What to do if sensitive data has been captured

In the process of setting up your FullStory account, you set up exclusion rules to ensure sensitive customer information isn’t included in FullStory sessions. However, if you discover that sensitive data has been captured into your FullStory account, you’ll want to take the following actions to ensure you are in compliance with FullStory’s Terms & Conditions and Acceptable Use Policy.

  1. Immediately pause data capture

  2. Request data deletion

  3. Exclude sensitive data from future FullStory sessions

  4. Resume data capture

Immediately pause data capture

If you suspect that sensitive data is still being captured, visit your data capture settings page to immediately pause data capture.

What exactly is “sensitive data”? Refer to FullStory’s Terms & Conditions for a definition of sensitive data, which is data that should always be excluded from FullStory sessions. The steps in this article apply specifically to sensitive data.

You may choose to set up exclusion rules for data that is not considered “sensitive”, per FullStory’s definition, but which for other reasons you’ve decided should be excluded from FullStory sessions. If you discover you accidentally captured other customer data of this type, you’ll want to choose which steps to follow, guided by your internal policies and commitments you’ve made to your customers. For data of this type, consider using FS.consent() to selectively capture data based on explicit user consent.

Request data deletion

After you’ve paused data capture, an account administrator should send an email to support@fullstory.com requesting data to be deleted. Note that the email address must match that of an administrator on the account.

FullStory support will respond with next steps to move forward with the deletion by time range or by segment. Deletion will not begin until an email confirmation has been received.

Exclude sensitive data from future FullStory sessions

Before resuming data capture, you’ll want to revisit your exclusion rules and any blocked elements within your code base to ensure that sensitive data won’t be captured in the future.

Resume data capture

Once the appropriate exclusion rules are in place, visit your data capture settings page to re-enable data capture for your account.

Need to get in touch with us?

The FullStory Team awaits your every question.

Ask the Community Technical Support