HumanBehavior SDK provides comprehensive data redaction capabilities to protect sensitive information during session recording. This ensures privacy compliance while maintaining the value of your analytics by selectively masking sensitive data in real-time.

Automatic Redaction Setup

The SDK can be configured to automatically redact sensitive fields during initialization. Simply specify CSS selectors for fields that should be redacted: 
const tracker = HumanBehaviorTracker.init('your-api-key', {
  redactFields: [
    'input[type="password"]',
    'input[type="email"]',
    '.sensitive-data',
    '#credit-card-number'
  ]
});

Manual Redaction Configuration

Setting fields to redact

You can configure redaction at any time using the setRedactedFields function. This allows you to dynamically update redaction rules as your application state changes: 
// Redact password fields and email inputs
tracker.setRedactedFields([
  'input[type="password"]',
  'input[type="email"]',
  '.payment-form input',
  '#ssn-field'
]);

Advanced redaction options

For more control over redaction behavior, use the redact function with advanced options: 
await tracker.redact({
  redactedText: '[SENSITIVE]', // Custom redaction text
  excludeSelectors: ['.public-info'], // Fields to exclude from redaction
  userFields: ['.custom-sensitive'] // Additional fields to redact
});

Complete Example

SecureForm.jsx
import { useHumanBehavior } from 'humanbehavior-js/react';

function LoginForm() {
    const tracker = useHumanBehavior();
    
    useEffect(() => {
        // Configure redaction for login form
        tracker.setRedactedFields([
            'input[type="password"]',
            'input[type="email"]',
            '.login-form input'
        ]);
    }, []);
    
    const handleLogin = async (formData) => {
        // Your authentication logic here
        
        if (loginSuccessful) {
            // Update redaction for authenticated user
            tracker.setRedactedFields([
                'input[type="password"]',
                '.payment-info input',
                '#credit-card',
                '.personal-data'
            ]);
        }
    };
    
    return (
        <form className="login-form">
            <input type="email" placeholder="Email" />
            <input type="password" placeholder="Password" />
            <button type="submit">Login</button>
        </form>
    );
}

function PaymentForm() {
    const tracker = useHumanBehavior();
    
    useEffect(() => {
        // Ensure payment fields are redacted
        tracker.setRedactedFields([
            'input[type="password"]',
            '#card-number',
            '#cvv',
            '.payment-form input'
        ]);
    }, []);
    
    const handlePayment = async (paymentData) => {
        // Payment processing logic
        
        // Track payment event (sensitive data already redacted)
        await tracker.customEvent('payment_attempted', {
            amount: paymentData.amount,
            currency: paymentData.currency
        });
    };
    
    return (
        <form className="payment-form">
            <input id="card-number" placeholder="Card Number" />
            <input id="cvv" placeholder="CVV" />
            <input type="password" placeholder="Card Password" />
            <button type="submit">Pay</button>
        </form>
    );
}

Redaction Capabilities

What gets redacted

The SDK redacts sensitive data across all event types:
  • Input Events: Text input, password fields, form submissions
  • DOM Mutations: Text changes, attribute updates, content modifications
  • Mouse Interactions: Text selection, clipboard operations
  • Full Snapshots: Initial page state and subsequent snapshots

CSS Selector Support

Redaction supports all valid CSS selectors for precise targeting: 
// Element types
'input[type="password"]'
'textarea[name="secret"]'

// IDs and classes
'#credit-card'
'.sensitive-data'

// Attribute selectors
'[data-sensitive="true"]'
'input[autocomplete="off"]'

// Complex selectors
'.payment-form input:not(.public)'
'form[action*="payment"] input'

Privacy & Compliance

  • Real-time Processing: Data is redacted before being sent to servers
  • Comprehensive Coverage: All event types and data sources are protected
  • Flexible Configuration: Adapt redaction rules to your privacy requirements
  • Compliance Ready: Supports GDPR, HIPAA, and other privacy regulations

Redaction Status

Check redaction status

// Check if redaction is currently active
if (tracker.isRedactionActive()) {
    console.log('Redaction is enabled');
}

// Get currently redacted fields
const redactedFields = tracker.getRedactedFields();
console.log('Redacted fields:', redactedFields);

Dynamic updates

// Update redaction rules based on user context
function updateRedactionForUser(userRole) {
    if (userRole === 'admin') {
        tracker.setRedactedFields([
            'input[type="password"]',
            '.admin-sensitive'
        ]);
    } else {
        tracker.setRedactedFields([
            'input[type="password"]',
            '.user-sensitive'
        ]);
    }
}

Properties & Options

Property/OptionTypeDescription
redactFieldsstring[]CSS selectors for fields to redact during initialization.
setRedactedFields()functionSet CSS selectors for fields to redact.
redact()functionStart redaction with advanced configuration options.
isRedactionActive()functionCheck if redaction is currently active.
getRedactedFields()functionGet the currently selected fields for redaction.
redact(options) fields:
OptionTypeDescription
redactedTextstringCustom text to use for redaction (default: ‘[REDACTED]’).
excludeSelectorsstring[]CSS selectors to exclude from redaction.
userFieldsstring[]Additional fields to redact.
Common CSS selectors:
SelectorDescription
input[type="password"]All password input fields.
input[type="email"]Email input fields.
#credit-cardCredit card number field.
.sensitive-dataElements with sensitive-data class.
[data-sensitive="true"]Elements with data-sensitive attribute.
Redaction is processed in real-time and covers all event types. Only redact what’s necessary for privacy - overly broad selectors may reduce the value of your session recordings.