Security & data privacy
Multiplayer is built with security and data privacy at its core. We provide full control over data masking for frontend session recording and backend traces and content. All user inputs are automatically masked in session replays: passwords, credit card numbers, and personal information are never exposed. Also, all backend content is opt-in and maskable down to the individual fields.
Privacy controls run locally: Masking happens in the browser, mobile app, or backend service, before data is transmitted, so sensitive information never leaves the user's device or backend platform before it reaches Multiplayer's servers.
We also provide self-hosting as an option so no data leaves a customer’s environment.
SOC 2 Type II certified: Multiplayer maintains SOC 2 Type II compliance. Contact our support team team for our current accreditation report.
The result: you get the system context needed to debug and resolve technical issues effectively, while keeping end-user data secure and compliant.
Full stack data collected by default
When you fully configure Multiplayer to collect full stack session recordings, we collect the following data from your system.
Frontend data collected
- User clicks
- Page navigations + loads
- Session metadata
- Browser information
- OS information
- Device type
- Screen size
- Pixel ratio
- Cookies enabled/disabled state
- Hardware concurrency
- Package version
- DOM events
- Console messages (message + stack trace)
- Network requests (masking available)
- HTML source code
Backend data collected
- OTEL spans and logs
- Request / response content (optional)
- Request / response header content (optional)
You can full control over:
- Which traces and logs you share with Multiplayer
- Which request / response payloads you share with Multiplayer
- Whether you wish to record actions within
<canvas>elements (disabled by default)
If you don’t wish to collect full stack session recordings, but only frontend session recordings, the quickest and most lightweight approach is to use the Multiplayer browser extension, which collects by default only the frontend data listed.
DOM capture, not video recording
Multiplayer doesn't record video of users' screens. Instead, it captures structured DOM events: the underlying code that defines buttons, text, inputs, and layouts on a page.
As users interact with your application (web or mobile), Multiplayer records these changes as data, then reconstructs them step-by-step during playback. The result looks like a video but is fundamentally different: lighter weight, searchable, and built for privacy.
Unlike screenshot or video-based tools that capture everything on screen (requiring manual PII redaction prone to human error), DOM-based capture allows automatic, programmatic masking of sensitive data before it's ever transmitted or stored.
Under the hood, Multiplayer leverages rrweb, an open-source library for recording and replaying browser interactions. For a full overview of how it works and all the data captured review: User actions
Collect what you need, not what you don’t
Unlike traditional session replay tools that only run in "always-on" mode, Multiplayer gives you precise control over what gets recorded and when.
- On-demand: Manually start/stop recordings for full control over specific investigations
- Continuous: Record in the background; automatically save sessions with errors and exceptions, or manually save any session
- Conditional: Record only for specific user cohorts based on pre-defined conditions
You can also trigger recordings through the browser extension, in-app widget (web or mobile), or SDK/CLI, according to the option that fits better your workflow.
Recording only what you need means:
- Less unnecessary data stored
- Reduced PII exposure risk
- Easier compliance justification
- Lower costs
Traditional tools force a choice: record everything (expensive, risky) or sample aggressively (miss bugs). Multiplayer gives you precision without gaps.
FAQs:
- How each recording mode works
- Which triggers create an auto-saved session recording.
- How to set up programmatic triggers for session recordings
- What is the performance overhead for each recording mode
Data masking and PII protection
Multiplayer is built with privacy as a default.
Automatic protection out of the box
All user inputs are automatically masked in session replays: passwords, credit card numbers, and personal information are never exposed.
Customizable masking for your needs
- Frontend masking: we provide advanced masking options for capturing network request headers and bodies.
- Backend masking: Control which fields, paths, or patterns to mask in request/response payloads and headers
- Header filtering: Include or exclude specific headers from capture
Full flexibility
You can extend default masking rules to cover application-specific sensitive data, or opt out of defaults when you need specific data for debugging, giving you complete control over the balance between visibility and privacy.
Data storage & retention
For each full stack session replay we store the following data:
- Session metadata
- Traces and logs
- Rrweb events (screen recording)
- Notebooks and full stack session recording annotations
When recording a session replay, all traced requests are captured without sampling (though you can configure sampling per service/endpoint if needed).
Our retention period depends on your billing plan:
| Plan | Retention period |
|---|---|
| Free | 7 days |
| Pro | 15 days |
| Teams | 30 days |
| Enterprise | Custom |
All customer data is only used for the following use cases:
- Multiplayer service
- Basic, anonymized usage analytics (opt-out available)
We don’t use customer data for other purposes, including to train LLMs.
Data transmission security
Understanding how full stack session recordings’ data moves through our systems helps you assess security and compliance requirements.
Frontend session recording (rrweb events)
User's browser → Multiplayer
- DOM events are captured and masked in the user's browser
- Masked events are sent to Multiplayer's ingestion service
- Events are written to ClickHouse (our analytics database)
- Stored long-term in S3
Backend traces, logs and content (OpenTelemetry)
Client browser/backend → Client OTLP collector (optional) → Multiplayer OTLP collector → Multiplayer platform
- Telemetry data (traces, logs, request/response payloads) is collected from your frontend and backend services
- Optionally routes through your own OTLP collector for pre-processing or filtering
- Sent to Multiplayer's OTLP collector for ingestion
- Processed and stored by the Multiplayer platform
Security at each stage
- In transit: All data is encrypted using TLS 1.2+ during transmission
- At rest: Data is encrypted using industry-standard encryption (AES-256)
- Processing: OTLP messages are encrypted and access-controlled
- Optional client-side control: Using your own OTLP collector gives you an additional layer to filter, mask, or transform data before it reaches Multiplayer
Currently we store data in a US cluster, with an EU cluster available coming soon. We also support self hosting for complete control over your data and deployment options. Contact our team if you’re interested in either option.
Access controls
You can limit user permission per project or per workspace in Multiplayer.
You have to explicitly select the projects your workspace users can access. Giving workspace access is not sufficient for users to have visibility to your projects.
Per workspace, you can set these permissions:
| Permission | Actions |
|---|---|
| Owner | All admin permissions plus the ability to manage billing |
| Admin | All member permissions plus the ability to manage users, teams, projects and integrations |
| Member | Read / write permissions to the projects they have access to |
| View only | Read-only permissions in projects that they have access to |
Per project, you can set these permissions:
| Permission | Actions |
|---|---|
| Admin | Manage access to the project |
| Member | Read / write permissions to the project |
| View Only | Read-only permissions to the project |
As a note, you can also allow specific domains: Anyone with an email address at these domains is allowed to sign-up for this workspace.
For SSO/SAML integration please contact our team.
Data Erasure
We provide full control over deleting data at the tenant level and user level.
Multiplayer Owner, Admin, and Member users can delete the following information from any Multiplayer project to which they have access:
- Individual session replays
- Individual system dashboard components and dependencies
- Individual notebooks
- Disconnect any linked public or private Git repositories
At any time, a Multiplayer user can send an email to our Support team and request that all their customer data be erased from all Multiplayer systems or archived.
Multiplayer’s legal documents
To request a security/architecture compliance overview document, please contact our team or schedule directly a call.