Privacy Policy

What this policy covers

This policy explains what data sessionvision collects when our tracking script runs on your website, how we handle that data, and the choices available to you and your visitors. It applies to the sessionvision platform, SDK, and any associated services.

Information we collect automatically

When a visitor loads a page with the sessionvision script, we automatically collect:

• Browser name and version
• Device type (desktop, tablet, mobile)
• Operating system
• Page URLs and referrer URLs
• Click targets and scroll depth
• Form field metadata (which fields exist, focus/blur timing) — not the values typed into them
• Screen resolution and viewport size
• Approximate geolocation derived from IP address (country/region level)

Session recordings

sessionvision can record DOM-level session replays so you can see how visitors interact with your pages. To protect visitor privacy:

• All text input fields are masked by default — the recording captures keystrokes as asterisks.
• Our script automatically detects and masks patterns that look like email addresses, phone numbers, credit card numbers, and social security numbers in rendered page text.
• You can extend masking to any element by adding the data-sv-mask attribute.
• You can exclude entire elements from recording with data-sv-block.

What we do not collect

sessionvision does not capture the actual values visitors enter into forms — including passwords, search queries, credit card details, or any other input content. We also do not read or write browser cookies. We do not intercept network requests made by your site.

Identification

By default, each visitor is assigned a random anonymous UUID. This identifier is stored in the visitor's browser via localStorage and contains no personal information. If you choose to call the sessionvision.identify() method in your code, you can attach your own user ID or traits to that visitor. Any personally identifiable information sent through identify() is your responsibility to disclose in your own privacy policy.

Local storage

sessionvision uses localStorage (not cookies) to persist a small amount of data in the visitor's browser. The keys we set are:

• sv_distinct_id — anonymous visitor identifier
• sv_session_id — current session identifier
• sv_props — any properties set via registerOnce()

No third-party cookies are set. Because we rely only on localStorage, the sessionvision script is not affected by cookie-consent requirements in most jurisdictions, though you should consult your own legal counsel.

Connected services

You may optionally connect sessionvision to external services such as Slack, email, Linear, or GitHub. These integrations are activated only when you explicitly configure them and are used to deliver alerts, summaries, or issue creation on your behalf. sessionvision sends only the data you configure in each integration (e.g., a session summary to a Slack channel) and does not grant these services access to your raw analytics data.

Your choices

• Opt-out: You can call sessionvision.opt_out() at any time to stop tracking for a specific visitor. This sets a localStorage flag and all subsequent calls become no-ops.
• Disable autocapture: Pass { autocapture: false } in your init() options to turn off automatic click and form tracking entirely.
• Masking: Use the data-sv-mask and data-sv-block attributes to control what appears in session recordings.

Data retention

How long we keep your data depends on your plan. The free tier retains event and recording data for 30 days. Paid plans offer longer retention windows as described on our pricing page. When data expires, it is permanently deleted from our systems.

Updates to this policy

We may update this policy from time to time. If we make material changes, we will notify you through the sessionvision dashboard or by email. The “Last updated” date at the top reflects the most recent revision.

Contact

Questions about this policy? Reach us at [email protected].