GDPR compliance
Kamil avatar
Written by Kamil
Updated over a week ago

Personal data protection and privacy are the core values of LiveSession. Below we’ve described all you need to know about GDPR. If you don’t have time to read through complex legal documents, this short summary should be enough.

What is GDPR?

It’s a law related to processing personal data of citizens of the European Union (EU) and the European Economic Area (EEA).

Why is LiveSession bound by the GDPR?

Our services are available to customers from all over the world, including the EU and the EEA.

Our tool records the user’s activity on a website or in an app. This recording is called session replay.

What is a session replay? How is it related to personal data?

A session replay is a reconstruction of the user’s journey on a website or within a web application. It consists of mouse and keyboard movements, scrolls, taps, and clicks. Watching a session replay feels like sitting next to the user and watching them interact with your website.

When you use LiveSession on your website, you allow the service to process user data. There are two main ways of processing data, passive and active.

Passive processing is related to session replays stored on Google Cloud. As our client, you’re the only person who can access this data.

Active processing involves the data you send us intentionally, such as company details, email addresses, and the names of your employees. You need to share this information to use our service.

Is it possible to use LiveSession without recording any personal data?

Yes, it’s possible. Here’s how it works:

Passively processed data is anonymous by default. This applies to forms on your website, too. If you’d like to identify recorded users, you can do it with our custom properties feature. By default, we do not record any inputs that can be potentially sensitive.

On the other hand, if personal data is included in the static content of your website, you need to anonymize it yourself. Otherwise, it will be recorded.

Important tip: We suggest that you audit your website. Make sure that you exclude all fields that could contain sensitive information. This is a way to make sure that your website is GDPR-compliant.

As the website owner, you decide what kind of information (and for what purposes) you’re going to process. Because of that, you might need to get consent from your users. It’s good to regulate these terms in your privacy policy and include link to our privacy policy, too.

LiveSession provides the session recording tool and protects your privacy. We’re also here to help you exercise rights related to personal data.

What are the user rights provided by GDPR?

Here are some of the user rights under the GDPR that you need to consider:

  • The right to amend, access, and receive copies of personal data.

    The user can ask you to send a copy of their personal data. You can download a file with this data from your account.

  • The right to erase data.

    The user can ask you to delete their personal data. It’s also known as the right to be forgotten. You can erase the user’s data very easily.

  • Limitations on data processing.

  • The right to object to the processing of personal data.

  • The right to withdraw consent for processing data

    The user can ask you to limit the processing of their data.

    You can decide what kind of data you are recording. Passively obtained data is always anonymous by default. You can anonymize other kinds of data manually.

    What’s more, the user can also object to processing their data at any time without providing a reason. This does not affect the legality of the previous processing.

  • The right to data portability

    If requested, it’s possible to move the user’s personal data to another place.

To exercise these rights, please get in touch with LiveSession at: [email protected]

The GDPR requires us to answer within 30 days. We’ll do our best to reply as soon as possible.

For more details, read our:

Did this answer your question?