Privacy controls

Capture product behavior without recording what should stay private.

Hymetry helps teams capture the product signals they need while filtering common sensitive patterns, ignoring configured fields, and keeping capture rules visible for review.

Capture scope, redaction, and review state in one place.

Use hosted Hymetry, run the open-source version, or ask about installation on your own server.

Capture controls

Privacy rules

Last reviewed
Jun 28 by Product Ops

Rule status6 active rules, 2 draft changes awaiting reviewActive
Sensitive valuesEmail, phone, API key, payment-like values filtered before storageRedacted
Capture scope/app/* included, /billing/* and /admin/secrets/* excludedScoped
Never capture[data-hymetry-ignore], private notes, token fields, payment inputsIgnored

Capture with guardrails

Filter early. Capture intentionally. Keep control.

Privacy Controls give teams a clear operating model: filter common sensitive patterns, define what should never be captured, and limit collection to approved product areas.

Filter sensitive values

Help filter common contact, token, payment-like, and identifier patterns before they become product data.

Ignore private fields

Configure selectors, attributes, routes, and event properties that should be masked or excluded.

Limit capture scope

Keep capture focused on approved product areas, useful event types, and reviewable rule changes.

Sensitive value filtering

Sensitive values are filtered before they become product data.

Hymetry can help filter common sensitive patterns before values are written into analytics or replay context. Use built-in filters for common cases, then add product-specific rules for fields and flows that need stricter handling.

Filtering flow

Detected values are redacted before storage

Common filters
enabled

1

Detected

Email, phone, token, payment-like values, password-like fields

2

Filtered

Common patterns and configured selectors are redacted or ignored

3

Stored

Page, event, timing, and safe context remain available for analysis

Emailalex@company.com[redacted-email]
API keysk_live_8x93...[redacted-token]
Payment-like value4242 4242 4242 4242[redacted-number]

Filters are a baseline, not the whole policy.

Built-in filters help cover common patterns. Teams should still add custom sensitive selectors, ignored fields, and route rules for their own product.

Tell Hymetry what to never capture.

Every product has sensitive areas that generic filters cannot fully understand. Configure blocked selectors, blocked URL patterns, ignored event properties, and route rules that are owned and reviewed by your team.

Blocked selectorsBlocked URL patternsIgnored event properties
Blocked selector[data-hymetry-ignore]Product OpsJun 28Active
Masked selectorinput[type="email"]PrivacyJun 28Active
Blocked URL/billing/*FinanceJun 21Scoped
Ignored propertyevent.form_valueProductJun 18Ignored
Masked selector.customer-secretSuccessJun 14Active

Capture only the product areas you actually need.

Privacy controls should not stop at masking. Teams can reduce exposure by deciding which pages, routes, events, and product areas should be captured at all.

Product area
Captured
Ignored
Review note
Core onboarding
page visits, clicks, completion events
form values and free-text inputs
approved for product analysis
Billing
page visit only
payment fields, invoice numbers, replay
requires explicit review
Admin tools
route excluded by default
role secrets, token management, audit exports
exclude unless a team opts in
Support console
task metadata and page path
customer notes and private content
mask private selectors

Replay context without unnecessary exposure.

Replay is useful when teams need to understand a workflow, but it should not become a place where sensitive customer data is stored. Privacy Controls help keep replay focused on behavior, paths, and interaction - not private values.

Email••••••••••Masked
API keysk_••••••••Masked
Note[masked content]Ignored

Choose the level of control your team needs.

Teams can start with managed privacy defaults, add custom capture rules, or choose a self-managed path when infrastructure custody matters. Deployment options may differ by plan and support package.

Control level matrix
ControlHostedOpen-sourceOwn-server package
Managed privacy defaultsHymetry managedSelf-managedConfigured with install
Common sensitive filtersIncludedIncludedIncluded
Custom capture rulesIncludedIncludedIncluded
Advanced redaction rulesConfigurableConfigurableConfigurable with review
Route and page exclusionsIncludedIncludedIncluded
Infrastructure operationManaged by HymetryCustomer managedCustomer infrastructure
Data custody modelHosted workspaceCustomer controlledCustomer controlled
Installation supportManaged by HymetryCommunity / self-managedAvailable with package

Designed around practical privacy principles.

Privacy Controls keep the product workflow useful while reducing unnecessary capture and making the rule set visible.

Minimize what is captured

Keep product signals useful while excluding fields, pages, and values that do not need to become analytics data.

Make rules visible

Keep capture scope, masked selectors, ignored routes, and review state in one place for operational review.

Keep source context reviewable

Preserve page path, event timing, and safe session context so teams can investigate behavior without exposing private values.

Filtering, scope, and never-capture rules apply before captured behavior is used across analytics, replay, and AI-assisted investigation.

Capture the signals. Protect what should stay private.

Explore a demo project, then decide which capture rules and deployment model fit your team.

Review your own legal and compliance requirements before enabling capture in sensitive areas.