[3] Last year, we published an expose about how Glassbox’s SDK was being adopted by some customers, where they were not fully disclosing to their own customers just how their online actions were being monitored and tracked in the name of quality control; and how and if sensitive data was being sucked up in the process.

[10][11][12] The affected apps included ones published by Abercrombie & Fitch, Air Canada, Expedia, Hollister, Hotels.com, and Singapore Airlines.

[19][20] Anti-malware company Avast observed that using session-replay analytics "without even mentioning it is not right, and probably illegal in some countries.

"[21] Computer science professor Thomas Keenan, author of the book Technocreep, suggested that people who do not want a company to record their data like this should delete the app concerned.

[22] IT Pro reported that Glassbox retains session, demographic, and location data for up to 24 months, categorizing it by age, gender, and interests, and may combine it with other information obtained from other companies.