Get in touch!

we respect your privacy and wont share your information. By entering information in this form you accept CXperts' privacy policy
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Close Window

How FullStory Blends Qualitative and Quantitative Insights in an Increasingly Private Web

By Logan Rowley

There are a few consistent pillars to every successful business; among the most important are understanding and respecting your customer. While the advent of Digital Experience Intelligence (DXI) tools like FullStory has made understanding customer behavior easier than ever; it has also made it increasingly tempting to treat them with less and less respect. 

With an ever-expanding breadth of personal data just a few clicks away, how can we ensure that we’re optimizing our digital experiences without violating our users’ trust and privacy?

FullStory is a powerful tool, providing a deep analytics toolset for data-driven decision making, while also providing incredible qualitative insight through session replay. Thankfully, it provides equally powerful controls for ensuring user privacy. 

The following are some of your options to maintain user privacy without compromising your ability to understand user behavior.

Private by Default

First-off, if you’ll be deploying FullStory in an environment that frequently includes Personally Identifying Information (PII) or any information that is legally required to adhere to a stricter level of security such as anything subject to HIPAA CXperts would highly recommend that you opt for Private by Default. This wireframe style replay will still allow for great insight into user behavior, but with a significantly reduced risk of exposing legally protected information. 

example of masked vs. unmasked

Furthermore, as your site changes, new features are added, or other updates are made, your site is “future proofed” as any new feature has stricter privacy standards applied to them and requires you to walk the privacy settings back. 

Redaction (aka Element Masking)

If you don’t deal with a lot of sensitive data, there is likely still some information that doesn’t necessarily need to be visible within FullStory to best understand your customers. User generated content such as gift messages and profile pictures may not always be personally identifying, but rarely provide valuable insight into user behavior and may be best redacted to respect user privacy. In cases like this, it’s best to spot-fix through individual privacy rules. 

Redaction can be implemented with either masking, where the contents of a container are replaced with bars that serve as a placeholder to that text. For an even more strict redaction approach there’s exclusion, which blocks the object from being seen by FullStory at all, i.e. FullStory won’t be able to see any interactions with that object. In either case, the contents of the object aren’t passed to FullStory, but for some that more strict exclusion is preferred.  For more on the difference between masking and exclusion, check out more of that in the FullStory help center

Exclude vs. Masked vs. Unmasked

All of that being said, there are two ways to implement redaction outlined below.

Code-First Redaction: While a code-first approach has a number of benefits, there are also some significant cons that make this a less attractive approach (namely - requires a code release and developer effort). 

The alternative to this would be to make your privacy rules within the FullStory app. This doesn’t require any code commits and can be done without developer support, though you should take care to ensure rules are scoped appropriately to avoid redacting more information than necessary and reducing the value of your replays.

Updating privacy rules within Inspect Mode in FullStory

In-App Redaction: The easiest way to add in-app privacy rules is by using Inspect Mode while in a session replay (see example above) and creating a Data Capture Rule. This is usually a pretty straightforward process, but sometimes it can be a bit of a sticky wicket so slow and steady wins the race.

Note - In-app redaction requires that you have the element you’re hoping to apply a rule to visible within the session replay. While you can use FullStory’s search tools to find a relevant user session, it can often be quicker to find elements by creating your own session on the site and watching back your replay.  You can do this through a Preview Session or with a particular console command.

Continued Help

As you continue to develop your FullStory instance, make sure you’re taking advantage of the fantastic support team at FullStory. You can reach them through the help button within the FullStory app, or by emailing

If there are things that you’d like hands-on-keyboard assistance with, you’ll need to seek managed services. CXperts would be happy to discuss how we can help on that front - let's talk shop.