You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add updates regarding replay to user privacy page (#13937)
<!-- Use this checklist to make sure your PR is ready for merge. You may
delete any sections you don't need. -->
## DESCRIBE YOUR PR
Changes requested/approved by Loretta on the Legal team, preview url:
https://sentry-docs-git-privacy-updates.sentry.dev/security-legal-pii/scrubbing/protecting-user-privacy/
## IS YOUR CHANGE URGENT?
Help us prioritize incoming PRs by letting us know when the change needs
to go live.
- [ ] Urgent deadline (GA date, etc.): <!-- ENTER DATE HERE -->
- [ ] Other deadline: <!-- ENTER DATE HERE -->
- [ ] None: Not urgent, can wait up to 1 week+
## SLA
- Teamwork makes the dream work, so please add a reviewer to your PRs.
- Please give the docs team up to 1 week to review your PR unless you've
added an urgent due date to it.
Thanks in advance for your help!
## PRE-MERGE CHECKLIST
*Make sure you've checked the following before merging your changes:*
- [ ] Checked Vercel preview for correctness, including links
- [ ] PR was reviewed and approved by any necessary SMEs (subject matter
experts)
- [ ] PR was reviewed and approved by a member of the [Sentry docs
team](https://github.com/orgs/getsentry/teams/docs)
## LEGAL BOILERPLATE
<!-- Sentry employees and contractors can delete or ignore this section.
-->
Look, I get it. The entity doing business as "Sentry" was incorporated
in the State of Delaware in 2015 as Functional Software, Inc. and is
gonna need some rights from me in order to utilize my contributions in
this here PR. So here's the deal: I retain all rights, title and
interest in and to my contributions, and by keeping this boilerplate
intact I confirm that Sentry can use, modify, copy, and redistribute my
contributions, under Sentry's choice of terms.
## EXTRA RESOURCES
- [Sentry Docs contributor guide](https://docs.sentry.io/contributing/)
---------
Co-authored-by: Alex Krawiec <[email protected]>
Copy file name to clipboardExpand all lines: docs/security-legal-pii/scrubbing/protecting-user-privacy.mdx
+18Lines changed: 18 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -56,10 +56,28 @@ A: Yes, [our BAA](https://sentry.io/legal/baa/) covers HIPAA requirements for an
56
56
57
57
A: As with all user data that you submit to Sentry for processing on your behalf, you are responsible for providing appropriate notices to your users. How you choose to configure Session Replay and your own site or app will ultimately determine the contents and presentation of your user privacy notices.
58
58
59
+
**Q: Do I need to obtain consent from my users to use Session Replay?**
60
+
61
+
A: As with notices (see above), you need to consider whether or not you have to obtain user consent. In the U.S. in particular, we've noticed an [increase in lawsuits under U.S. state wiretapping laws](https://iapp.org/resources/article/us-litigation-series-website-tracking/) that involve session replay software. You should evaluate the risk based on your location, service, and customer type, and whether you want to mitigate the risk by obtaining consent from your users to collect data about their interaction with your services via Session Replay.
62
+
63
+
**Q: What should consent for Session Replay look like?**
64
+
65
+
A: Consent can take different forms, including using consent banners or similar technology, as well as consent incorporated into your terms of service with users. The type of consent you want to present (if any) is going to depend largely upon your assessment of the risks based on your location, service, and customers.
66
+
67
+
Here's an example of consent language:
68
+
69
+
> Provider may use and collect data and learnings about customer's use of the Provider service, including customer's behavior within the Provider service, such as clicks, scrolls, mouse movements, keystrokes, page refreshes, and other user session information to operate, improve, and support the Provider service and for other lawful business purposes.
70
+
71
+
**Q: How do I configure Sentry SDK's for Session Replay to be compatible with a consent banner?**
72
+
73
+
A: If you choose to utilize a consent banner, you can find [technical guidance](https://sentry.zendesk.com/hc/en-us/articles/37358708239003-How-can-I-delay-replay-recording-until-a-user-consents) to configure Session Replay SDKs to initiate only after user consent is obtained.
74
+
59
75
**Q: Where is Session Replay data hosted?**
60
76
61
77
See our [subprocessor list](https://sentry.io/legal/subprocessors/) for our infrastructure hosting location, which applies to all data within your specific Sentry instance, including Session Replay data.
62
78
63
79
**Q: How long do you retain Session Replay data?**
64
80
65
81
Please see [our security policy](https://sentry.io/security/). Our data retention policy applies to the overall Sentry service, including Session Replay.
82
+
83
+
*The information on this page is for information purposes only and does not constitute legal advice. You should consult with your own legal counsel to determine how relevant laws and regulations apply to your specific situation, taking into account your specific configuration and use of Sentry and Session Replay, and to ensure your compliance.*
0 commit comments