Skip to main content
Real User Monitoring (RUM) involves collecting data from end users’ browsers and mobile devices. To protect user privacy and ensure data security, Flashduty provides various configuration options and tools to manage data collection, storage, and access.

Privacy Options

The Browser RUM client token is used to match data from end user browsers with a specific RUM application in Flashduty. It is unencrypted and can be seen from the application’s client side.While the client token is only used to send data to Flashduty and does not pose a data leakage risk, we recommend the following good token management practices:
  • Regularly rotate client tokens to ensure they are only used by your application
  • Automatically filter out bots when capturing RUM data
Authentication Proxy: Use a placeholder string instead of clientToken, and have the proxy check for valid user information before passing session data to Flashduty, thereby confirming that a real user is logged in and transmitting traffic to be monitored.
Events are user interactions with specific elements of your website or application. Events can be automatically captured by the SDK or sent through custom actions.You can turn off automatic tracking of user interactions and page visits, capturing only the interactions you choose. By default, RUM generates action names from SDK-automatically collected actions using target content, and you can explicitly override this behavior with any given name.
You can transmit all RUM events through your own proxy server, so end user devices never communicate directly with Flashduty.
By default, user identity is not tracked. Each session has a unique session.id associated with it, which anonymizes data but allows you to understand trends.You can choose to write code to capture user data (such as name and email address) and then use that data to enrich and modify RUM sessions, but this is not required.

Data Retention

After configuring event capture, events are stored in Flashduty. You can decide how long captured events and attributes are retained in Flashduty.
Default Retention Periods:
  • Sessions, views, actions, errors, and session recordings are retained for 30 days
  • Resources and long tasks are retained for 15 days

Personal and Sensitive Data Removal

You can use several options to remove personally identifiable information (PII) and sensitive data, including IP addresses and geolocation information.
Scenarios where PII may appear in RUM include:
  • Action names on buttons (e.g., “View full credit card number”)
  • Names displayed in URLs
  • Custom tracking events set by application developers
Combining the enablePrivacyForActionName option with the mask privacy setting automatically replaces all non-overridden action names with the placeholder Masked Element.This setting is also designed to be compatible with existing HTML override attributes.