Privacy & Masking

Ensora is designed to be privacy-first. Masking rules let you redact sensitive fields from session recordings before data is sent to the ingest API.

Masking Rules

Configure masking rules in the dashboard under Settings → Privacy. Rules are applied on the device — masked data never reaches Ensora servers.

What Can Be Masked

Screen content matching a text pattern or regex
Specific component trees (e.g. payment forms)
Touch coordinates on specific screens
Custom event property values

SDK-Level Masking

Disable touch capture for specific screens:

import { usePathname } from 'expo-router';
import { EnsoraProvider } from '@ensora/react-native';

export default function RootLayout() {
  const pathname = usePathname();
  const isPaymentScreen = pathname.startsWith('/checkout/payment');

  return (
    <EnsoraProvider
      apiKey="your_api_key"
      projectId="your_project_id"
      touchCapture={!isPaymentScreen}
    >
      <Stack />
    </EnsoraProvider>
  );
}

Disabling Tracking for Opted-Out Users

Respect user privacy preferences:

import AsyncStorage from '@react-native-async-storage/async-storage';

const optedOut = await AsyncStorage.getItem('analyticsOptOut') === 'true';

<EnsoraProvider
  apiKey="your_api_key"
  projectId="your_project_id"
  disabled={optedOut}
>
  <Stack />
</EnsoraProvider>

Submit a deletion request from the dashboard under Settings → Data Requests. Deletion removes all sessions, events, heatmap data, and error logs for the specified user ID.

Deletion is propagated within 72 hours across all storage layers (ClickHouse, PostgreSQL).

What Is Never Captured

Ensora never captures:

Keyboard input or text field values
Passwords or form inputs of type password
Device location
Contacts, photos, or other system data

Compliance

Ensora is designed to support:

GDPR — deletion requests, data minimization, user consent flow
CCPA — opt-out support via disabled prop
SOC 2 — audit-ready event logs

Next Steps

Utilities — SDK sampling and opt-out utilities
API Reference — complete privacy configuration
Custom Events — avoid capturing PII in event properties

Privacy & Masking

Ensora is designed to be privacy-first. Masking rules let you redact sensitive fields from session recordings before data is sent to the ingest API.

Masking Rules

Configure masking rules in the dashboard under Settings → Privacy. Rules are applied on the device — masked data never reaches Ensora servers.

What Can Be Masked

Screen content matching a text pattern or regex
Specific component trees (e.g. payment forms)
Touch coordinates on specific screens
Custom event property values

SDK-Level Masking

Disable touch capture for specific screens:

import { usePathname } from 'expo-router';
import { EnsoraProvider } from '@ensora/react-native';

export default function RootLayout() {
  const pathname = usePathname();
  const isPaymentScreen = pathname.startsWith('/checkout/payment');

  return (
    <EnsoraProvider
      apiKey="your_api_key"
      projectId="your_project_id"
      touchCapture={!isPaymentScreen}
    >
      <Stack />
    </EnsoraProvider>
  );
}

Disabling Tracking for Opted-Out Users

Respect user privacy preferences:

import AsyncStorage from '@react-native-async-storage/async-storage';

const optedOut = await AsyncStorage.getItem('analyticsOptOut') === 'true';

<EnsoraProvider
  apiKey="your_api_key"
  projectId="your_project_id"
  disabled={optedOut}
>
  <Stack />
</EnsoraProvider>

Submit a deletion request from the dashboard under Settings → Data Requests. Deletion removes all sessions, events, heatmap data, and error logs for the specified user ID.

Deletion is propagated within 72 hours across all storage layers (ClickHouse, PostgreSQL).

What Is Never Captured

Ensora never captures:

Keyboard input or text field values
Passwords or form inputs of type password
Device location
Contacts, photos, or other system data

Compliance

Ensora is designed to support:

GDPR — deletion requests, data minimization, user consent flow
CCPA — opt-out support via disabled prop
SOC 2 — audit-ready event logs

Next Steps

Utilities — SDK sampling and opt-out utilities
API Reference — complete privacy configuration
Custom Events — avoid capturing PII in event properties

Privacy & Masking

Privacy & Masking

Masking Rules

What Can Be Masked

SDK-Level Masking

Disabling Tracking for Opted-Out Users

What Is Never Captured

Compliance

Next Steps

On this page

Privacy & Masking

Privacy & Masking

Masking Rules

What Can Be Masked

SDK-Level Masking

Disabling Tracking for Opted-Out Users

What Is Never Captured

Compliance

Next Steps

On this page