Redacting Information
Last updated September 17, 2023
Why redact?
There is some customer information you may not want to have exposed to your team or to other vendors (eg, Atlas). The best practice is to limit the transmission of this data. We help you achieve this by providing the ability to hide, or redact, customer information from our session recordings.
What data is sensitive?
While what is considered sensitive varies on a case-by-case basis, these items are generally considered sensitive data:
- personally identifiable information (PII): eg, name, address, social security number or other identifying number or code, telephone number, email address, etc.)
- payment card industry (PCI) data: credit card/payment information, eg, name, card number, expiration date, and security code
- banking information: account name, account address, account type, account number, routing number
What is redacted by default?
By default, we try to redact any of the above information based off of standard web security best practices. Specifically, any input setup like <input type="password">
will automatically be redacted.
We'd strongly recommend you go through a test of your site using fake data and then reviewing the associated session recording so you are aware of what is (and isn't) being tracked.
How do you setup custom redaction?
To customize what is and isn't tracked, you can use the .atlas-mask
and .atlas-hide
classes. Any inputs that are children of elements with the .atlas-mask
class are masked (replaced with ***). Any elements that are children of elements with the .atlas-hide
class are not recorded at all.