GuidesSupport
Web AnalyticsAttributionCookie ConsentA/B Testing & ExperimentationMapsTag ManagerSession ReplayTranslation WidgetHeatmapsPlatformIngest

FAQs

Common questions about Session Replay - session length, masking behavior, HIPAA compliance, and accessing captured replays.

FAQs

How long are sessions captured?

Up to 4 hours of active recording time per session. Time when the tab is hidden does not count against this budget.

What data is captured in session replays?

User interactions, page navigation, mouse position, scroll position, click locations, and visual changes to the page. Form input values are masked by default. Page text is captured as-is unless you enable mask_all_text or use the masking classes / selectors.

What data is not captured?

<script> contents are not recorded verbatim, and <canvas> content is not captured. <style> / <noscript> text, element attributes (aria-label, title, alt, data-*, placeholder), URLs, query strings, and document.title are recorded as-is — see Privacy and masking for the full list and how to keep sensitive values out of those surfaces.

Is Session Replay HIPAA-compliant?

Session Replay is designed to support HIPAA compliance with configurable privacy controls and secure data handling. Ours Privacy offers a Business Associate Agreement (BAA) for healthcare organizations. As with any analytics tool, work with your compliance team to make sure your specific configuration (including consent management) meets your requirements. See the HHS guidance on HIPAA and online tracking.

Can I control what gets captured?

Yes. Three layers: global text masking with mask_all_text, CSS classes (op-session-replay-block / -ignore / -mask), and CSS-selector-based equivalents (block_selector / ignore_selector / mask_text_selector). See Privacy and masking.

Can I record only specific high-value sessions?

Yes. Set sampleRate: 0 and add the events you care about to alwaysRecordEvents. See Sampling and triggers.

How do I access captured sessions?

Open your Ours Privacy dashboard, click any event in your analytics or recent-events view, and the associated replay opens alongside the event timeline.

Is session replay data stored securely?

Yes. All replay data is encrypted in transit. Replays are removed automatically based on your account's retention period (default 90 days). See Data and retention.

Why doesn't replay run inside an iframe on my site?

Session Replay does not run inside cross-origin iframes (e.g., Shopify Web Pixel sandboxes, ad-tech containers). Install the SDK on the parent frame; same-origin frames are included automatically in the parent's recording.

Next steps

How is this guide?

Data and Retention

Previous Page

On this page

FAQs
How long are sessions captured?
What data is captured in session replays?
What data is not captured?
Is Session Replay HIPAA-compliant?
Can I control what gets captured?
Can I record only specific high-value sessions?
How do I access captured sessions?
Is session replay data stored securely?
Why doesn't replay run inside an iframe on my site?
Next steps