Session Replay: Great CRO Tool or Privacy Nightmare

The past few years have seen many different SaaS apps pop up and appeal to businesses. From CDPs to AI, to session replay, there have been many different advanced platforms marketers can add to their toolbelts. One of my personal favorite tools over the past few years has been FullStory. FullStory is a session replay web app that allows site owners to literally watch what a user does on their website – in full video. Previously martech folks were stuck with heat mapping software like Kissmetrics and HotJar – and even to a lesser extent Google Analytics. While these tools were certainly helpful in addressing which parts of a web page were clicked on or interacted with the most, they were static interpretations of the data.

Tools like FullStory and Clicktale take these one step further and actually provide real-time playback of what a user is doing on a website. This is also possible across sessions and even can follow a user from signup all the way through onboarding – it’s really up to you. At first glance, this seems like a godsend. The ability to actually watch what people do on your site – where they get stuck or what they’re reading when they ultimately convert or exit is one of the more powerful funnel optimization tools to come out in the past decade. I personally can attest to their efficacy. They helped me drop a SaaS CAC from $1,250 to $100 in 3 months.

There are many other instances in which I have gone into a business, implemented one of these tools, and improved conversion rates by an order of magnitude in a fraction of the time it used to take. In just a few days of watching sessions it is possible to tell:

  • What is preventing users from converting
  • Where are customers losing interest in the page
  • Why people are dropping out of the checkout process
  • What content users focus in on and what they skim past
  • What part of the site or app crashed and how did it happen

These are all incredibly powerful insights in the hands of a skilled marketer, so what gives? Why doesn’t everyone secretly record their users and optimize based on the data? First, its helpful to understand what session replay is, and what it isn’t…

What EXACTLY is Session Replay?

Session Replay is precisely what it sounds like – the ability for the site owner, or someone else, to replay the session a specific user experienced while on the site. It includes scroll activity, mouse activity, clicks, swipes, taps, and just about any other action you can think of on a website. It has a lot of other names but session replay is generally the widely accepted term that these SaaS platforms use themselves.

It lets you see EXACTLY where someone gets stuck so that you can design a way to fix it and reduce the friction within whatever action you’re trying to get a user to take. It can also let you remotely diagnose speed or loading issues for customers – taking it one step beyond tools like Lighthouse. Being able to see specifically which files load slowly in the real world and on real users’ devices is amazing from an optimization standpoint.

With that being said, these tools themselves carry a pretty heavy payload and can slow down your site by a double-digit percentage on their own. On their own they are not enough to improve the efficacy of your site or app – they need to be wielded by a scrappy marketer who can identify the issues and implement solutions to solve them.

Visionary or Voyeur?

While periodically I feel like a voyeur when using these tools, I do see the benefits and generally feel they outweigh the privacy concerns. In my experience the friction in implementing these tools generally comes from the engineering team who feels like they infringe on privacy rights. Are they right? Well, sort of. Out of the box these tools have the ability to record usernames, passwords, credit card numbers, and other sensitive information. That is where the implementation of the tool, both from a tech standpoint and from a configuration standpoint within the platform comes into play. It is easy to block certain fields from recording into these tools, but generally, it has to be done manually.

FullStory blocks password and CC number by default but those can both be disabled by a less than honest marketer in order to get additional information about a customer. While I have never seen or heard that happening myself, it is certainly possible as these tools don’t require the obfuscation of some of the more sensitive data.

Some point to the feeling of “big brother” watching your users browse around on the website. Which is kind of what it is doing, but the blind spot here is that the marketer (me) generally doesn’t care who the user is – they just want to know what is getting in the way of the conversion, something session replay does better than any other tool out there at the moment. If the dataset were wiped of any personally identifiable information, it would still be useful to watch anonymized sessions move through a funnel and pinpoint friction.

Technically you’re also supposed to list the fact that you are using these types of programs within your Privacy Policy or EULA, and you’re even supposed to be able to toggle the script on or off within a “cookie bar” in order to totally comply with today’s regulations but I have yet to see that actually happen.

Additionally, who knows what these companies are doing with the data they have? Could they be mining it only to sell advice on optimizing funnels to the highest bidder? It really does allow for a lot of data and PII to cross into the unknown. How can someone even opt-out of this data collection if they wanted to?

Are They Worth Using?

The short answer is yes. On the surface you cant find a much more effective tool at optimizing the behavior on your website. The magic combo would be to combine session replay with a CRO tool like Optimizely or VWO to identify issues and then implement tests to counter them.

The longer answer depends on your conscious. In a time where people are increasingly worried about identity theft, facial recognition, and giving too much data to big tech companies, session replay does straddle the line between effective optimization tool and privacy nightmare. It’s worth evaluating the stance of your company on privacy and data security issues before implementing one of these tools.

What do you think? Let me know in the comments!