If you record PII as input, that input value will be stored
somewhere. I'm not exactly sure
how it's stored, but a simple test recording will blatantly show you that it's storing the value (see screenshot). If you export the recording as a script, the input values will be hardcoded in that script. The good news is that Selenium is open source, so your firm can have a look and decide for themselves -
https://github.com/SeleniumHQ/selenium-ideIf you're using Selenium as a testing tool, this shouldn't be an issue. I could see some cases where you
might need to pass live PII through a test, but I imagine those would be rare and need to be carefully handled by a framework that reads live PII data from an encrypted secrets file, not from some quick test recording.
I believe the fact that Selenium is open source answers most of your questions.