Skip to content

Redacting Sensitive Data

Learn how to redact sensitive data from your analytics events.

Audiences are available in Beta on all plans

Sometimes, URLs and query parameters may contain sensitive data. This could be a user ID, a token, an order ID, or any other data that you don't want to be sent to Vercel. In this case, you may not want them to be tracked automatically. To prevent sensitive data from being sent to Vercel, you can pass in the beforeSend function that modifies the event before it is sent.

Returning null will ignore the event, while returning the event or a modified version of it will track it normally.

pages/_app.jsx
<Analytics
  beforeSend={(event) => {
    if (event.url.includes('/private')) {
      return null;
    }
    return event;
  }}
/>

To apply changes to the event, you can parse the URL and adjust it to your needs before you return the modified event.

In this example the query parameter secret is removed on all events.

pages/_app.jsx
<Analytics
  beforeSend={(event) => {
    const url = new URL(event.url);
    url.searchParams.delete('secret');
    return {
      ...event,
      url: url.toString(),
    };
  }}
/>

You can also use beforeSend to allow users to opt-out of all tracking by setting a localStorage value (for example va-disable).

pages/_app.jsx
<Analytics
  beforeSend={(event) => {
    if (localStorage.getItem('va-disable')) {
      return null;
    }
    return event;
  }}
/>

To learn more about the beforeSend function and how it can be used with other frameworks, have a look at the @vercel/analytics package documentation.