Data Privacy in Frontend Observability

Grafana Faro Web SDK powers Frontend Observability and is configurable to match your data privacy needs.

Privacy considerations

Faro has a privacy-friendly design.

Collection of user data

Faro doesn’t collect any personal data by default.

However it’s possible to collect personally identifiable information unintentionally, therefore consider what user information you store.

If you intend to use this feature, ensure you have collected user consent in a way that complies with your data privacy framework.

To learn more about how to identify users, consult the user meta architecture documentation.

Cookies

Faro doesn’t store or use any cookies.

Faro stores session information in the browsers web-storage which has the following structure.

export interface FaroUserSession {
  sessionId: string; // randomly created sessionID
  lastActivity: number; // last user/browser activity
  started: number; // when the session has been started
  isSampled: boolean; // is the session part of the sample
  sessionMeta?: MetaSession; // a copy of the in-memory session meta object
}

Web Storage

Faro uses web storage to save the state of the user session. By default, the session state doesn’t contain any personal data.

Note
Faro stores custom attributes that are manually added to a user session in the sessionMeta. Never store personal data in the session meta.

By default Faro stores session data in the browser’s session storage, which is wiped after the tab or browser window is closed. If persistent sessions are enabled, the session is stored in the browsers local storage and persists even if the tab or window is closed. If the session is alive for longer than maxSessionPersistenceTime for a recurring visitor, Faro removes the data.