What to do if sensitive data has been recorded

In the process of setting up your FullStory account, you set up exclusion rules to ensure sensitive customer information isn’t included in FullStory sessions. However, if you discover that sensitive data has been recorded into your FullStory account, you’ll want to take the following actions to ensure you are in compliance with FullStory’s Terms & Conditions and Acceptable Use Policy.

  1. Immediately pause recording

  2. Request data deletion

  3. Exclude sensitive data from future FullStory sessions

  4. Resume recording


Immediately pause recording

If you suspect that sensitive data is still being recorded, visit your recording settings page to immediately pause recording.


What exactly is “sensitive data”? Refer to FullStory’s Terms & Conditions for a definition of sensitive data, which is data that should always be excluded from FullStory sessions. The steps in this article apply specifically to sensitive data.

You may choose to set up exclusion rules for data that is not considered “sensitive”, per FullStory’s definition, but which for other reasons you’ve decided should be excluded from FullStory sessions. If you discover you accidentally recorded other customer data of this type, you’ll want to choose which steps to follow, guided by your internal policies and commitments you’ve made to your customers. For data of this type, consider using FS.consent() to selectively record data based on explicit user consent.


Request data deletion

After you’ve paused recording, an account administrator should send an email to support@fullstory.com requesting data to be deleted. Note that the email address must match that of an administrator on the account.

FullStory support will respond with next steps to move forward with the deletion by time range or by segment. Deletion will not begin until an email confirmation has been received.


Exclude sensitive data from future FullStory sessions

Before resuming recording, you’ll want to revisit your exclusion rules and any blocked elements within your code base to ensure that sensitive data won’t be recorded in the future.


Resume recording

Once the appropriate exclusion rules are in place, visit your recording settings page to re-enable recording for your account.

Need to get in touch with us?

The FullStory Team awaits your every question.

Contact us