We share screenshots, video recordings, and screen-session recordings all the time — to
report bugs, review work, and explain things faster than words can. Because a capture
shows whatever is on screen, treat every one as if it might contain company or
customer data, and make sure it’s compliant before it leaves your machine.
Anything that may touch company or customer data must be handled compliantly before you
share it — check it, and use approved tools and storage. When in doubt, don’t share it
until you’ve confirmed.
Stay compliant
Before sharing a screenshot or recording:
- No secrets or credentials — tokens, passwords, API keys,
.env values, internal URLs.
- No real customer data / PII — use test or anonymized data where possible.
- Blur or trim anything sensitive that ends up in frame.
- Use approved tools and storage, and mind who can access the link.
- TODO: document our data-handling / compliance policy for captures — what’s allowed,
approved tools, and where recordings that show customer data may live.
- TODO: define access & retention — public vs. workspace-only vs. password-protected,
and how long captures are kept.
What we share
- Screenshots / annotated images — a single state, error, or UI detail.
- Video recordings — walkthroughs and demos where motion or narration helps.
- Screen-session recordings — full sessions for reproducing bugs. Tools like
Jam also capture console/network/device info, which makes reports
reproducible.
- TODO: decide the standard tools for each (and whether we need paid/team plans for
private sharing, retention, or SSO), and who owns the accounts.
How to share
- Bugs: attach the capture to the ticket with a one-line summary and expected vs.
actual (TODO: confirm our tracker — Linear / Jira / GitHub issues).
- Code review: put it in the PR description or a review comment.
- Updates: share the link in the relevant channel (TODO: confirm which one) rather
than dumping large files into chat.
- Name captures so they’re findable later (TODO: agree a naming convention, if we want one).
Open questions
- TODO: Is there a sanctioned toolset, or is it per-use-case?
- TODO: Who signs off on the compliance rules for captures, and where do they live?
- TODO: Do we want a bug-report template (steps to reproduce, expected/actual,
environment) to go alongside every capture?