Sessions privacy controls

Privacy controls should be configured before broad production rollout.

Core Controls

• Masking: Hide sensitive UI fields and text regions.
• Sampling: Limit capture volume where full capture is unnecessary.
• Metadata controls: Keep only fields needed for troubleshooting and analytics.
• Retention policy: Define how long replay data stays accessible.

Recommended Rollout

1. Start with strict masking defaults.
2. Validate replay usefulness with support leads.
3. Relax only where necessary for debugging quality.
4. Re-test after major frontend changes.

Identity And Trust

For web widget authenticated users, use server-generated identifier_hash where available to reduce impersonation risk in user identification workflows.

Security Review Checklist

• Sensitive fields are masked in replay.
• Session access is role-scoped.
• Live assist usage is policy-governed.
• Retention aligns with organizational policy.

Warning: Avoid storing direct secrets, payment data, or regulated identifiers in replay metadata or event payloads.

📷 Image (optional): Privacy And Masking Configuration
Why: Clarifies where masking, retention, and sampling controls are managed.
File: docs/images/sessions-privacy-and-masking-configuration.png
AI prompt: "Clean SaaS admin settings screenshot for OXVO Sessions privacy controls, panels for Masking Rules, Sampling Rate, Metadata Allowlist, Retention Policy, modern neutral interface with primary accent, realistic labels only, synthetic values, no third-party logos, 1600x1000, crisp and readable."

Next Steps

• Authentication and access controls
• Troubleshoot Sessions capture issues