Privacy & Compliance
Rehearsals is built with privacy-first principles to help you comply with data protection regulations while gaining valuable user insights.
Automatic Privacy Features
Out of the box, Rehearsals automatically protects sensitive information:
🔒 Always Protected
- Password fields - All password inputs are masked
- Credit card numbers - Automatically detected and masked
- Social Security numbers - Pattern-matched and hidden
- Email addresses - Can be configured to mask
- Phone numbers - Can be configured to mask
🛡️ Smart Detection
Rehearsals uses pattern recognition to identify and mask:
- Payment card numbers (Visa, MasterCard, Amex, etc.)
- Bank account numbers
- Government ID numbers
- API keys and tokens
Privacy Controls
CSS Class-Based Controls
Add these classes to any HTML element to control recording:
| CSS Class | Behavior | Use Case |
|---|---|---|
rh-block |
Completely blocks element from recording | Sensitive forms, private content |
rh-ignore |
Element won't appear in recordings | Temporary UI, admin panels |
rh-mask-text |
Masks all text content | Personal information, addresses |
Examples
<!-- Block entire sensitive section -->
<div class="rh-block">
<h3>Payment Information</h3>
<input type="text" name="card-number" />
<input type="text" name="cvv" />
</div>
<!-- Mask text but keep structure -->
<div class="user-profile rh-mask-text">
<p>John Doe</p> <!-- Appears as •••• ••• -->
<p>john@example.com</p> <!-- Appears as ••••@•••••••.••• -->
</div>
<!-- Completely ignore element -->
<div class="admin-toolbar rh-ignore">
<!-- Won't appear in recordings at all -->
</div>
Attribute-Based Controls
Use data attributes for more granular control:
<!-- Mask specific input -->
<input type="text" data-rh-mask="true" />
<!-- Block specific element -->
<div data-rh-block="true">Sensitive content</div>
<!-- Ignore recording -->
<section data-rh-ignore="true">Admin only</section>
GDPR Compliance
User Consent
Implement consent management before loading Rehearsals:
// Check for user consent
if (hasUserConsent()) {
window.deepPredictionSettings = {
apiKey: 'dp_proj_xxxxx',
organizationId: 'dp_org_xxxxx'
};
// Load Rehearsals script
const script = document.createElement('script');
script.src = 'https://app.runrehearsals.com/recorder.js';
script.async = true;
document.head.appendChild(script);
}
Cookie Banner Integration
// Popular consent management platforms
// OneTrust
window.OneTrust.OnConsentChanged(() => {
if (window.OnetrustActiveGroups.includes('C0002')) {
// Load Rehearsals
}
});
// Cookiebot
window.addEventListener('CookiebotOnAccept', () => {
if (Cookiebot.consent.statistics) {
// Load Rehearsals
}
});
Data Subject Rights
Support GDPR data subject rights:
// Stop recording for specific user
window.rehearsals?.stopRecording();
// Delete user data (via API)
fetch('https://api.runrehearsals.com/v1/gdpr/delete', {
method: 'POST',
headers: {
'Authorization': 'Bearer dp_proj_xxxxx',
'Content-Type': 'application/json'
},
body: JSON.stringify({
userId: 'user_123',
email: 'user@example.com'
})
});
CCPA Compliance
California Consumer Privacy Act
Handle "Do Not Sell" signals:
// Check for global privacy control
if (navigator.globalPrivacyControl) {
// Don't load Rehearsals
return;
}
// Check for opt-out
if (document.cookie.includes('ccpa_opted_out=true')) {
// Don't load Rehearsals
return;
}
HIPAA Considerations
Healthcare Sites
For healthcare applications, use maximum privacy settings:
window.deepPredictionSettings = {
apiKey: 'dp_proj_xxxxx',
organizationId: 'dp_org_xxxxx',
// Disable all text recording
maskAllText: true,
// Disable form input recording
maskAllInputs: true,
// Only record page navigation
recordingMode: 'navigation-only'
};
PHI Protection
<!-- Mark all PHI sections -->
<div class="patient-data rh-block">
<!-- All patient information blocked -->
</div>
<!-- Medical forms -->
<form class="medical-form">
<input type="text" class="rh-mask-text" placeholder="Condition" />
<textarea class="rh-mask-text" placeholder="Symptoms"></textarea>
</form>
PCI DSS Compliance
Payment Card Industry Standards
For e-commerce sites handling payments:
<!-- Block all payment forms -->
<div id="checkout-form" class="rh-block">
<!-- Entire checkout process blocked -->
</div>
<!-- Or use hosted payment iframe -->
<iframe src="https://payment-processor.com" class="rh-ignore"></iframe>
Recommended Setup
// Detect checkout pages
if (window.location.pathname.includes('/checkout')) {
window.deepPredictionSettings = {
...defaultSettings,
// Mask all inputs on checkout
maskAllInputs: true,
// Block recording of network requests
enableNetworkCapture: false
};
}
Regional Compliance
EU Users
// Detect EU users
fetch('https://ipapi.co/json/')
.then(res => res.json())
.then(data => {
if (data.continent_code === 'EU') {
// Apply stricter privacy settings
window.deepPredictionSettings = {
...defaultSettings,
requireConsent: true,
maskAllText: false,
anonymizeIP: true
};
}
});
Privacy Policy Updates
Include Rehearsals in your privacy policy:
## Session Recording
We use Rehearsals to record and analyze user sessions on our website.
This helps us improve user experience and identify technical issues.
### What We Record:
- Mouse movements and clicks
- Page scrolling
- Form interactions (sensitive data is masked)
- Page navigation
### What We DON'T Record:
- Passwords (always masked)
- Payment information
- Personal identification numbers
- Any content marked as private
You can opt-out of session recording by [clicking here].
Data Retention
Configure data retention in your Rehearsals dashboard:
- Default: 90 days
- Options: 7, 30, 60, 90, 180, 365 days
- Auto-deletion: Automatic after retention period
- Manual deletion: Delete specific sessions anytime
Security Best Practices
- Use HTTPS - Always load Rehearsals over HTTPS
- Regular audits - Review recorded sessions for sensitive data
- Team training - Educate team on privacy features
- Test thoroughly - Verify masking works before going live
- Document controls - Keep record of privacy implementations