Hiding sensitive user information such as passwords, credit cards, and personal data.

We take privacy seriously and understand that there is a tradeoff between having enough information to solve a bug and end-user privacy.

We designed our SDK to allow developers to determine what information to hide from LogRocket reports. We are constantly working to improve these features, so let us know if there is a privacy feature that you need which we do not support.

Exclude Data in Videos

Excluded data is never sent to LogRocket servers. Once an element is excluded, it cannot be included again on that page.

Data can be excluded using a data attribute of data-private any element:

<div data-private>
  This data will <strong>not</strong> be recorded.

Form inputs

Add the data-private attribute to any input or textarea DOM element to prevent recording its input. Password fields are never recorded.

Remember to also exclude this data from your network requests.

Input redaction types

To change the behavior of a private input or textarea field you can specify a redaction type:

<textarea data-private="lipsum"></textarea>

This is the default redaction type and equivalent to not having the data-private attribute set. When an input is set to redact the user input will not be recorded.

When the data-private attribute is set to lipsum, it will replay as if the user was typing Lorem Ipsum text instead of the actual characters. This shows the user was actively typing but provides less security because it exposes the length of the text.

DOM elements

Add the data-private attribute to any DOM element that you wish to obscure from LogRocket. All DOM elements which are children of a hidden/private DOM element will not be recorded.

Automatically sanitize all text and inputs

The LogRocket SDK can automatically sanitize all text and inputs from your session recordings.

See the dom API documentation for details.

Exclude network data

The LogRocket SDK can exclude request bodies, response bodies, headers, URLs, and anything else sensitive from your session recordings.

See the network API documentation for details.

Exclude Redux state

Using a state sanitizer you can drop or redact individual keys or full subtrees of your frontend state store.

See reduxMiddleware() API documentation.

Exclude Redux actions

Using the reduce middleware, you can drop or redact sensitive state transitions.

See reduxMiddleware() API documentation.


LogRocket On-premise

If you prefer to host LogRocket on your own servers or private cloud for privacy reasons, contact us at [email protected]