Arlo uses a tool called VWO to record visitor sessions on its website, capturing how users move, click, and scroll. This recording applies across all pages of the main arlo.com domain, excluding only the my.arlo.com subdomain.
This analysis describes what Arlo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Session recording can capture a detailed replay of everything you do on Arlo's site, including browsing products, adding items to your cart, and progressing through checkout, which goes beyond standard analytics data collection.
Interpretive note: The document confirms session recording is deployed but does not disclose whether input masking, consent gating, or data retention limits are in place; the practical scope of data captured depends on VWO's configuration settings not visible in this document.
Your mouse movements, clicks, scrolls, and interactions on Arlo's product and checkout pages may be recorded and stored by VWO, a third-party behavioral analytics provider, without necessarily being prominently disclosed at the point of interaction.
How other platforms handle this
We may record any telephone calls between you and our agents or other representatives for training and quality assurance purposes.
We may use the information we collect to help us improve our products and services, to develop new features, and to perform analytics. We may also use your information to personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested...
In competitive game modes, we may record your gameplay, and your controller button inputs, and replay these together with your in-game profile information and game statistics to other players in-game and at live EA or partner events.
Monitoring
Arlo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"9:{"urlRegex":"^.*$","goals":{"1":{"pUrl":"^.*$","urlRegex":"^.*$","mca":false,"excludeUrl":"","type":"ENGAGEMENT"}},"manual":false,"pc_traffic":100,"stag":0,"id":9,"exclude_url":"^https\\:\\/\\/my\.arlo\.com.*$","version":2,"mt":[],"clickmap":0,"ibe":1,"combs":{"1":1},"comb_n":{"1":"website"},"segment_code":"true","sections":{"1":{"variations":{"1":[]},"triggers":[],"path":""}},"triggers":[2015968],"bl":"","ep":1559852450000,"aK":1,"wl":"","name":"Visitor Sessions Recorded","multiple_domains":0,"metrics":[],"main":true,"status":"RUNNING","globalCode":[],"ss":null,"type":"ANALYZE_RECORDING"}— Excerpt from Arlo's Arlo Privacy Policy
1) REGULATORY LANDSCAPE: Session recording technology that captures user interactions on e-commerce pages, particularly checkout flows, engages GDPR Article 5 (data minimization), Article 6 (lawful basis), and Article 13 (transparency obligations), as well as the ePrivacy Directive's requirements for consent to non-essential cookies and tracking. Under CCPA/CPRA, session recording data constitutes personal information and may qualify as sharing for advertising or analytics purposes, triggering disclosure and opt-out obligations. The FTC Act Section 5 is relevant if session recording practices are not clearly disclosed to consumers. 2) GOVERNANCE EXPOSURE: High. The VWO session recording campaign (ID 9) is configured with a URL regex of '^.*$' (all pages) and excludes only the my.arlo.com subdomain, meaning it applies to checkout and cart pages on the main domain. If VWO's field-level input masking is not properly configured, sensitive data including payment-adjacent form fields could be incidentally captured. This creates material regulatory exposure under GDPR and potential state electronic surveillance statutes. 3) JURISDICTION FLAGS: EU/EEA users face the highest exposure under GDPR, where session recording without explicit, informed consent for non-essential processing would be unlawful. California residents are protected under CPRA, which requires disclosure of session recording as a data practice and may require opt-out mechanisms. Illinois BIPA could be relevant if session recordings were ever found to capture biometric identifiers, though no specific evidence of that appears in this document. 4) CONTRACT AND VENDOR IMPLICATIONS: The deployment of VWO as a session recording vendor requires a Data Processing Agreement (DPA) under GDPR Article 28. Procurement teams should confirm that a current DPA with VWO is in place, that VWO's data transfer mechanisms for US-EU data flows are valid (e.g., Standard Contractual Clauses), and that VWO's data retention and deletion practices are contractually governed. The configuration shows VWO has access to behavioral data across all main domain pages. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should audit whether the OneTrust consent configuration properly gates VWO session recording behind an explicit consent category (typically 'analytics' or 'performance' cookies), and whether opting out of that category effectively prevents session recording scripts from loading. A technical audit of VWO's masking configuration on checkout and form pages is advisable. The privacy policy should be reviewed to confirm session recording is explicitly disclosed as a data practice.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and liability.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Session recording can capture a detailed replay of everything you do on Arlo's site, including browsing products, adding items to your cart, and progressing through checkout, which goes beyond standard analytics data collection.
Your mouse movements, clicks, scrolls, and interactions on Arlo's product and checkout pages may be recorded and stored by VWO, a third-party behavioral analytics provider, without necessarily being prominently disclosed at the point of interaction.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Arlo.