Arlo uses a tool called VWO to record visitor sessions on its website, capturing how users move, click, and scroll. This recording applies across all pages of the main arlo.com domain, excluding only the my.arlo.com subdomain.
This analysis describes what Arlo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Session recording can capture a detailed replay of everything you do on Arlo's site, including browsing products, adding items to your cart, and progressing through checkout, which goes beyond standard analytics data collection.
Interpretive note: The document confirms session recording is deployed but does not disclose whether input masking, consent gating, or data retention limits are in place; the practical scope of data captured depends on VWO's configuration settings not visible in this document.
Your mouse movements, clicks, scrolls, and interactions on Arlo's product and checkout pages may be recorded and stored by VWO, a third-party behavioral analytics provider, without necessarily being prominently disclosed at the point of interaction.
Cross-platform context
See how other platforms handle VWO Session Recording on Checkout and Product Pages and similar clauses.
Compare across platforms →Monitoring
Arlo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"9:{"urlRegex":"^.*$","goals":{"1":{"pUrl":"^.*$","urlRegex":"^.*$","mca":false,"excludeUrl":"","type":"ENGAGEMENT"}},"manual":false,"pc_traffic":100,"stag":0,"id":9,"exclude_url":"^https\\:\\/\\/my\.arlo\.com.*$","version":2,"mt":[],"clickmap":0,"ibe":1,"combs":{"1":1},"comb_n":{"1":"website"},"segment_code":"true","sections":{"1":{"variations":{"1":[]},"triggers":[],"path":""}},"triggers":[2015968],"bl":"","ep":1559852450000,"aK":1,"wl":"","name":"Visitor Sessions Recorded","multiple_domains":0,"metrics":[],"main":true,"status":"RUNNING","globalCode":[],"ss":null,"type":"ANALYZE_RECORDING"}— Excerpt from Arlo's Arlo Privacy Policy
1) REGULATORY LANDSCAPE: Session recording technology that captures user interactions on e-commerce pages, particularly checkout flows, engages GDPR Article 5 (data minimization), Article 6 (lawful basis), and Article 13 (transparency obligations), as well as the ePrivacy Directive's requirements for consent to non-essential cookies and tracking. Under CCPA/CPRA, session recording data constitutes personal information and may qualify as sharing for advertising or analytics purposes, triggering disclosure and opt-out obligations. The FTC Act Section 5 is relevant if session recording practices are not clearly disclosed to consumers. 2) GOVERNANCE EXPOSURE: High. The VWO session recording campaign (ID 9) is configured with a URL regex of '^.*$' (all pages) and excludes only the my.arlo.com subdomain, meaning it applies to checkout and cart pages on the main domain. If VWO's field-level input masking is not properly configured, sensitive data including payment-adjacent form fields could be incidentally captured. This creates material regulatory exposure under GDPR and potential state electronic surveillance statutes. 3) JURISDICTION FLAGS: EU/EEA users face the highest exposure under GDPR, where session recording without explicit, informed consent for non-essential processing would be unlawful. California residents are protected under CPRA, which requires disclosure of session recording as a data practice and may require opt-out mechanisms. Illinois BIPA could be relevant if session recordings were ever found to capture biometric identifiers, though no specific evidence of that appears in this document. 4) CONTRACT AND VENDOR IMPLICATIONS: The deployment of VWO as a session recording vendor requires a Data Processing Agreement (DPA) under GDPR Article 28. Procurement teams should confirm that a current DPA with VWO is in place, that VWO's data transfer mechanisms for US-EU data flows are valid (e.g., Standard Contractual Clauses), and that VWO's data retention and deletion practices are contractually governed. The configuration shows VWO has access to behavioral data across all main domain pages. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should audit whether the OneTrust consent configuration properly gates VWO session recording behind an explicit consent category (typically 'analytics' or 'performance' cookies), and whether opting out of that category effectively prevents session recording scripts from loading. A technical audit of VWO's masking configuration on checkout and form pages is advisable. The privacy policy should be reviewed to confirm session recording is explicitly disclosed as a data practice.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Session recording can capture a detailed replay of everything you do on Arlo's site, including browsing products, adding items to your cart, and progressing through checkout, which goes beyond standard analytics data collection.
Your mouse movements, clicks, scrolls, and interactions on Arlo's product and checkout pages may be recorded and stored by VWO, a third-party behavioral analytics provider, without necessarily being prominently disclosed at the point of interaction.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Arlo.