Session replay and privacy
Session replay reconstructs a visitor's interaction with a page — pointer movement, clicks, scrolls, input timing — into a playback. It can reveal usability friction a metric cannot, but it captures behaviour at a level that raises serious privacy duties: sensitive fields must be masked, consent may be required, and over-collection is a real risk. This page is educational, not legal advice.
What this means
Session replay tools capture a stream of DOM mutations and interaction events and replay them as a video-like reconstruction of what a user did on the page. Unlike a heatmap aggregate, a replay is one user's individual session. That granularity is its value for diagnosing confusing flows — and the source of its risk.
Privacy obligations
Because a replay can capture whatever appears on screen and whatever is typed, it can sweep up names, emails, payment details, health information, and more. Responsible practice masks input fields and sensitive elements by default, excludes whole regions that may show personal data, and minimises what is stored and for how long. Under regimes such as the GDPR and ePrivacy rules, replay may require informed consent, and supervisory authorities have taken enforcement action where recording was excessive or undisclosed.
The safe default is to record the least that answers your question, mask aggressively, and treat replay as a targeted diagnostic, not always-on surveillance.
- Individual playback, not an aggregate
- Mask inputs and sensitive content by default
- Consent and data-minimisation duties apply
How it appears in analytics and logs
A replay showing repeated rage-clicks, dead clicks, or confused scrolling points to a usability fault. But replay data is high-sensitivity, so what it captures must be minimised and masked by default.
Diagnostic use case
Use session replay to diagnose specific usability problems, with strict masking of input and sensitive content and a lawful basis for the recording, not as blanket surveillance.
What WebmasterID can help detect
WebmasterID's posture is privacy-first first-party measurement of events; this page explains replay as a category and its obligations rather than endorsing pervasive recording.
Common mistakes
- Recording form inputs and sensitive fields unmasked.
- Running replay without a lawful basis or consent.
- Retaining high-sensitivity replays indefinitely.
Privacy and accuracy notes
Session replay can inadvertently capture personal and sensitive data; mask inputs and sensitive elements by default, honour consent, and minimise retention. Regulators have penalised careless replay deployments. This page is educational, not legal advice.
Related pages
- Heatmaps overview
A heatmap aggregates many users' interactions into a colour-coded overlay on a page: click maps show where people tap, scroll maps show how far down they read, and move maps show pointer movement. They are a quick qualitative read on attention and friction, but they aggregate away context and can mislead on responsive layouts and dynamic content.
- Form analytics
Form analytics studies behaviour inside a form rather than just whether it was submitted. It tracks field-level signals such as time spent, corrections, validation errors, the field where users abandon, and completion rate. A page can have a known submit rate while form analytics reveals exactly which field is driving people away.
- GDPR and web analytics: the practical picture
The GDPR governs processing of personal data of people in the EU. For analytics that means: identifiers and IP addresses can be personal data, consent is often required for cookie-based tracking, and minimisation matters. Cookieless, first-party, anonymised measurement reduces the surface — but this is a factual overview, not legal advice.
- Privacy-first analytics
A first-party, minimisation-led measurement posture.
Sources and verification notes
- EDPB — Guidelines on the use of personal data (background)General data-protection guidance; replay specifics depend on jurisdiction.
- MDN — MutationObserver (mechanism replay relies on)
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.