrations can be disabled at any time.
Customer Payment Information
We use Stripe for payment processing and do not store any credit card information. Stripe is a trusted, Level 1 PCI Service Provider. Learn more
Incident Reporting and Ongoing Improvements
FullStory has a Responsible Vulnerability Disclosure program. You can read more details about our program, the rules of engagement, and submit vulnerability reports at https://fullstory.responsibledisclosure.com/.
If you have a security concern or are aware of an incident, please send an email to firstname.lastname@example.org, a carefully controlled and monitored email account.
Security Benefits of Using FullStory
FullStory can, perhaps surprisingly, also produce substantial security enhancements for your own security practices.
Monitor and Audit Suspicious Activity
While it is certainly not the reason that we developed FullStory, we have heard from customers that FullStory adds an additional and new type of application security. "It is sort of like having a security camera in our product."
With FullStory, you can explore, search and view any suspicious sessions in near real-time. Viewing sessions is a much quicker and informative way of assessing a situation than scouring through vast system logs.
Reduce Staff Administrative Permissions
Especially for SaaS providers, supporting your own customers may entail sharing privileged administrative passwords, often circulated widely throughout an organization, to aid in troubleshooting user issues via “under-the-covers” data access or impersonating users within your own application. This practice increases the risk of accidental data corruption, theft, and privacy intrusions as support employees login and poke through user accounts.
FullStory provides a one-way window into your users’ sessions. Session playback is historical (and of course read-only), meaning that information can be ascertained without the interactive with your live applications. Buttons cannot be pushed. Settings cannot be changed. Files cannot be exported.
Thus, FullStory provides a means to better support your users while also safely reducing the number of individuals with administrative privileges in your organization.