Over the past year, Wingify has been preparing to meet the requirements of the GDPR, the new data protection law that came into force on May 25, 2018. GDPR specifically affects the online businesses that store and use website visitor and app data in the European Economic Area (EEA).
If you are a Wingify user in the EEA or are otherwise subject to the GDPR, please review the following information to understand how Wingify tracks and handles visitors' personal data and information.
Session Recording Settings
Wingify has introduced different configuration options to make sure that the personal data of your website visitors are anonymized when capturing Session Recordings data. Wingify servers do not store the personal information of any visitor, and all data passing through our servers is encrypted or hidden to ensure visitor privacy.
As an account administrator, you can review and update your data recording preferences. To learn more about setting recording preferences, click here.
| Key Presses | All key presses are anonymized by default. |
| Hide the Entire Body |
You can anonymize the entire HTML body of your website during a recording. Note: Only text can be anonymized, not images. |
| Anonymize/Whitelist by Using the CSS Selector Path | You can anonymize or whitelist an input/non-input field by using the selector path of the element in Wingify. To learn how to find the selector path, click here. For example, if you want to anonymize a field containing visitor information in your Order page, you can blacklist the field to hide the data in the recordings. |
| DOM mutation and HTML data | All DOM mutation and HTML data tracked during session recordings are encrypted and then sent to Wingify servers. |
| Add the nls_protected class to anonymize/whitelist elements | To anonymize or whitelist an element, add the nls_protected class to the element. |
| 3 consecutive digits | Always anonymized by default unless the data is whitelisted. |
| Password fields | Always anonymized, even if data is whitelisted. |
Custom Dimensions
Custom dimensions are used to collect visitor data, preferences, and personal information. If you are using Custom Dimensions to manage visitor data, it is recommended that you review the updates in our Wingify settings to make sure your data is safe and protected. In cases where visitor information is unavoidable, we recommend that you use salt with a minimum hashing requirement of SHA256, with a minimum of 8 characters. To learn more about using Custom Dimensions, click here.
| Filtering | By default, Wingify filters all incoming data for any custom dimensions for the personal information of the visitors, such as email addresses and credit card numbers. To override the default settings, you can define regex rules and then add them to the specific filter in Wingify custom dimensions. |
| Flushing data | You can delete all data collected for any custom dimension. |
Privacy Settings
Wingify introduces Privacy Center to help you review or modify the visitor information collected from your website visitors. For example, you can select what location information you want to track, like countries, regions, or cities. To learn more about privacy settings, click here.
| IP Address | By default, Wingify replaces the last octet of IP Address with 0 (zero) before saving location information. You can customize the setting to choose if you want more numbers to be anonymized for IP addresses. You can even disable tracking any IP address information at all. |
| Location | For location data, Wingify tracks the Country, Region & City information of your website visitors. You can change the preference to collect only country or region information. You can even disable storing location information. |
| Detecting personal information in Query Parameters | By default, Wingify filters any personal or sensitive information in query parameters and anonymizes them. You can customize the filter conditions for query parameters, |
| Adhere to Visitor’s Do Not Track Settings | All website visitors allow visitors an option to disable websites and mobile applications from tracking their visits. To honor the visitor preferences, Wingify provides an option to Adhere to Do Not Track Settings of the visitor. |
Wingify Surveys
As a Wingify administrator, you can seek your website visitors' consent before they participate in the On-page Surveys. The consent message is displayed along with a welcome message and links to our Privacy and Security Policies. To learn more about Wingify on-page surveys, click here.
Handling Data Subject Rights
Wingify is fully committed to upholding the data privacy, security, and rights of both our customers and their users. As a GDPR-compliant organization, customer trust and data privacy remain our key focus areas. For more understanding, please refer to our Privacy, Security, and Opt-out policies.
| Right to consent | Adhere to Do Not Track Settings Visitors have the right to select the Do not Track (DNT) option from their browser settings to disable any web application from tracking them. If the DNT option is enabled in the visitors' browser, you cannot track the visitor even on your own website. Wingify provides an option to account administrators to honor the visitors' browser DNT settings. To learn more about Privacy settings, click here. |
| Right to access data | Providing data to a data subject Wingify users can request a website or mobile app data for specific data subjects using their UUID. After receiving a request, we can provide a link where all the data collected for a specific UUID is available for a specific time. To learn more about managing UUID data access, click here. |
| Right to erasure |
Deleting Data of a Data Subject As a Wingify account admin, you can delete the website and mobile app data for specific data subjects using their UUID. Note: Removing a specific UUID data record is not possible for some campaigns like AB test or personalization. To completely remove UUID data from a test, you must flush the entire test data and start it again. To learn more about managing UUID data access, click here. |