Privacy
Defaults are strict. You opt in to less privacy, not more.
What's always masked by default
| What | Applies to | Controlled by |
|---|---|---|
<input>, <textarea> values | Web | maskInputs: true (default) |
<TextInput> values | React Native | maskTextInputs: true (default) |
| Session identity | Both | Anonymous until identify() is called |
Password inputs (<input type="password">) are always masked on web regardless of maskInputs . rrweb enforces this at the recorder level.
Web . unmask all inputs globally
Not recommended. Only use this if your app has no sensitive input fields at all.
Galacha.init({
projectKey: "your_project_key",
maskInputs: false,
});The web SDK doesn't currently support per-element privacy classes. If you need fine-grained masking, mark the whole project as maskInputs: true (default) and let the input-level default protect you.
React Native . wrap private views
Any view inside <GalachaPrivate> is rendered as a solid block in the captured frame:
import { GalachaPrivate } from "@galacha/react-native";
<GalachaPrivate>
<CreditCardForm />
</GalachaPrivate>Use this for credit card forms, medical intake, auth flows . anywhere the pixels shouldn't leave the device.
React Native . full privacy mode
Temporarily mask every frame. Handy during checkout or sensitive screens:
import { useEffect } from "react";
import Galacha from "@galacha/react-native";
function CheckoutScreen() {
useEffect(() => {
Galacha.setPrivacyMode(true);
return () => Galacha.setPrivacyMode(false);
}, []);
// ...
}What Galacha never captures
| Signal | Reason |
|---|---|
| Cookies | Never sent to the API. |
localStorage / sessionStorage | Never sent to the API. |
| Password field values | Always masked, no exceptions. |
| Request / response bodies | The SDK records URL, method, status, and timing . not body contents. |
| Content inside iframes | Only captured if you initialize the SDK inside that iframe too. |
Data residency
Sessions are stored in our managed storage tier. Default region follows your traffic. For compliance pinning (GDPR, Tanzanian data-protection rules) email kelvin@galacha.me.
Deleting user data
To honor a user deletion request:
- Dashboard → your project → Sessions
- Filter by
user_identifier - Bulk-delete from the UI
Deletions propagate to storage within 60 seconds. For bulk or audited deletion flows . e.g. a full GDPR right-to-erasure sweep across all your projects . email kelvin@galacha.me.