At Decibel Insight, our sole aim is to ensure users have the best experience possible on our clients’ websites and apps. That doesn’t just mean providing our clients with the tools to measure and improve user experiences; it also means being proactive in ensuring user privacy is fiercely protected and respected.
That’s why we welcome the Center for Information Technology Policy’s recent report on the security of session replay technology. With GDPR on the horizon, it’s a timely reminder that protecting and respecting privacy online is paramount, and should be any digital technology’s highest priority.
This ethos is a core value at Decibel Insight. We share in the ideal that the internet should be an informative, delightful, and most importantly safe public space. That’s why from the moment we began our journey in helping brands improve digital experiences, we set out to build both a technology that leads the way in data security, as well as a company that cares for and empathizes with user privacy.
Indeed, data security and privacy has been hard coded not just into our system architecture, but into our company culture. How? Every Decibel Insight employee goes through rigorous privacy and security training during their induction, and attends regular subsequent training seminars. This ensures that, when it comes to setting an example in data security and user privacy, it’s not only the technology at Decibel that does so – it’s the people too.
Protecting Personally Identifiable Information
Almost all websites deal with personally identifiable information (PII), ranging from a username and account numbers on a login screen, to medical information and credit card numbers within an account. Such information is extremely sensitive, and in most cases has little to no relevance when it comes to improving user experiences.
As a result, at Decibel Insight we take a proactive, Privacy by Design approach to ensure that when our session replay technology is deployed on our clients’ websites to improve user experiences, the PII of users never reaches our servers.
1. PII is masked by default
Decibel Insight masks all user keystrokes by default. Our on-page masking algorithm is irreversible and occurs on the user’s device, so the unmasked data is never sent to our servers, and once masked it is no longer possible to reveal PII within a session replay.
A client has the option to opt-in to record keystrokes on specific form fields if the client feels this information is pertinent to improving user experiences – for example a search field may help inform clients on what users are looking for, helping improve the website’s organization and navigation.
Certain fields, however, are always masked, and can never be opted-in – including credit card numbers and social security numbers. This feature can be optionally applied to email addresses too.
2. Any opted-in data is encrypted
If a client does opt in to record keystrokes on a specific form field, like a search field, this data is subject to levels of encryption that fully ensure its secure transmission and storage.
Firstly, data collected from the user’s browser is encrypted using industry-standard 256-bit HTTPS connections. Once in transit, it’s encrypted using two-way 256-bit TLS; and once at rest clients can opt to have it encrypted using 256-bit AES encryption.
Our clients can focus on what matters: improving digital experiences
With user privacy assured, our clients can focus on using Decibel Insight’s session replay – as well as a wealth of other features – to gain unprecedented insight into where and how they can improve user experiences on their websites and apps.
Just as an architect studies how people really use buildings and public infrastructure to better shape the physical experience for safety and convenience, Decibel Insight’s technology enables digital teams to ensure the digital experience they provide for their customers is the best it can possibly be.
Improving user experiences is vital – but it should never come at the expense of user privacy. Regardless of the good intentions of a technology, protecting and respecting those it affects should be the highest priority. At Decibel Insight, our clients and their users can rest assured that this always has been – and always will be – the case.