Seamless Digital Experience.
Happy Customers.

Digital Experience and Error Monitoring Platform - Zipy

Zipy’s user sessions and GDPR

Anom Warbhuvan
~ 7 min read | Published on Dec 14, 2023


Fix bugs faster with Zipy!

  • Session replay
  • Network calls
  • Console Logs
  • Stack traces
  • User identification
Get Started for Free

What if you have a tool that lets you analyze your user behaviour on your web and mobile app and even website.

You can see what they did, where they went, what they clicked, and how they reacted. You can use this tool to discover insights, identify trends, and test hypotheses.

Sounds amazing, right?

This is exactly what Zipy’s user Sessions do for your website and applications. With Zipy’s user sessions, you can record and watch how your users interact with your product. This helps you discover and solve problems and frustrations on your app.

Now this does capture your users data, which might make you think about your GDPR compliance.

So let’s figure out how does GDPR approach user sessions, and how does Zipy keep your user data protected.

What is GDPR compliance?

GDPR (General Data Protection Regulation) compliance is a set of rules that protect the privacy rights of people who use the internet in the European Union (EU). It is a law that applies to all businesses that collect or handle personal data belonging to individuals who are citizens of the European Union.

Personal data includes any information that can be used to identify a person, such as their name, email address, location, gender, and so on. However, user sessions give rise to certain concerns regarding data protection and privacy particularly in light of the GDPR.

What are user sessions in Zipy?

User sessions in Zipy are a way to see and replay the interactions to check how your users navigate, click, scroll, and react on your web app. It is useful to get insights into their behavior, preferences, needs, and problems.

You can also see the errors, console logs, network requests, and custom logs that occurred during each user session. User sessions in Zipy start with the first page that your users visit and end with a period of inactivity lasting longer than 30 minutes.

You can sort and filter user sessions by various criteria, such as user data, session size, environment, and live status.

In the below image, we have covered an user session of a e-commerce website.

Zipy dashboard

With the help of user sessions in Zipy, you can clearly see and replay the interactions your users made with your web app. Here are the different panels on Zipy dashboard:

  • User recording: This panel shows you a video of the user’s session, including their mouse movements, clicks, scrolls, and other actions on your app.
  • User environment: This panel gives you the details of the user’s device, browser, OS, location, IP address, and other information that can affect their experience on your app.
  • Breadcrumbs: It showcases the sequence of events that occurred during the user’s session, such as page views, network requests, errors, console logs, custom events, etc.
  • Code level information: You can see stack trace, source code, and variables of any errors that occurred during the user’s session, helping you debug and fix them.

Why do we need user sessions to be GDPR compliant?

If you are doing buisness in Europian Union, you need to comply with GDPR guidelines to protect your user’s data. User sessions or recordings on the other hand, collect personal data of users. However if you go with right user session product, you will be good.

Let’s see an example of what information is visible in user sessions on Zipy under the lense of GDPR compliance. Here’s an e-commerce website user session recorded by Zipy. After, you end the recording, the user session is available in the Zipy dashboard.

Now, you can see from the screenshot in the upper right corner, input fields are hidden.

Zipy user sessions GDPR compliancy image

That’s because Zipy is GDPR compliant. It does not display or capture any personal data nor does it expose it. It protects user data at all costs.

Advice: If you do not comply with GDPR, you may face data processing injunctions, suspension of data transfers, and fines of up to 20 million euros or 4% of annual global turnover.

We protect user data captured in session recordings

At Zipy, we respect and value the privacy concerns of all our users above all else. With this in mind, our session replay tool is designed to keep personally identifiable information secure at all times.

Here are some key security measures:

  • Masking: You can use CSS selectors or regular expressions to define the elements or fields that you want to mask. Masking ensures that the data is not visible in the session recordings or in the network requests.
  • This functionality allows you complete control over what sensitive details you choose to hide. This can be your users passwords, credit card info, email address, or any other data.
  • Block user sessions: Zipy allows you to block any user sessions that you do not want to record or store, such as those from certain countries, IP addresses, or user agents.
  • Blocking prevents the data from being sent to Zipy servers or stored in the Zipy database. You can use the Zipy block case to define the rules and conditions that determine which sessions should be blocked.
  • Data storage compliant: Zipy allows you to choose where you want to store your user session data, either on Zipy cloud servers or on your own servers. Right now, the data doesn’t get deleted but we are planning to give an option to choose how long you want to keep the data before it is automatically deleted.
  • User preferences: Zipy respects the users’ choices and requests regarding their data, such as opting out, accessing, modifying, or deleting their data.
  • Filtering: Zipy also filters out any data that is not relevant for the session recording, such as headers, cookies, or query parameters.
  • Data encryption: Zipy ensures that the data is encrypted at rest and in transit, and that it complies with GDPR and other data protection laws.

These are some of the methods that Zipy uses to protect the personal data of its users that are recorded in the sessions.

How does Zipy allow its users to access, modify, or delete their recorded data?

Zipy respects the rights of its users to access, modify, or delete their recorded data. It is currently building a privacy portal that will allow users to do so easily and securely. The privacy portal can be considered as a web page where users can enter their email address and request a link to view, edit, or erase their data. The privacy portal will show the users all the data that Zipy has collected and stored about them, such as their name, email, device, location, and session recordings.

Users can do three major things:

  • They can see the consent status and the purpose of the data collection.
  • They will be able to modify their data by changing their name, email, or consent preferences.
  • They can delete their data by clicking on the delete button and confirming their choice.

Until the privacy portal is ready, Zipy is taking requests from users who want to access, modify, or delete their recorded data. Zipy assists the users with any questions or issues they may have regarding their data.

But no matter, what we say there is always a hindering question, i.e.

Should I stop using session replays If I want to be GDPR compliant?

Quick answer: No.

Long answer: Still no.

You are only observing anonymous sessions of people until you identify them individually using the identifiers. Zipy also prevents you from seeing any data that the user enters and shows **** instead of email or any input fields.

So you cannot identify any user by watching their session. Of course, you can learn a lot of things from the session, but you cannot access any visitors’ personal data.

Record user session with Zipy, with out worry about GDPR compliance

Till now, we have shown you how Zipy is GDPR compliant even when recording user sessions. We have explained how Zipy follows the best practices and principles of GDPR to ensure that its users are informed, consented, and protected when it comes to their recorded data.

With Zipy, you can enjoy the benefits of session recording without worrying about the risks. Use Zipy as a powerful tool that allows you to record, replay, and analyze user sessions without compromising user data.

If you want to try Zipy for yourself, you can sign up for a free trial or book a demo today. You will be amazed by what you can learn from your user sessions with Zipy.

Call to Action

Feel free to comment or write to us in case you have any further questions at We would be happy to help you. In case you want to explore for your app, you can sign up or book a demo.

Fix bugs faster with Zipy!

Get Started for Free

You might also like

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Want to solve customer bugs even before they're reported?

The unified digital experience platform to drive growth with Product Analytics, Error Tracking, and Session Replay in one.

SOC 2 Type 2
Zipy is GDPR and SOC2 Type II Compliant
© 2023 Zipy Inc. | All rights reserved
by folks just like you
// open links in new tab script