Data Privacy (GDPR, PCI)

Any data can be masked, anonymized or excluded (not collected) by Germain.

Data is captured as “***” instead of real value, and sent back to Germain enterprise, then stored within whichever datastore is used (on premise or cloud).

Additional advanced settings are available in this option:

Preserve or not the length of the real value
Preserve or not whitespaces of the real value

Examples:

User name “admin” masked with preserved length

User name “admin” masked without preserved length

Data is captured as hashed value instead of real value, and sent back to Germain enterprise, then stored within whichever datastore is used (on premise or cloud).

Examples:

User name “admin” anonymized

Data is not captured/stored anywhere and not sent back to the Germain enterprise.

Examples:

User name “admin” excluded

Login form’s inputs excluded

Go to Analytics > Data Privacy to:

add new configuration
review and update existing configuration entries

To add new Data Privacy configuration click :plus: button and pick one option:

Data Field Exclusion (applies to fields on all data points across the entire system, e.g. user.name, userAgent.family, sessionId, …)
Session Replay Exclusion (applies to UI/HTML/DOM elements available on UX Session Replay only, e.g. div[id=”credit-card”], input, form, …)

The following steps show how to add new Data Field Exclusion:

Go to Analytics > Data Privacy, click :plus: button and select Data Field Exclusion
Fill in the wizard form:
- Name*: Data Field Exclusion name
- Field Name*: Field name to apply the exclusion on
- [KPI]: Optional constraint on the KPI to apply the exclusion on (if not selected then exclusion will apply to all data points)
- Type*: Exclusion type
- [Advanced Settings for Mask option only]:
  - Preserve Length: If true, excluded field value will have the same length as the original otherwise the length value will be randomized, example: If true, original value: admin (4 char. long), exclusion value: **** (also 4 char. long).
  - Preserver Whitespace: If true, will preserve whitespace characters when masking otherwise will skip whitespace characters, example: if true, original value: This is a test, exclusion value: **** ** * ****.
- [Advanced Settings for all options]:
  - Pattern: Pattern to optionally match exclusion value. Example: "User: (.*)"

The example below shows how to mask username field on all data points without preserving its length and whitespace.

The following steps show how to add new Session Replay Exclusion:

Go to Analytics > Data Privacy, click :plus: button and select Session Replay Exclusion
Fill in the wizard form:
- Application Profile*: Which settings profile should this exclusion be added to
- Name*: Session Replay Exclusion name
- Element Selector*: Tag name or * wildcard, optionally followed by one attribute constraint. See example for syntax. Example: div[id="credit-card"]
- Type*: Exclusion type
- [Advanced Settings for Mask option only]:
  - Preserve Length: If true, excluded field value will have the same length as the original otherwise the length value will be randomized, example: If true, original value: admin (4 char. long), exclusion value: **** (also 4 char. long).
  - Preserver Whitespace: If true, will preserve whitespace characters when masking otherwise will skip whitespace characters, example: if true, original value: This is a test, exclusion value: **** ** * ****.
- [Advanced Settings for all options]:
  - Pattern: Pattern to optionally match exclusion value. Example: "User: (.*)"

The example below shows how to exclude completely input fields which contain credit card information from the UX Session Replay collection.

Form Policy is a predefined set of rules to exclude from collection sensitive user information entered in form elements. These rules apply to UX Session Replay monitoring only and, once enabled, they can be updated or disabled on demand per UX Monitoring Profile. The following rules get installed when Form Privacy is enabled:

Form Privacy Mask rule (masking following HTML elements):
- <input/>
- <textarea/>
- <select/>
- <datalist/>
- <option/>
- <[contenteditable]/>
- <[autocomplete^=cc-]/>
Form Privacy Exclude rule (excluding following HTML elements):
- <input type="checkbox"/>
- <input type="radio"/>

You can enable Form Privacy set of rules when deploying Germain monitoring for the first time:

You can update Form Privacy rules either from global Data Privacy view either from a particular UX Monitoring Profile.

Go to Analytics > Data Privacy
Search for UX Monitoring Profile for which Form Privacy has been enabled (e.g. reactjs2 in this example)
Two rules should be available in default configuration: Form Privacy Mask and Form Privacy Exclude
Pick one of the rule and edit it

Each individual “fact” in Germain data model can be secured following a Privacy Script that your organization can inject into Germain. That Privacy Script is inserted in:

either in a Germain RUM JS’s Init Script, for User Session Replay-related data
or in a “rule” for other fact/data (that you configure Germain to collect) and visible at Germain Workspace > Left Menu > Analytics > Rules.

