These checklists will help ensure your organization starts capturing data in the safest way possible. Choose the checklist that matches your privacy approach.
- Privacy Setup Checklist: Private by Default
- Privacy Setup Checklist: Traditional Blocklist
- Common Exclusion Checklist
Privacy Setup Checklist: Private by Default
This checklist will help ensure Private by Default orgs start capturing data in the safest way possible.
Step 0: Install
| Task | Settings Location | Details |
|---|---|---|
| Disable data capture | Data Capture and Privacy > Data Capture | Make sure this is done before installing snippet |
| Install snippet | Data Capture and Privacy > Fullstory Setup | There are several options provided for installation |
Step 1: Pre-Capturing Checklist
Step 2: Enable Data Capture
| Task | Settings Location | Details |
|---|---|---|
| Enable data capture | Data Capture and Privacy > Data Capture | All elements will be masked under Private by Default |
Step 3: Preview Unmasking Changes
| Task | Settings Location | Details |
|---|---|---|
| Add Element Data Capture Rules scoped as 'Preview Sessions Only' | Data Capture and Privacy > Privacy | Unmask elements using CSS selectors |
| Test rule changes by generating Preview Sessions | Data Capture and Privacy > Privacy | Preview sessions will apply rules to your own session only |
Step 4: Applying Changes in Production
| Task | Settings Location | Details |
|---|---|---|
| Update scope to 'Preview and Live Sessions' for all approved rules | Data Capture and Privacy > Privacy | This will apply tested rules to internal and external visits |
| Obtain log of current settings via Fullstory API for own records | Privacy Settings API | Audit Trail APIs provide a full history of any changes to settings |
Privacy Setup Checklist: Traditional Blocklist
This checklist will help ensure Traditional Blocklist orgs start capturing data in the safest way possible.
Step 0: Install
| Task | Settings Location | Details |
|---|---|---|
| Disable data capture | Data Capture and Privacy > Data Capture | Make sure this is done before installing snippet |
| Install snippet | Data Capture and Privacy > Fullstory Setup | There are several options provided for installation |
Step 1: Pre-Capturing Checklist
Step 2: Enable Data Capture
| Task | Settings Location | Details |
|---|---|---|
| Add element capture rule to mask body, scoped to 'Live Sessions Only' | Data Capture and Privacy > Privacy | This rule will mask all text elements for external traffic, but allow admins to capture unmasked sessions to test specific mask/exclude rules on own Preview Sessions |
| Enable data capture | Data Capture and Privacy > Data Capture |
Step 3: Preview Exclude and Mask Rules
| Task | Settings Location | Details |
|---|---|---|
| Add Element Data Capture Rules scoped as 'Preview Sessions Only' | Data Capture and Privacy > Privacy | Mask or exclude private elements using CSS selectors |
| Test rule changes by generating Preview Sessions | Data Capture and Privacy > Privacy | Preview sessions will apply rules to your own session only |
Step 4: Applying Changes in Production
| Task | Settings Location | Details |
|---|---|---|
| Update scope to 'Preview and Live Sessions' for all approved rules | Data Capture and Privacy > Privacy | This will apply tested rules to internal and external visits |
| Update scope to 'No Sessions (Inactive)' for mask body rule | Data Capture and Privacy > Privacy | This will remove global masking for internal and external visits |
| Obtain log of current settings via Fullstory API for own records | Privacy Settings API | Audit Trail APIs provide a full history of any changes to settings |
Common Exclusion Checklist
Common areas of consideration when masking/excluding elements with Fullstory.
Common Risk Considerations
| Area | Details |
|---|---|
| Logged-in / Account | Logged in area will often display user name or email |
| Avatars / Profile photos | Profile photos can be considered biometric data |
| Checkout flow: Confirmation pages | Confirmation pages can often print personal information that was entered in an earlier form |
| Checkout flow: Shipping pages | Shipping pages can often print personal information that was entered in an earlier form |
| Forgot username flow | Forgot username flows will sometimes print full or partial email addresses/usernames/phone numbers |
| Forgot password flow | Forgot password flows will sometimes print full or partial email addresses/usernames/phone numbers |
| Form validation text | Form validation text will sometimes print text entered into an input element |