About ReplayStack

ReplayStack captures production backend events so teams can replay failures—often with edited payloads—and ship fixes with evidence instead of guesses from logs alone.

Mission

Debugging APIs, queues, and webhooks should feel as direct as stepping through UI: clear timelines, reproducible steps, and masking so sensitive data does not leak into tickets or chat.

How we treat production data

ReplayStack only stores backend events your team sends through the SDK or ingest API. We redact known-sensitive field names before payloads are persisted—passwords, tokens, cookies, and card-related keys are replaced with [MASKED], not kept in clear text.

The optional SDK setting maskFields adds extra names to redact; it does not turn masking off. Built-in rules always apply even when you omit maskFields. See Security and masking docs for the full list.

What we never collect

• End-user mouse clicks, screen recordings, or front-end DOM snapshots (ReplayStack is backend observability, not session replay for visitors).
• Passwords, bearer tokens, cookies, or API secrets in clear text—matching field names are redacted before storage.
• Full payment card numbers or CVV values when field names match our built-in list (add custom names with maskFields if your schema differs).
• Arbitrary files, databases, or infrastructure metrics unless your integration sends them as part of an event payload.
• Selling or renting your production payloads to advertisers or data brokers.

Who we are

Engineers who have been on-call for payments pipelines, notification workers, and public APIs. ReplayStack grew out of those nights—not slide decks.

Interested in working with us? See open roles. For product or partnership questions, contact us.