Recipe: Session replay privacy & storage design
How Meridian captures, sanitizes, and stores session replays without leaking PII or blowing your storage budget.
1. Capture scope
Record DOM mutations, mouse position, viewport size, and scroll depth. Never capture keystrokes, clipboard contents, or password-field values. The recorder runs in a web worker to avoid jank.
2. PII redaction pipeline
Before any event leaves the browser, a configurable redaction layer strips text nodes matching email, phone, SSN, and custom regex patterns. Elements tagged with data-meridian-mask are replaced with a blurred placeholder.
3. Event batching & compression
Events are buffered in 5-second windows, compressed with Brotli level 4, and sent as a single POST. Payloads average 2-8 KB per batch. On idle, the buffer flushes immediately.
4. Storage tiering
Hot storage (last 7 days) lives in Edge Config for instant playback. Warm storage (8-30 days) moves to R2 with lazy decompression. Cold storage (>30 days) is archived to R2 Infrequent Access. Retention is capped at 90 days by default.
5. Playback security
Replay tokens are single-use, signed with HMAC-SHA256, and expire after 15 minutes. The playback iframe is sandboxed with allow-same-origin omitted to prevent DOM access.