The privacy of your customer data is a shared responsibility. FullStory diligently ensures that your customer data is securely stored and accessible only to you. In addition, we provide you a tool to easily exclude sensitive customer information.
Important note: Element exclusions are not retroactive. If you are viewing this article after you started recording, there are several options available for deleting sessions from FullStory, if necessary.
Within Settings you’ll notice an area called Privacy. You can add elements to the Excluded Elements list to block any data from those HTML elements from ever being captured. Excluded data never leaves your customer's browser, meaning FullStory does not receive or process the data in any way. (You can also use Inspect Mode to exclude elements via point & click)
Click "Add Element" to create a new exclusion. Input the CSS selector and (optionally) leave yourself a note to remember why this block rule is important.
Your note will show up in the exclusions list:
You’ll also notice the “Record with user consent” checkbox. When used together with the
FS.consent API, this setting allows you to record this element only after a user has given explicit consent (these are known as “consent-required elements”).
Alternatively, you can make an element impossible to record no matter what by using .fs-block.
Just add the .fs-block class name to any element you want to exclude.
<input class="ccnum fs-block">
This works in the exact same way as configuring an exclusion in the settings page, but lets you do it directly in your own code/html. That means the exclusion includes any child elements, so you can do things like this:
<form class="fs-block" id="payment"> <input class="ccnum"> <!-- etc --> </form>
Under certain circumstances, .fs-hide doesn't behave exactly the same way as .fs-block or adding an element's selector to the excluded elements list directly. An element with the .fs-hide class will be invisible at playback. Excluded elements added directly or by class name .fs-block are visible as a gray box with cross-hatches as shown below.
We pre-populate the exclusions list with industry standard HTML. You'll want to double check how your company has coded these sensitive fields. If your input fields have different CSS naming conventions, you'll need to add them to the exclusions list.
If you're using the industry standards, we'll block the following default exclusions:
Hidden inputs with
You can find the exclusions list by clicking on Settings > Privacy.
alt) of excluded elements will be excluded. Any HTML attributes—except those listed above—of the excluded elements will still be recorded (though they won't be visible in the FullStory UI during playback). Take for example the following:
<div class="fs-hide" data-secret="abracadabra">Your secret is abracadabra</div>
Your secret is abracadabrawill not be recorded. However, the text
<div class="fs-hide" data-secret="abracadabra">will be recorded.
Account admins can use Inspect Mode to easily identify text fields and other areas where customers will enter sensitive information, so that those elements will never be recorded by FullStory.
Using the Inspect Mode feature, find the element within your page, then click Exclude Element. The CSS selector you chose will automatically be added to your excluded elements list.
FullStory records the user interface (UI). The only method FullStory uses for recording the UI is by tracking the DOM structure and any changes to it. This means:
Element exclusion, therefore, operates at the DOM level. This means:
If you have any additional questions, feel free to reach out to firstname.lastname@example.org.
The FullStory team awaits your every question.Contact Us