Capture everything a dev needs. Nothing a lawyer fears.
SiteUpdate records what happened on a page so your developer doesn't have to ask. That only works if the defaults protect the people using the page. Here are those defaults.
Masked-by-default replay
Session replay ships with every input and every text node masked by default. You explicitly unmask elements you own — never the other way around. A PII regex pass runs on top, and the reporter can crop the screenshot before sending.
The replay buffer (last 60 seconds, configurable 30s–3min) only leaves the browser when the reporter presses Send. Otherwise it is discarded on the spot.
Allowlist-only cookies & storage
Cookies, localStorage, and app state are captured onlyif the key is on your site's allowlist — which starts empty. Values are redacted by default and are never visible to the reporter.
Header stripping in the network log
The network log records method, URL, status, timing, and size. Authorization and Cookie headers are never captured — stripped in the SDK and re-checked at ingest. Request/response bodies are captured only for allowlisted endpoints.
The widget can't break your site
All SDK code runs error-isolated inside try/catch boundaries with its own Shadow DOM; its failures never bubble into your page. Under 40KB gzipped, loaded async, zero impact on your Lighthouse score, no third-party calls from your page except to our API.
Access control
Per-site widget keys are ingest-only and origin-checked — a leaked key cannot read data. API keys are workspace-scoped (read/write/admin) and shown once. Reporter status links are signed, expiring magic tokens limited to that reporter's own request. Attachments are served via signed, expiring URLs. Everything is encrypted in transit and at rest.
GDPR posture
GDPR from day one: a DPA available at signup, data deletion on request (including reporter data), export on request, and masked-by-default capture as the technical measure. A SOC 2 Type II program starts within our first six months; an EU data region ships for Enterprise by month nine.
Subprocessor list — published here before beta opens: cloud hosting, object storage, email delivery, and AI inference providers, each with region and purpose. Placeholder until the list is final; it will be versioned and change-notified.
Accessibility statement (draft)
SiteUpdate targets WCAG 2.2 AA across the widget, dashboard, and reporter pages. The widget is fully keyboard-operable — including pointing at an element (Tab cycles candidates, Enter selects) — with focus-trapped dialogs, screen-reader announcements, targets of at least 24×24px, and a non-visual fallback flow (describe it in words; capture still happens automatically).
Found a barrier? Email accessibility@siteupdate.io and we'll fix it on a priority track.