This article explains what personal data is, what Contentsquare collects and protects by default, and where personal data can appear across your Contentsquare implementation so that you can make informed decisions about your privacy setup.
What is personal data?
Personal data is any information that identifies, relates to, or can reasonably be linked to a specific individual. Under GDPR and similar privacy regulations worldwide, the collection and storage of personal data is strictly regulated.
In the context of a website or app, personal data can include obvious identifiers — like a name, email address, or phone number — as well as less obvious ones, like an IP address, a session cookie, or a URL that contains a user ID.
What Contentsquare collects by default
To provide its analytics capabilities, Contentsquare collects the following data about your website or app visitors:
- User identifier: a cookie or session storage value used to recognize visitors across their session(s)
- IP address (web only): used for geolocation and filtering, then deleted (see below)
- Browsing history: the customer pages/screens a user visited during a session
- Behavioral data: interactions such as clicks, scrolls, mouse movements, taps, and time spent on page, etc…
💡 IP address handling
Contentsquare uses the IP address only to determine the visitor's approximate location (city and country), blocklist unwanted sessions like bots or internal employee traffic, and short term logging (up to 3 days) for troubleshooting purposes. After 3 days, the IP address is permanently deleted. Contentsquare by default does not store IP addresses in its databases.
What Contentsquare protects by default
Automatic Personal Data Redaction
Automatic Personal Data Redaction is a built-in protection in the Contentsquare web tracking tag. It identifies and redacts specific types of sensitive data directly in your visitors' browsers, before anything is sent to Contentsquare's servers.
This protection is always active. It runs on top of any Data Masking or Element Masking settings you configure, and it cannot be turned off.
What gets automatically redacted:
| Data type | How it appears in Session Replay |
| Form field values (<input>, <textarea>) | Replaced with bullets or zeros |
| Email addresses | Replaced with CS_ANONYMIZED_EMAIL |
| Credit card-like numbers | Replaced with CS_ANONYMIZED_PII |
| Phone-like strings | Replaced with CS_ANONYMIZED_PII |
| Numbers greater than or equal to 9 digits | Replaced with CS_ANONYMIZED_PII |
| JWT tokens in URLs | Replaced with CS_ANONYMIZED_JWT |
| <script> element content | Emptied |
Where personal data can appear in your implementation
Even with Contentsquare's default protections in place, personal data can still appear in your collected data if it exists in areas not covered by the default safeguards. Understanding where these risks exist in your specific environment helps you to apply the right masking configuration.
On your website or app interface
- Explicitly displayed data: Names, email addresses, phone numbers, profile pictures, or addresses that are visible on screen to your users
- User-generated content: Reviews, comments, or messages that may contain personal identifiers
In URLs
- URL paths: A user ID or username embedded directly in the page URL (e.g. /account/john.doe)
- URL parameters: Personal identifiers passed as query strings (e.g. ?email=user@example.com)
In your page code
- HTML attributes: Personal data embedded in data- attributes or CSS classes
- JavaScript parameters: Scripts that include user identifiers for dynamic rendering or API calls
In Session Replay and visual analysis
- Session Replay: Personal data that is visually displayed on screen will be captured as part of the replay unless masked
- Heatmaps and Zoning Analysis: Any personal data visible on screen when a heatmap or zone is generated
- Text Search: On-screen text captured during user sessions may contain personal data