When considering the Rights of Access and Data Portability for GDPR, it can be difficult to know what data to supply your users. We've made it easy to provide your users (and you!) any data you have collected on them that has been processed by Fullstory.
It is important to note that Fullstory is acting both as a Data Controller and as a Data Processor within the realm of GDPR compliance.
Fullstory is a controller with respect to our visitors and customers interacting with any domain within our control (e.g. www.fullstory.com, app.fullstory.com, help.fullstory.com, blog.fullstory.com, etc.). Sessions that Fullstory captures of these domains into our own account fall under Fullstory as Data Controller. If you would like to request your own personal data from Fullstory, please reach out to Support here.
Fullstory is a processor with respect to the end users whose data Fullstory receives: our customers’ users. Sessions that are captured and stored in your Fullstory account fall under Fullstory as Data Processor.
Accessible Data Format and Content
To retrieve your end-users data (Fullstory as Processor), two data downloads are available:
-
User Events: User Events download contains data in the form of captured event data for a particular user. The data included in User Events export are the indexed events that you can search and view in Fullstory. This includes things like user identification details, page duration data, clicked elements, typed text, browser and device details. This does not include actual sessions that can be played back as sessions are inferred data. See below for a full list of User Event export contents.
-
User Pages: The User Pages file contains a series of all the pages that the user has visited. For every page, there are two kinds of JSON objects that are present delimited by a new line. One is the page meta data and the other is the page object itself. The pairs of JSON objects are separated by a new line character. For example:
{ page-meta-data }
{ raw-page-object }
{ page-meta-data }
{ raw-page-object }
Accessing the User Data Files in Fullstory UI
To access these files for a user, search and locate the user in the Fullstory UI.
Click on the user display name to open their user card.
At the bottom of that user card are buttons for downloading the files:
Accessing Data Files with the API
You can also use our API to retrieve user files. However, the API is limited to download identified users only.
Endpoints
Action |
Method |
URL |
User events |
GET |
https://export.fullstory.com/api/v1/export/userEvents?uid=USER_ID |
User pages |
GET |
https://export.fullstory.com/api/v1/export/userPages?uid=USER_ID |
Examples
$ curl -O -J -H "Authorization: Basic YOUR_API_KEY" https://export.fullstory.com/api/v1/export/userPages?uid=USER_ID (A file named UserPagesExport.json.gz)
$ curl -O -J -H "Authorization: Basic YOUR_API_KEY" https://export.fullstory.com/api/v1/export/userEvents?uid=USER_ID (A file named DataExport.json)
User Data Export Contents
USER/SESSION FIELDS
Name | Export Field Name | Description |
---|---|---|
User Id | UserId | A unique identifier for a user cookie on a given device/browser. This ID may be reset if the User clears their cookies, switches devices, changes browsers, etc. |
User App Key | UserAppKey | The user identifier that was passed to Fullstory from your system using FS.identify. |
Individual Id | IndvId | A unique identifier for the Individual that combines all Users with the same User App Key. For example, if you’ve identified user 123 whenever they visit your site, their Individual will include all of their Sessions across devices, browsers, etc. |
Session Id | SessionId | The identifier for a particular session, within the context of a single user. Use Session Id and User Id together as a compound key to uniquely identify sessions across all export data. |
User Email Address | UserEmail | The email address that was set via FS.identify or FS.setUserVars. |
User Display Name | UserDisplayName | The display name that was set via FS.identify or FS.setUserVars. |
IP Address | PageIp | The IP address captured at the start of the session. |
Custom User Variables | (custom var name) | If you're passing any user variables into Fullstory, we'll include them in the export. Each additional variable will appear as a separate field in the export file, where the field name is the variable name as provided to the FS.setUserVars function. Note that, if loading export bundles into Redshift or BigQuery with hauser, the custom variable fields are amalgamated into a single JSON document under a field named “CustomVars” prior to import into the export staging table. |
PAGE FIELDS
A “page” tracks each instance when a user loaded a page with a particular URL or navigated to a different URL within a single-page application. There may be many pages with the same User Id and URL if the user left and revisited the same page, either during the course of several sessions, or even during a single session.
