Privacy Overview

Sprig's entire application was built with Privacy as a top priority - including Replays.

By default, all form contents (including password fields) are not recorded or stored. Additionally, users are able to hide specific CSS selectors or mobile classes as they wish. Configure privacy settings at Settings > Replays > User privacy. Additionally, an Admin can turn off replays for the whole workspace, or by Product at Settings > Replay > Configure.

Web Replay Privacy

While a replay clip may look and feel like a screen recording, Sprig's Session Replay clips are not actual “screen” recordings. Instead they are recordings of changes in the web browser's Document Object Model (DOM), which is the data representation of the page. That record of changes is then constructed into a video that represents a users interactions with a particular page. This approach allows us to selectively capture data, such as user interactions and form contents, while redacting other data, such as images and password fields.

By default, all form contents (including password fields) are not recorded or stored. Additionally, users are able to hide specific CSS selectors as they wish. Configure privacy settings at Settings > Replays > User privacy. Additionally, an Admin can turn off replays for the whole workspace, or by Product at Settings > Replay > Configure.

Interactions

In addition to HTML content, Sprig Replays also record user interactions, such as mouse movements, clicks, screen touches, and keyboard input. Mouse movement captures are approximated during clip playback, limited to an inferred path between start and target destinations.

Compliance

In adherence to guidelines set by the California Consumer Privacy Act (CCPA), Replays does not capture nor require capturing permissions from end-users. The CCPA mandates that businesses must disclose their practices related to both the collection and sale of consumers' personal information in their privacy policies. While businesses are required to give consumers the option to opt-out of having their personal information sold to third parties, the law does not oblige them to provide a similar opt-out for just the collection of personal information.

View more information on Sprig's Privacy Policy: here

We welcome feedback on our privacy practices. Please contact us at [email protected] if you have any questions or concerns.

Performance

Session Replay has been designed to use as little resources as possible. We break down performance into 4 categories: CPU, Memory, Disk and Network

CPU

We utilize the MutationObserver API to keep track of DOM changes. MutationObserver batches node changes and dispatches a joint notification which minimizes compute. These events should have very little impact on Javascript’s single-threaded performance.

Memory

Session Replay data has near zero impact on memory usage for modern web applications. Sprig immediately moves any data to IndexedDB to keep memory usage low and to persist replay across page loads.

Disk

As mentioned in the section above, Sprig uses IndexedDB to store and retrieve Session Replay data. Sprig throttles its use of IndexedDB to not exceed 2 writes per second. Sprig regularly deletes old replay data to minimize disk usage and preserve privacy.

Network

Sprig uploads Session Replay data in one request as opposed to other solutions that upload small pieces frequently. This approach improves compression efficiency, reduces network overhead and reduces energy consumption for mobile devices.