VWO Insights - Mobile App is committed to giving app developers insights into visitor interactions while respecting their privacy, including compliance with GDPR, CCPA, DPDPA, and other applicable global privacy laws. If you are running a mobile application, you would be likely aware of the compliances to be adhered to in order to effectively submit your application to the App Store and Play Store for review. Here is how VWO Insights - Mobile App handles and processes your visitor data that would help you align with the requirements cited by these platforms.

What is VWO Insights - Mobile App? What Does It Do?

VWO's Mobile Session Recordings, referred to as VWO Insights - Mobile App, allows you to record and replay your visitors' interactions within your mobile app. This encompasses actions like scrolling, swiping, and single or double taps. These recordings offer a detailed view of your visitors' preferences in your app, highlighting their most-used features, identifying points of friction in the purchase process, understanding reasons for drop-offs, gauging time spent on the app, and uncovering various insights into their behavior.

How Does It Do What It Does?

VWO captures visitor actions (gestures) and screenshots of the application at regular intervals. The gestures are used to highlight the areas where the visitor is interacting with the application, including any struggle. The screenshots are sequenced and coupled with the gestures to create a simulation of the visitor session.

How Does VWO Maintain Visitors’ Privacy?

By default, VWO anonymizes all input fields. We sincerely adhere to privacy by design and privacy by default requirements.  To anonymize other areas, you can avail of the configuration settings on the Mobile Session Recordings page. Typically, maintaining the data privacy of your visitors is highly dependent on the configurations that you apply for session recordings. 

Anonymization of the fields is done right at the client side before the data reaches VWO. Thus, VWO doesn’t have access to any probable PII data of your visitors. This also applies to any payment-processing related and digitalized personal health information of the visitors.

VWO prohibits you from using the products and services to collect, track, or record any Personally Identifiable Information.  You, as VWO’s customer, must identify all fields where Personally Identifiable Information may be entered and must not allow the collection of any data from such fields. You acknowledge that You shall be solely and exclusively responsible for taking all the necessary measures on Your application and for obtaining any consent that You are legally obliged to obtain from Your users/customers/visitors.

What Data is Stored and Where?

VWO’s access to your visitors’ data is predominantly based on the configuration that you have applied on the Mobile Session Recordings page. Subject to this configuration, VWO captures the following data of your visitors:

• Screen gestures, including scrolls, single and double taps, and swipes.
• Device information such as type, model, operating system, battery percentage, and network speed.
• Screenshots of the application at regular intervals to create a replay of the visitor session.

The data storage and processing are based on the servers that the VWO account administrator has opted to use for their application. This configuration is performed right before starting to use VWO and cannot be modified later. All VWO client visitor/user data is stored in the following three data centers, as configured for the accounts:

• The us-east4 data center of GCP, located in Northern Virginia
• The Europe-west1 data center of GCP, located in Belgium
• The Asia-south1 data centre of GCP is located in Mumbai.

You can choose any one of the three. To know more about the residency of your data, refer to this article.

How Long is the Data Stored?

At the VWO servers, unless deleted by the VWO account users, the mobile session recordings are stored for 90 days, based on the subscription. Beyond this, the data is automatically flushed.

Aligning With App Store’s Privacy Policy

At the core, the App Store requires you to meet its fundamental aspects of evaluation, which align with legal compliances. For a seamless submission and review, ensure that VWO Mobile Insights is configured in alignment with the stipulated specifications.

You just need to perform the following steps to be aligned with the App Store’s privacy guidelines:

Add VWO to Your Privacy Policy

In your app’s privacy policy, do mention VWO as your third-party service provider. Craft a detailed note addressing the use of VWO Insights - Mobile App and highlight the extent to which we access the information of your visitors. Also, include the details of the duration of data collection in your privacy policy. Implement a robust consent mechanism ensuring visitors are informed and have the option to opt in or opt out of session recordings through a consent mechanism. 

NOTE: Remember to apply the changes to the code manually to comply with visitors who choose to opt out of session recordings.

You can refer to our latest privacy policy and DPA as reference for your understanding.

If the Customer discovers that PII has been collected using VWO products and services, it will immediately and permanently delete such information from within the VWO dashboard upon discovery. 

Mention What We Collect

Out of all the types of data stipulated by the App Store, VWO Insights - Mobile App collects no other type of data than the following:

Stating Tracking Transparency

With the growing awareness of the need to protect the privacy of visitors, the App Store mandates that mobile apps should request permission from visitors to opt in for app tracking. However, this is not mandatory for VWO Insights - Mobile App, as it does not use the advertising identifier of iOS (IDFA).