Data Privacy (GDPR, PCI)

Feature

Any data can be masked, anonymized or excluded (not collected) by Germain.

Mask

Data is captured as “***” instead of real value, and sent back to Germain enterprise, then stored within whichever datastore is used (on premise or cloud).

Additional advanced settings are available in this option:

• Preserve or not the length of the real value

• Preserve or not whitespaces of the real value

Examples:

• User name “admin” masked with preserved length

• User name “admin” masked without preserved length

Anonymize

Data is captured as hashed value instead of real value, and sent back to Germain enterprise, then stored within whichever datastore is used (on premise or cloud).

Examples:

• User name “admin” anonymized

Exclude

Data is not captured/stored anywhere and not sent back to the Germain enterprise.

Examples:

• User name “admin” excluded

• Login form’s inputs excluded

Configuration

Go to Germain Workspace > Left Menu > Analytics > Data Privacy to:

• add new configuration

• review and update existing configuration entries

To add new Data Privacy configuration click :plus: button and pick one option:

• Data Field Exclusion (applies to fields on all data points across the entire system, e.g. user.name, userAgent.family, sessionId, …)

• Session Replay Exclusion (applies to UI/HTML/DOM elements available on UX Session Replay only, e.g. div[id=”credit-card”], input, form, …)

Data Field Exclusion

The following steps show how to add new Data Field Exclusion:

• Go to Analytics > Data Privacy, click :plus: button and select Data Field Exclusion

• Fill in the wizard form:

  • Name*: Data Field Exclusion name

  • Field Name*: Field name to apply the exclusion on

  • [KPI]: Optional constraint on the KPI to apply the exclusion on (if not selected then exclusion will apply to all data points)

  • Type*: Exclusion type

  • [Advanced Settings for Mask option only]:

    • Preserve Length: If true, excluded field value will have the same length as the original otherwise the length value will be randomized, example: If true, original value: admin (4 char. long), exclusion value: **** (also 4 char. long).

    • Preserver Whitespace: If true, will preserve whitespace characters when masking otherwise will skip whitespace characters, example: if true, original value: This is a test, exclusion value: **** ** * ****.

  • [Advanced Settings for all options]:

    • Pattern: Pattern to optionally match exclusion value. Example: "User: (.*)"

The example below shows how to mask username field on all data points without preserving its length and whitespace.

Session Replay Exclusion

The following steps show how to add new Session Replay Exclusion:

• Go to Analytics > Data Privacy, click :plus: button and select Session Replay Exclusion

• Fill in the wizard form:

  • Application Profile*: Which settings profile should this exclusion be added to

  • Name*: Session Replay Exclusion name

  • Element Selector*: Tag name or * wildcard, optionally followed by one attribute constraint. See example for syntax. Example: div[id="credit-card"]

  • Type*: Exclusion type

  • [Advanced Settings for Mask option only]:

    • Preserve Length: If true, excluded field value will have the same length as the original otherwise the length value will be randomized, example: If true, original value: admin (4 char. long), exclusion value: **** (also 4 char. long).

    • Preserver Whitespace: If true, will preserve whitespace characters when masking otherwise will skip whitespace characters, example: if true, original value: This is a test, exclusion value: **** ** * ****.

  • [Advanced Settings for all options]:

    • Pattern: Pattern to optionally match exclusion value. Example: "User: (.*)"
      

The example below shows how to exclude completely input fields which contain credit card information from the UX Session Replay collection.

Form Privacy

Form Policy is a predefined set of rules to exclude from collection sensitive user information entered in form elements. These rules apply to UX Session Replay monitoring only and, once enabled, they can be updated or disabled on demand per UX Monitoring Profile. The following rules get installed when Form Privacy is enabled:

• Form Privacy Mask rule (masking following HTML elements):

  • <input/>

  • <textarea/>

  • <select/>

  • <datalist/>

  • <option/>

  • <[contenteditable]/>

  • <[autocomplete^=cc-]/>

• Form Privacy Exclude rule (excluding following HTML elements):

  • <input type="checkbox"/>

  • <input type="radio"/>

Configuration

You can enable Form Privacy set of rules when deploying Germain monitoring for the first time:

You can update Form Privacy rules either from global Data Privacy view either from a particular UX Monitoring Profile.

Cookie Consent Integration

Germain RUM JS integrates with IAB TCF 2.0 (Transparency and Consent Framework 2.0) and with the following 3rd party Cookie Consent Managers:

• CommandersAct

• Consentmanager

• Cookie Bot

• Cookie Information

• Crown Peak

• Didomi

• HubSpot

• Iubenda

• NextRoll

• Osano

• Sourcepoint

• Termly

• Usercentrics

Integration with any other cookie consent manager or custom code is possible too.

Data Privacy view

• Go to Germain Workspace > Left Menu > Analytics > Data Privacy

• Search for UX Monitoring Profile for which Form Privacy has been enabled (e.g. reactjs2 in this example)

• Two rules should be available in default configuration: Form Privacy Mask and Form Privacy Exclude

• Pick one of the rule and edit it

UX Monitoring Profile view

• Go to Germain Workspace > Left Menu > Analytics > UX Monitoring Profiles

• Search for UX Monitoring Profile for which Form Privacy has been enabled (e.g. reactjs2 in this example)

• Select a profile and scroll down in the Editor to Session Replay Exclusions section

• Two rules should be available in default configuration: Form Privacy Mask and Form Privacy Exclude

• Pick one of the rule and edit it

Active Sessions

Go to Germain Workspace > Left Menu > Germain > Sessions