This client needed to dynamically set the visibility of the User Session that Germain records, so that a Recorded User Session cannot be replayed by any Team but instead only a dedicated Team is entitled to view them, based on the financial stock(s) that was/were being traded in that recorded user session. To achieve this, the client customized Germain RUM JS’s init script with its data privacy logic.

Example to add access controls to all facts including replay:

/**
 * Sets all facts (and the Replay itself) to be visible based on the user being monitored
 *
 * In the example below:
 *  - Application User is an Admin user - Data visible to Germain UX Technical team only
 *  - Application User is a Business user - Data visible to Germain UX Technical team OR Germain UX Business team
 *  - Application User is any other type - Data visible to all Germain UX users
 */
settings.application.metadataProviders['access'] = function(window) {
    // These constants are available from the Teams view in Germain UX
    const technicalTeamAccessId = 't0';
    const businessTeamAccessId = 't1';
    if (isAdminUser(user)) {
        // If the user being collected is an Admin user (within the application being
        // monitored), only allow the Technical Team (in Germain UX) to access the replay
        return technicalTeamAccessId;
    } else if (isBusinessUser(user)) {
        // If the user being collected is a Business user (within the application being monitored),
        // allow the Technical Team (in Germain UX) or Business Team (in Germain UX) to access the replay
        return `${technicalTeamAccessId} || ${businessTeamAccessId}`;
    }
    // Otherwise any Germain UX user can view the replay
    return undefined;
};

function isAdminUser(user) {
    // custom application logic here...
    return user.type === 'Admin';
}

function isBusinessUser(user) {
    // custom application logic here...
    return user.type === 'Business';
}

CODE

Example to add access controls to a specific type of fact (in this example UxConsoleEvent), not including replay:

/**
 * Sets UxConsoleEvents to be visible based on the user being monitored
 *
 * In the example below:
 *  - Application User is an Admin user - Data visible to Germain UX Technical team only
 *  - Application User is a Business user - Data visible to Germain UX Technical team OR Germain UX Business team
 *  - Application User is any other type - Data visible to all Germain UX users
 */
settings.application.factProcessor = (fact) => {
    if (fact.myClassName === 'UxConsoleEvent') {
        // These constants are available from the Teams view in Germain UX
        const technicalTeamAccessId = 't0';
        const businessTeamAccessId = 't1';
        if (isAdminUser(user)) {
            // If the user being collected is an Admin user (within the application being monitored),
            // only allow the Technical Team (in Germain UX) to access this fact
            fact.access = technicalTeamAccessId;
        } else if (isBusinessUser(user)) {
            // If the user being collected is a Business user (within the application being monitored),
            // allow the Technical Team (in Germain UX) or Business Team (in Germain UX) to access this fact
            fact.access = `${technicalTeamAccessId} || ${businessTeamAccessId}`;
        } else {
            // do nothing, this will mean the fact is visible to all Germain UX users
        }
    }
};

function isAdminUser(user) {
    // custom application logic here...
    return user.type === 'Admin';
}

function isBusinessUser(user) {
    // custom application logic here...
    return user.type === 'Business';
}

CODE

Notes:

The isAdminUser and isBusinessUser would be logic based on the monitored application.
This logic is completely customisable, above are only examples, the important parts are:
- In the first example the settings.application.metadataProviders['access'] should return the access expression
- In the second example, the settings.application.factProcessor should set the fact.access property to the access expression for the fact
We support complex syntax for these access expressions:
- t1 => only members of the Team with accessId t1 can see the data
- t1 || t2 => members of either Team with accessId t1 OR t2 can see the data
- t1 && t2 => members must be members of both Teams with accessId t1 AND t2 to be able to see the data

Go to Analytics > UX Monitoring Profiles
Search for UX Monitoring Profile for which Form Privacy has been enabled (e.g. reactjs2 in this example)
Select a profile and scroll down in the Editor to Session Replay Exclusions section
Two rules should be available in default configuration: Form Privacy Mask and Form Privacy Exclude
Pick one of the rule and edit it

Feature

Mask

Anonymize

Exclude

Configuration

Data Field Exclusion

Session Replay Exclusion

Form Privacy

Configuration

Data Privacy view

Dynamic Data Privacy

Example

Germain RUM JS’s init script:

UX Monitoring Profile view