Amplitude's Session Replay feature lets businesses record exactly how you interact with their website or app, including what you click, scroll, and type.
This analysis describes what Amplitude's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Session replay captures granular behavioral data including mouse movements and form inputs, which may include sensitive information, and the responsibility for obtaining your consent rests with the business using Amplitude, not Amplitude itself.
Interpretive note: The extent of technical safeguards Amplitude implements by default, such as masking of sensitive form fields, is not specified in the notice, creating uncertainty about the practical scope of data captured.
If you use a website or app that has deployed Amplitude's Session Replay, your interactions including clicks, scrolls, and form inputs may be recorded in detail, and the responsibility for informing you and obtaining consent for that recording lies with the app operator, not Amplitude.
How other platforms handle this
American gets this information by using technologies, including cookies, web beacons, and mobile device geolocation to provide and improve our Interactive Services and advertising, including across browsers and devices (also known as cross-device linking). This technical information may be combined ...
We and our service providers may use cookies, web beacons, pixel tags, and other tracking technologies to collect information about your browsing behavior, device type, IP address, and interactions with our website and advertisements.
We use cookies and similar tracking technologies to track the activity on our websites and services and store certain information. Tracking technologies used include beacons, tags, and scripts to collect and track information and to improve and analyze our services. You can instruct your browser to ...
Monitoring
Amplitude has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We offer a Session Replay product that allows our customers to record and replay user sessions on their websites and applications. Session Replay may capture information such as mouse movements, clicks, scrolls, and form inputs. Amplitude customers are responsible for ensuring they have the necessary rights and consents to use Session Replay.— Excerpt from Amplitude's Amplitude Privacy Notice
(1) REGULATORY LANDSCAPE: Session replay captures behavioral data that may constitute personal information under GDPR, CCPA, and equivalent state laws. Capturing form inputs raises particular sensitivity concerns, including potential capture of password fields, health information, or financial data, which may engage GDPR's special categories of data or CCPA's sensitive personal information provisions. The FTC Act is relevant to deceptive practices involving covert recording of user interactions. (2) GOVERNANCE EXPOSURE: Medium to High. Session replay products have attracted regulatory and litigation attention in multiple jurisdictions. The notice's statement that customers are responsible for consent shifts liability to business customers but does not eliminate Amplitude's exposure as a data processor if processing occurs without a lawful basis. (3) JURISDICTION FLAGS: California courts and regulators have examined session replay under wiretapping statutes such as California Penal Code Section 631, creating litigation risk for business customers who deploy session replay without adequate disclosure. EU users require explicit consent for session replay under GDPR, particularly where sensitive data may be incidentally captured. Illinois and other states with wiretapping laws may also create exposure for business customers. (4) CONTRACT AND VENDOR IMPLICATIONS: Business customers deploying Session Replay should verify their privacy disclosures and consent mechanisms explicitly address session recording. DPAs with Amplitude should address the processor's obligations to implement technical safeguards such as automatic masking of sensitive form fields. Procurement teams should assess whether Amplitude's default Session Replay configuration excludes sensitive input fields. (5) COMPLIANCE CONSIDERATIONS: Legal teams should audit Session Replay deployment configurations to confirm sensitive data fields are masked, verify that user-facing privacy notices and consent banners explicitly disclose session recording, and assess exposure under applicable wiretapping and electronic surveillance statutes in relevant jurisdictions.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Session replay captures granular behavioral data including mouse movements and form inputs, which may include sensitive information, and the responsibility for obtaining your consent rests with the business using Amplitude, not Amplitude itself.
If you use a website or app that has deployed Amplitude's Session Replay, your interactions including clicks, scrolls, and form inputs may be recorded in detail, and the responsibility for informing you and obtaining consent for that recording lies with the app operator, not Amplitude.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Amplitude.