Introduction
Security and Trust, Explained Technically
This page describes how Witnes is designed to be safe to install in production applications. It complements our legal policy with engineering-level implementation details.
1. No PII by Default
Unlike visual session replay products, Witnes is built around performance metadata and diagnostic receipts. The tracker does not need user credentials or payment details to operate.
Evidence: session
association can be done with an opaque identifier via window.Witnes.identify(), without sending emails, passwords, or card numbers.
2. Zero-Cookie Architecture
Witnes does not rely on persistent cross-site tracking cookies. Our approach is intentionally session-scoped and minimal.
Evidence: we use sessionStorage
for ephemeral referral context (for example wit_ref). That data is cleared when the browser session ends.
3. Performance-Neutral Transmission
Monitoring should not degrade user experience. Witnes is built to collect and ship telemetry in the background.
Evidence: where
available, the tracker uses navigator.sendBeacon to
avoid blocking the main thread during user interaction.
4. No Remote-Control Backdoor
The tracker is designed as an outbound telemetry emitter, not as a remote command mechanism.
Evidence: there is no execution channel for arbitrary third-party commands in your app context. The script sends diagnostic measurements to ingestion endpoints.
Legal Policy vs Technical Design
This page covers implementation details. For legal disclosures and rights, read our privacy policy at /privacy .