No Session Replay Is a Feature

Every UX monitoring tool I evaluated before building Flusterduck records the DOM. Hotjar, Clarity, FullStory, LogRocket, Mouseflow. They reconstruct what the user sees, pixel by pixel, and play it back like a video. They sell this as the product.

I think it's a mistake. Here's why.

The weight

Session replay captures DOM mutations, style changes, scroll positions, input values, mouse coordinates, network state. That's a lot of JavaScript on every interaction.

FullStory's SDK: 30KB+. LogRocket: ~25KB. Clarity: 17KB. Hotjar: ~15KB. Flusterduck: under 4KB gzipped.

Portent analyzed 94 million pageviews and found each additional second of load costs 4.42% in conversions. 53% of mobile users abandon sites over 3 seconds. You're adding a monitoring tool that degrades the thing it monitors.

We don't serialize the DOM. We listen for behavioral signals, compute locally, batch via sendBeacon. Less work for the browser. Less data on the wire.

The privacy math

CNIL, France's data protection authority, issued formal guidance in 2021 specifically about session replay tools. Their position: recording user sessions constitutes processing of personal data, even with masking, because the reconstruction of a user's interaction can identify individuals indirectly. They fined several companies for deploying session replay without adequate consent.

The German DPAs went further. The Bavarian Data Protection Authority ruled that session replay constitutes profiling under Article 22 of GDPR if used for automated decision-making about user segments.

Every session replay tool says they mask sensitive fields. FullStory has a CSS class you add to elements you want hidden. Hotjar has a similar system. In practice, I've seen password fields leak through because a developer forgot the mask class on a dynamically rendered component. Once it's recorded, it's recorded. The replay is in your vendor's cloud storage, and your SOC 2 auditor is going to ask about it.

Flusterduck can't leak your users' form inputs because we don't capture them. The SDK records the element selector (input#email), the timing (focused at 14:02:03, blurred at 14:02:11, 8 seconds of hesitation), and the field name. Never the value. There's no mask to forget. The architecture prevents the problem instead of trying to paper over it.

You don't need replay to find the problem

The argument for replay: "I need to see what the user saw." True, when all you have is a rage click count and no context. But what if you knew the button was disabled with opacity: 0.5 and no cursor: pointer? What if you saw a wireframe of the element in its container, showing size, position, and state?

Frustration snapshots. When a signal fires, the SDK captures a lightweight structural snapshot of the problem element and its DOM neighborhood. Not a screenshot. A wireframe reconstruction, enough to understand the problem without seeing user content.

The coupon button appears disabled, no tooltip, sits below an input field, users rage-clicking with no feedback. That's enough to fix it. No 47-minute replay scrubbing session required.

Storage costs nobody talks about

A single replayed session can produce megabytes of DOM mutation logs. FullStory starts at $30K/year partly because they're storing all of it. LogRocket: $69-$295/month. The infrastructure cost is real.

Flusterduck sends batched events every 3 seconds. A typical page view: a few hundred bytes of signal data. Storing "5 rage clicks on button#submit at 14:02" costs almost nothing compared to a full DOM replay. That's how a free tier at 5,000 sessions/month works.

The compliance shortcut

When your legal team asks "what user data does this tool collect?", I want the answer to be short.

Flusterduck collects: click coordinates, scroll depth, navigation paths, element selectors, page timing metrics, viewport size, and anonymized session identifiers. It does not collect: screen content, form values, passwords, cookies, localStorage, IP addresses (hashed at edge), or any PII.

That conversation takes 2 minutes. The equivalent conversation about a session replay tool involves mask configurations, data retention policies, sub-processor agreements, DPIA documentation, and a prayer that nobody forgot to add the .hs-sensitive class to the new credit card form.

I'd rather have the 2-minute conversation.