Name | Export Field Name | Description |
---|---|---|
Page Id | PageId | The identifier for a particular page, within the context of a single session. Use Page Id, Session Id, and User Id together as a compound key to uniquely identify pages across all export data. |
Page URL | PageUrl | The full URL of the page on which the given event occurred. |
Page Duration | PageDuration | The total time this User spent on this page during this session (milliseconds). This is not a running total; every event for a given page will show the same total duration. |
Active Page Duration | PageActiveDuration | The active time (mouse movement, text entry, clicks, etc.) this User spent on this page during this session (milliseconds). This is not a running total; every event for a given page will show the same total duration. |
Page Referrer URL | PageRefererUrl | The page from which the user reached this page. The referrer may be empty if the user manually entered the page URL, or if the referrer has been scrubbed, etc. |
EVENT FIELDS
Name | Export Field Name | Description |
---|---|---|
Event Time | EventStart | The absolute time when the event occurred, in UTC, represented as a dateTime from the XML Schema Specification, e.g. 2018-01-04T20:07:11.191Z. |
Event Type | EventType | The type of event that was captured. Typical types are:
|
Event Target Text | EventTargetText | Where applicable, this contains the text of the event target and its child elements. For example, if the user clicked a button that says “Pay now”, the event target text would be “Pay now”. Long text may be truncated in some cases for performance reasons. |
Event Target Selector | EventTargetSelectorTok | Where applicable, this contains the CSS selector for the event target. This will be a fully qualified descendant selector, starting from the HTML element, and including all CSS selectors of elements that appear in the DOM when walking from the HTML element through its children to the event target. Most non-alphanumeric characters within a selector will be encoded, e.g. “.my%2Dclass” rather than “.my-class”. |
BEHAVIOR HEURISTICS
For some events, one of a series of modifier fields will be set to provide additional information regarding user behavior.
Name | Export Field Name | Description |
---|---|---|
Rage Clicks | EventModFrustrated | Your customer clicked one or more elements on the page many times in rapid succession, potentially because they were frustrated. For each of the click events in this series of clicks, the numeric value of this field is a running total of the number of clicks that have occurred. It will be zero for click events that were not part of a series of rage clicks. Learn more about rage clicks. |
Dead Clicks | EventModDead | Your customer clicked something, but nothing happened. Will be 1 for dead clicks, zero for non-dead clicks. |
Error Clicks | EventModError |
Your customer clicked something and a console error was generated, either by an actual error occurring, or by logging an error to the console. Typical types are:
*Prior to 06-21-2021, this field did not distinguish between different types of errors. |
Suspicious Actions | EventModSuspicious | Your customer entered text or navigated to a URL that was suspicious. When set to zero, nothing was suspicious. When 1, it indicates a possible SQL injection attack. When 2, it indicates a possible cross site scripting attack. Learn more about suspicious activity detection. |
CONSOLE STATISTICS
Name | Export Field Name | Description |
---|---|---|
Console Infos/Logs | PageNumInfos | The number of times the JavaScript function console.log() was called, plus the number of times console.info() was called on the page. This is a running total for the page, and will steadily increase until the user navigates to a new page. |
Console Warnings | PageNumWarnings | The number of times console.warn() was called on the page. This is a running total for the page. |
Console Errors | PageNumErrors | The number of times console.error() was called, plus the number of JavaScript errors that occurred on the page. This is a running total for the page. |
ENVIRONMENT FIELDS
Name | Export Field Name | Description |
---|---|---|
Latitude/ Longitude |
PageLatLong | The latitude/longitude corresponding to this session. These values are derived using IP geolocation, which is only capable of pinpointing a user’s general area, often just at the city level, not their exact location. |
User Agent | PageUserAgent | The full user agent string for the system on which this session was captured. |
Browser | PageBrowser | The browser that was used for this session, as derived from the User Agent. Current possible values: Chrome, Firefox, Internet Explorer, Microsoft Edge, Safari, Opera, Mobile App, Yandex, Robot, Unknown. New values may be added to this list at a later date. |
Device | PageDevice | The device type that was used for this session, as derived from the User Agent. Current possible values: Desktop, Mobile, Tablet, Robot, Unknown. New values may be added to this list at a later date. |
Operating System | PageOperatingSystem | The operating system type that was used for this session, as derived from the User Agent. Current possible values: Chrome OS, OS X, iOS, Windows, Windows Phone, Linux, Robot, Unknown. New values may be added to this list at a later date. |