Privacy Policy

Last updated: May 8, 2026

Information we collect

We collect account information you provide (such as email), usage data required to operate the service, and diagnostic information needed to prevent abuse and improve reliability.

Product data (events you send)

When you use ReplayStack in your applications, you control what is captured. Typical stored data includes masked request/response metadata for debugging—not end-user browser sessions.

What may be stored after masking

  • Backend API, webhook, queue, and worker events you explicitly instrument with the SDK or ingest API.
  • Request metadata you choose to send: route, method, status, latency, service name, environment, and correlation IDs.
  • Request/response bodies and headers after automatic masking (values replaced with [MASKED], not stored in clear text for matched keys).
  • Stack traces and structured steps so your team can replay and diff failures—not raw end-user browser sessions.

What we do not collect by design

  • End-user mouse clicks, screen recordings, or front-end DOM snapshots (ReplayStack is backend observability, not session replay for visitors).
  • Passwords, bearer tokens, cookies, or API secrets in clear text—matching field names are redacted before storage.
  • Full payment card numbers or CVV values when field names match our built-in list (add custom names with maskFields if your schema differs).
  • Arbitrary files, databases, or infrastructure metrics unless your integration sends them as part of an event payload.
  • Selling or renting your production payloads to advertisers or data brokers.

Sensitive JSON/header keys matching our built-in list (for example password, authorization, token) are redacted before storage. Add project-specific names with the optional SDK maskFields option—optional. extra json/header field names to redact. a built-in sensitive-name list always runs first—you never disable it by leaving maskfields empty.

How we use information

We use this information to provide ReplayStack, authenticate users, communicate product updates, and comply with legal obligations.

Your choices

Depending on your region, you may have rights to access, correct, export, or delete personal information. Contact us to exercise these rights.

Draft. Replace this page with counsel-reviewed privacy policy text before relying on it for compliance.