Google don’t allow PII (Personally Identifiable Information) to be tracked in Google Analytics. You can have your Google Analytics account suspended if you don’t abide by the rules.
Google provide some helpful Best Practises information, but their suggestions often rely on rewriting your web application so that PPI aren’t displayed in the URL.
This work-around script works by only including Google Analytics tracking snippet if the URL does not include email, username or password strings. The exact strings could easily be modified to suit your needs.
<script>
window.ga=function(){ga.q.push(arguments)};ga.q=[];ga.l=+new Date;
ga('create','UA-XXXXX-Y','auto');ga('send','pageview')
</script>
<script>
if(location.href.match(/(?:\b|_)(?:username|email|password)(?:\b|_)/i) > -1){
document.write('<script src="https://www.google-analytics.com/analytics.js" aysnc defer><\/script>');
}
</script>
https://coliff.github.io/prevent-pii-tracking-in-google-analytics/demo.htm - this page loads Google Analytics as normal
If you include params with PII (email, username or password) the URL though, Google Analytics will not load:
Note; the optimized Google Analytics snippet is from HTML5Boilerplate