Consent and sensitive data

Because privacy is of the utmost importance to Smartlook and to you, we offer the Privacy API to handle sensitive data. The Privacy API is useful when you want to have control over which data is being recorded. The Smartlook WEB SDK is written with privacy-first in mind. Privacy-first means that no potentially sensitive data is recorded by default. Some data that is considered sensitive is form inputs, IP addresses, on-page emails, and numbers are not recorded unless you explicitly enable it via the record API.

Privacy with Smartlook



By default, no sensitive data is recorded

Remember that you will most likely need to get visitor consent before enabling the recording of sensitive data.

We divided sensitive data handling into four categories - form inputs, IP addresses, email addresses, and numbers. Each category can be treated separately. This gives you granular control over which data you want to be recorded. Please keep in mind that before enabling the recording of any data category, you most likely need to get consent from your visitors, depending on which jurisdiction you are in. You can read more about it in our Terms of Service.

Record API

The Record API allows you to handle recording of form inputs, IP addresses, email addresses, and numbers individually. We will go over each of the data categories in the following subsections.


Quick tip!

If you use Google Tag Manager to insert the Smartlook script, then you can include this API call and any others also. There is no need to make changes to your website source code.

Form inputs

The forms option covers all interactive form elements such as <input />, <select /> or <textarea />. These elements do not necessarily need to be within <form /> to be recorded. Sensitive inputs such as passwords are never recorded, even if the recording of forms is enabled. Instead, in the session recording, we show a typing animation to indicate user interaction with that field. If you have more elements you want to mask or not record at all, you can always use our Privacy API.

To start recording form inputs on your website, use record with { forms: true }:

smartlook('record', { forms: true })

To stop recording form inputs, use record with { forms: false }:

smartlook('record', { forms: false })

IP address

Recording of IP addresses allows Smartlook to store customer IP addresses that can be used in filtering later. Please note that once IP address recording is enabled it cannot be disabled.

To record IP addresses, use record with { ips: true }:

smartlook('record', { ips: true })


To start or stop recording email addresses, use record with { emails: true } or { emails: false }:

smartlook('record', { emails: true })
smartlook('record', { emails: false })


If numbers are not recorded, Smartlook replaces them with wildcards (*). This option is especially effective if you do not want to record telephone numbers, identity numbers, etc.

To start or stop recording numbers, use record with { numbers: true } or { numbers: false }:

smartlook('record', { numbers: true })
smartlook('record', { numbers: false })

Combining calls

All of the previously mentioned calls can be combined. You can also specify only the subset of the fields. Fields that are not specified remain in the default state.

smartlook('record', { forms: true, numbers: true, emails: false, ips: true })