While reviewing outgoing XHR's (AJAX requests), I noticed one sending data to rs.fullstory.com. Since I’ve never heard this service mentioned explicitly, I wanted to ask what it does and what kind of data it collects. I would have appreciated being informed about the involvement of third-party services like this—regardless of whether they collect data or not.
After visiting FullStory’s website, I suspect it’s used for some form of user research, but I’m still uncertain about its exact purpose and unaware that this was in place. To be honest, I’m not sure if I’m entirely comfortable with it. It may give the impression some malicious script was injected in our app - and that's never assuring.
In addition to my concerns regarding data privacy, I could also imagine it having a negative effect on performance. So a topic within a topic, I suppose.
I just asked our Observability team about this to get more details for an official statement.
From what I heard from other support engineers, this is for Retool's fullstory account, we randomly sample all app sessions at a low percentage, with some occasional increased the sampling on some events where needed (e.g. building out a newly released feature).
I believe this is disclosed in our terms and conditions page but I can double check that to confirm as well. We go to the full lengths to respect and protect our users privacy and ensure that sensitive data is encrypted and secured.
I can definitely see how finding this without expecting to see it could give the impression of a malicious script. We can definitely do more to let users know this is going on, such as creating an article on our docs page.
My impression was that the sampling of app events is done randomly on all apps at a very low percentage and gives us helpful data to identify issues and improve our product for our developer and end user experience.
I also asked about the performance aspect of fullstory. From another support engineer they said that the performance should be negligible as these are fairly infrequent and carry the same if not lighter load as the consistent /save requests being made that back up apps.