Web Replay Privacy & Performance
Sprig's Web Replay offering prioritizes privacy.
Privacy Overview
Every aspect of Sprigâs application, including Replays, was designed and built with user privacy as a top priority.
By default, all form content including password fields, is neither recorded nor stored. Additionally, Sprig admins can further enhance user privacy by hiding specific CSS selectors or mobile classes.
To configure Replay privacy settings, go to Settings > Heatmap & Replays > Configure.
You can disable Replays for an entire Team workspace by turning off Replays or disable them based on Product by unchecking the corresponding products under the Replays section. Disabling will mark existing Replays as paused and prevent new Replays from being launched.
Web Replay Privacy
While a replay clip may look and feel like a screen recording, Sprig's session replay clips are not actual screen recordings. They are recordings of changes in the web browser's Document Object Model (DOM), which is the data representation of the page. That record of changes is then constructed into a video that represents a user's interactions with a particular page.
This approach enables Sprig to selectively capture data, such as user interactions and form contents, while redacting other types of data, such as images and password fields.
Masking Definitions
Masking happens on device. This means any sensitive user data masked by your privacy configuration will never leave the user's device. The following definitions describe the types of masking available:
- Field masking obscures input fields with a placeholder.
- Text masking obscures characters with asterisks.
- Image masking obscures images with a placeholder.
- Class masking obscures specified elements specified by ids and classes. Unmasking classes is not supported for web.
- Interaction masking does not capture keystrokes, clicks, touches, or console logs.
The minimum Web SDK version required to support the following privacy masking settings is Web SDK v2.22.0 or later:
Basic
- Obscures all password and sensitive input fields.
Moderate
Everything in Basic privacy setting and...
- Obscures all picker, text, and number input fields.
- Obscures canvases and maps.
Strict
Everything in Basic and Moderate privacy setting and...
- Obscures all images and videos.
- Obscures text with asterisks.
- Does not capture interactions such as keystrokes, clicks, touches, or console logs.

Mock up of privacy mode masking: Moderate masks only fields. Strict masks both text and fields.
Interactions
In addition to HTML content, Sprig Replays also record user interactions, such as mouse movements, clicks, screen touches, and keyboard input. Mouse movement captures are approximated during clip playback, limited to an inferred path between start and target destinations.
Interaction tracking may be disabled with Web SDK v2.22.0 or later by enabling the Strict setting. This is not available for earlier versions.
Compliance
In adherence to guidelines set by the California Consumer Privacy Act (CCPA), Replays does not capture nor require capturing permissions from end-users. The CCPA mandates that businesses must disclose their practices related to both the collection and sale of consumers' personal information in their privacy policies. While businesses are required to give consumers the option to opt-out of having their personal information sold to third parties, the law does not oblige them to provide a similar opt-out for just the collection of personal information.
View more information on Sprig's Privacy Policy.
We welcome feedback on our privacy practices. Please contact us at [email protected] if you have any questions or concerns.
Performance
Session Replay has been designed to use as little resources as possible. We break down performance into four categories: CPU, Memory, Disk and Network.
CPU
We utilize the MutationObserver API to keep track of DOM changes. MutationObserver batches node changes and dispatches a joint notification which minimizes compute. These events should have very little impact on Javascriptâs single-threaded performance.
Memory
Session Replay data has near zero impact on memory usage for modern web applications. Sprig immediately moves any data to IndexedDB to keep memory usage low and to persist replay across page loads.
Disk
As mentioned in the section above, Sprig uses IndexedDB to store and retrieve Session Replay data. Sprig throttles its use of IndexedDB to not exceed 2 writes per second. Sprig regularly deletes old replay data to minimize disk usage and preserve privacy.
Network
Sprig uploads Session Replay data in one request as opposed to other solutions that upload small pieces frequently. This approach improves compression efficiency, reduces network overhead and reduces energy consumption for mobile devices.
Legacy Replay Privacy Settings
For Web SDK v2.22.0 and earlier...
The following masking behavior is supported:
- Password field masking.
- Form field masking.
- Image masking.
- Class masking.
The following masking behavior is NOT supported:
- Interactions masking.
- Class unmasking.
Updated 15 days ago