Guides
Sign InGet Started Free

Web Replays and Heatmaps

Sprig's Web Replay and Heatmap offering prioritizes privacy.

Web Replay and Heatmap Privacy

Sprig prioritizes user privacy by employing on-device masking for Replay and Heatmap capture. This ensures that sensitive information is redacted locally on the user's device before any information is transmitted to Sprig.

Web Replays

Sprig's session Replay clips are not actual screen recordings. They are a reconstruction of changes in a web browser's Document Object Model (DOM), which is the data representation of a webpage. The record of changes to the DOM are constructed into a video that represents a user's interactions with a particular page. This approach enables Sprig to selectively capture data, such as user interactions and form content, while redacting other types of data, such as images and password fields.

Heatmaps

Heatmaps are generated in a similar way to Replays. When viewing a Heatmap within Sprig, the underlying snapshot of the page is rendered using masked data. You will see where users clicked within the UI, but you will not see their personal information. Heatmaps focus on aggregate behavior (where and how many times users click, for example) rather than individual sessions and masking ensures that the backdrop behind the Heatmap remains compliant with the chosen privacy settings.

Masking Settings

The following describes the available masking settings. For how to establish masking settings for your account, see Replay Creation.

  • Field masking obscures input fields with a placeholder.
  • Text masking obscures characters with asterisks.
  • Image masking obscures images with a placeholder.
  • Class masking obscures specified elements specified by ids and classes. Unmasking classes is not supported for web.
  • Interaction masking does not capture keystrokes, clicks, touches, or console logs.

Latest

The minimum Web SDK version required to support the following privacy masking settings is Web SDK v2.22.0 or later:

Basic

  • Obscures all password and sensitive input fields.

Moderate

Everything in Basic privacy setting and...

  • Obscures all picker, text, and number input fields.
  • Obscures canvases and maps.

Strict

Everything in Basic and Moderate privacy setting and...

  • Obscures all images and videos.
  • Obscures text with asterisks.
  • Does not capture interactions such as keystrokes, clicks, touches, or console logs.
Mock up of masking approaches. **Moderate** masks only fields. **Strict** masks both text and fields.

Mock up of privacy mode masking: Moderate masks only fields. Strict masks both text and fields.

Legacy

For Web SDK v2.22.0 and earlier...

The following masking behavior is supported:

  • Password field masking.
  • Form field masking.
  • Image masking.
  • Class masking.

The following masking behavior is NOT supported:

  • Interactions masking.
  • Class unmasking.

Pause and Resume Web Replays

Alongside masking, the web SDK provides functions for pausing and resuming Replays for times when you know there are screens or flows you do not want to be part of Replay clips. See Web Replays: Pause and Resume Recording for more information.

Interactions

In addition to HTML content, Sprig Replays also record user interactions, such as mouse movements, clicks, screen touches, and keyboard input. Mouse movement captures are approximated during clip playback, limited to an inferred path between start and target destinations.

Interaction tracking may be disabled with Web SDK v2.22.0 or later by enabling the Strict setting. This is not available for earlier versions of the Web SDK.

Compliance

In adherence to guidelines set by the California Consumer Privacy Act (CCPA), Replays do not capture nor require capturing permissions from end-users. The CCPA mandates that businesses must disclose their practices related to both the collection and sale of consumers' personal information in their privacy policies. While businesses are required to give consumers the option to opt-out of having their personal information sold to third parties, the law does not oblige them to provide a similar opt-out for just the collection of personal information.

View more information on Sprig's Privacy Policy.

We welcome feedback on our privacy practices. Please contact us at [email protected] if you have any questions or concerns.

Performance

Session Replay has been designed to use as little resources as possible. We break down performance into four categories: CPU, Memory, Disk and Network.

CPU

We utilize the MutationObserver API to keep track of DOM changes. MutationObserver batches node changes and dispatches a joint notification which minimizes compute. These events should have very little impact on Javascript’s single-threaded performance.

Memory

Session Replay data has near zero impact on memory usage for modern web applications. Sprig immediately moves any data to IndexedDB to keep memory usage low and to persist replay across page loads.

Disk

As mentioned in the section above, Sprig uses IndexedDB to store and retrieve Session Replay data. Sprig throttles its use of IndexedDB to not exceed 2 writes per second. Sprig regularly deletes old replay data to minimize disk usage and preserve privacy.

Network

Sprig uploads Session Replay data in one request as opposed to other solutions that upload small pieces frequently. This approach improves compression efficiency, reduces network overhead and reduces energy consumption for mobile devices.

Updated 6 days ago