Amplitude's Session Replay feature lets businesses record exactly how you interact with their website or app, including what you click, scroll, and type.
This analysis describes what Amplitude's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Session replay captures granular behavioral data including mouse movements and form inputs, which may include sensitive information, and the responsibility for obtaining your consent rests with the business using Amplitude, not Amplitude itself.
Interpretive note: The extent of technical safeguards Amplitude implements by default, such as masking of sensitive form fields, is not specified in the notice, creating uncertainty about the practical scope of data captured.
Removal of Session Replay product-specific transparency provision may indicate product discontinuation or relocation to separate product-specific documentation.
View full change record →If you use a website or app that has deployed Amplitude's Session Replay, your interactions including clicks, scrolls, and form inputs may be recorded in detail, and the responsibility for informing you and obtaining consent for that recording lies with the app operator, not Amplitude.
How other platforms handle this
When you use the Platform, we collect internet usage information about you, such as information about your browsing behavior, search history on the Platform, and information about your interactions with the Platform and our advertisements, including advertisement impressions and whether you clicked ...
We use cookies, web beacons, pixel tags, and other tracking technologies to collect information about your use of our services, including pages visited, links clicked, browser type, IP address, and device identifiers. We may use this information for analytics, advertising, and to improve our service...
Microsoft uses the data we collect to provide you with rich, interactive experiences. In particular, we use data to: provide and improve our products; personalize your experiences; make recommendations and display advertising. For advertising, we use data collected through our advertising services i...
Monitoring
Amplitude has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We offer a Session Replay product that allows our customers to record and replay user sessions on their websites and applications. Session Replay may capture information such as mouse movements, clicks, scrolls, and form inputs. Amplitude customers are responsible for ensuring they have the necessary rights and consents to use Session Replay.— Excerpt from Amplitude's Amplitude Privacy Notice
(1) REGULATORY LANDSCAPE: Session replay captures behavioral data that may constitute personal information under GDPR, CCPA, and equivalent state laws. Capturing form inputs raises particular sensitivity concerns, including potential capture of password fields, health information, or financial data, which may engage GDPR's special categories of data or CCPA's sensitive personal information provisions. The FTC Act is relevant to deceptive practices involving covert recording of user interactions. (2) GOVERNANCE EXPOSURE: Medium to High. Session replay products have attracted regulatory and litigation attention in multiple jurisdictions. The notice's statement that customers are responsible for consent shifts liability to business customers but does not eliminate Amplitude's exposure as a data processor if processing occurs without a lawful basis. (3) JURISDICTION FLAGS: California courts and regulators have examined session replay under wiretapping statutes such as California Penal Code Section 631, creating litigation risk for business customers who deploy session replay without adequate disclosure. EU users require explicit consent for session replay under GDPR, particularly where sensitive data may be incidentally captured. Illinois and other states with wiretapping laws may also create exposure for business customers. (4) CONTRACT AND VENDOR IMPLICATIONS: Business customers deploying Session Replay should verify their privacy disclosures and consent mechanisms explicitly address session recording. DPAs with Amplitude should address the processor's obligations to implement technical safeguards such as automatic masking of sensitive form fields. Procurement teams should assess whether Amplitude's default Session Replay configuration excludes sensitive input fields. (5) COMPLIANCE CONSIDERATIONS: Legal teams should audit Session Replay deployment configurations to confirm sensitive data fields are masked, verify that user-facing privacy notices and consent banners explicitly disclose session recording, and assess exposure under applicable wiretapping and electronic surveillance statutes in relevant jurisdictions.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Session replay captures granular behavioral data including mouse movements and form inputs, which may include sensitive information, and the responsibility for obtaining your consent rests with the business using Amplitude, not Amplitude itself.
If you use a website or app that has deployed Amplitude's Session Replay, your interactions including clicks, scrolls, and form inputs may be recorded in detail, and the responsibility for informing you and obtaining consent for that recording lies with the app operator, not Amplitude.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Amplitude.