Documentation

Privacy & data protection

What Annote captures, what it redacts before anything leaves your browser, and exactly what you can control yourself.

5 SECTIONSIN-BROWSER REDACTIONPRIVACY-FIRST

01 · By default

Capture is off until you start

Annote captures nothing until you start a session.

The extension loads on the pages you visit, but it sits inactive — in transparent passthrough — until you open the tray and begin a session. It is not recording your browsing in the background, and there is no always-on capture.

When you end a session (or close the tray), capture stops and the buffer is cleared.

02 · On your machine

Redaction happens in your browser, before anything is sent

This is the part most tools don't do: Annote redacts sensitive data on your own machine, before any of it leaves your browser.

As your console, network, and action data are captured, Annote automatically replaces sensitive patterns — JSON Web Tokens, email addresses, card-like numbers, phone numbers, API keys (such as Stripe, GitHub, and Slack keys), Authorization headers, and Cookie headers — with safe placeholders like <jwt>, <email>, <card>, or <redacted>.

Network request headers go further: authorization, cookie, and common API-token and secret headers are stripped out entirely. Sensitive form-field values — passwords, hidden fields, credit-card fields — are never captured at all.

All of this happens at capture time, in your browser, so the raw values are gone before the data is ever attached to a ticket.

03 · Your control

What you can control yourself: privacy markers

If there are parts of your own pages you want to keep out of capture, you can mark them in your HTML.

Annote honors the standard session-replay markers, so if you already use a tool like FullStory you may have these in place already.

[data-private], .fs-exclude, .fs-block, [data-annote-mask] — fully withholdthe element. Annote records that an interaction happened, but keeps the element's text and attributes out.
.fs-mask, [data-rr-is-password] — keep the element's structure but drop its text and labels.
.fs-unmask, [data-annote-blur='false'] — override a surrounding masked region for one specific element (the closest marker wins).

These markers apply to user-action capture and to console capture (when you log a DOM element).

checkout.html

<!-- fully withheld from capture -->
<div data-private>
  <span>Card ending 4242</span>
</div>

<!-- masked region, one field unmasked -->
<form class="fs-mask">
  <input name="coupon" class="fs-unmask">
</form>

Markers placed directly on your own page elements

04 · Plainly stated

The two honest limits

Two things these markers do not do, stated plainly so there are no surprises.

Markers do not redact network requests, headers, or bodies. Network data is protected by the automatic pattern redaction described above — not by markers. Adding data-private to an element does not hide an API response.

Markers do not edit the screenshot. The screenshot is a picture of the visible part of the tab at the moment you capture. Markers hide text from the captured data, not from the image. If something sensitive is visible on screen when you capture, it will be in the screenshot. Screenshots are stored at a unique, unguessable link — but anyone who has that link can open the image, so treat a capture link as sensitive and share it only with people who should see it.

05 · The boundary

What leaves your browser, and what stays

A clear line between the two — after the in-browser redaction above has already run.

Leaves your browser

The redacted console, network, and action data attached to a ticket you file
The screenshot of the visible tab
If you use Voice, your microphone audio — sent to a transcription service to turn your speech into text

Stays on your machine

Anything captured while no session is active
The buffer, if you start but never file
Anything matched by redaction (replaced before sending)
The text you typeinto your own page's fields — the action timeline never records what you type