Session Book

Learn how SessionBook ensures user privacy, handles session data, and provides security features like data control, exclusions, and open-source transparency

This page outlines how we manage the storage, processing, and privacy of your data under the Session Book

Data Collection During Session Replay

Auto-Recording on Websites

When SessionBook auto-records activity on a website, the extension embeds a JavaScript library (request-web-sdk.js) into the page. This library observes the following:

  • Mouse Movement: Tracks interactions on the page.

  • Console Logs: Captures logs generated during the session.

  • Network Logs: Observes API call responses and status but excludes sensitive details.

  • Local Storage Changes: Monitors updates made to local storage.

Temporary Local Storage

  • All recorded data is temporarily stored in the page’s context (an in-memory JavaScript variable).

  • Data Volatility: The recorded data is cleared when the page navigates or refreshes. This ensures that no session data persists beyond the current session unless explicitly saved by the user.

  • Exclusion of Sensitive Data: Network logs do not include request headers that could contain sensitive information, such as:

    • Authorization tokens

    • Session IDs

    • Resource IDs

    • Cookies

Saving and Reviewing Sessions

Once a session is recorded:

  • Users can review, annotate, and save the session data.

  • SessionBook provides an option to save sessions online or download them locally as a file.

  • Users can exclude console and network logs during saving, ensuring that sensitive details are not uploaded to the server.

Security Features

Local Data Storage

  • All session data is stored locally in the browser’s memory during recording.

  • Data Deletion: Data is discarded when:

    • The user clicks the "Discard" button.

    • The Requestly UI or website is closed without saving the session.

Controlled Data Upload

  • No session data is uploaded to the server unless explicitly saved online by the user.

  • Users can choose what data to include when saving sessions, ensuring maximum control.

No Sensitive Data Capture

  • Request headers are deliberately excluded from network logs, preventing the capture of sensitive information such as authentication tokens and cookies.

Sync Storage for Configurations

  • Configurations are stored in the browser’s local storage and securely synced with the Requestly server (Firebase).

  • Synced data is encrypted and available only to the authenticated user across devices or browser instances logged into the same account.

Open-Source Transparency

  • SessionBook, as part of Requestly, is open-source, and its codebase is available on GitHub.

  • Developers can inspect the source code for:

    • request-web-sdk: The library responsible for session recording.

    • UI Code: Ensuring transparency and building trust in the tool’s security practices.

Reporting Security Issues

If you identify any security vulnerabilities or privacy concerns with SessionBook, please report them to our team at [email protected]. We take all reports seriously and will address them promptly.

For more details, refer to our Privacy Policy or Terms of Service.

Updated on
Mock/File Server