VWO Privacy Centers help you configure what data you want to collect from your website visitors. Using this option, you can ensure visitor privacy by defining how and what level of data you would like to track from your website visitors. To access the Privacy Center, go to the gear icon ⚙ > Accounts > Privacy Center.
VWO allows you to configure the privacy settings for your website visitors in the following ways:
IP Addresses
VWO uses IP addresses to check for both, traffic and location information. This setting only controls how the IP value is stored in VWO servers. The option to configure how location information is stored in VWO is available in the next section. By default, VWO anonymises the last part of the IP address to protect visitor privacy as explained below:
- For IPv4 addresses, the last octet (the last set of digits after the third dot) is replaced with 0. For example, 34.107.218.251 is stored as 34.107.218.0.
- For IPv6 addresses, VWO anonymises the last 5 segments (the last 5 sets of hexadecimal numbers separated by colons). For example, 2401:4900:60f3:229d:acb4:23a2:fadc:8b72 is stored as 2401:4900:60f3::.
You can adjust how VWO stores the IP addresses by selecting one of the following options in Settings > Accounts > Privacy Centre under the Select how VWO will store IP address of your website visitors dropdown.
Location
VWO stores location information of your website visitors which includes- country, region, and city. Using the Store Location Information option present in ⚙ > Accounts > Privacy Center, you can specify what level of visitor location information you want to store. If you do not want to track visitor location, simply uncheck the option. This option does not impact your geo-targeting for campaigns; it only decides how the location information is stored in VWO.
You can use the location filter during reports segmentation, only if this option is enabled.
Do Not Track
You can configure your privacy settings not to record or track any information about your website visitors. All modern browsers allow visitors to select if their activities on the browser can be tracked like websites visited, and so on. If you select the option Adhere to Do Not Track Settings present in ⚙ > Accounts > Privacy Center, the VWO app will respect the visitors' browser settings and does not track any activity. Also, VWO will not drop any cookies on the visitor's browser. To know more about cookies in VWO, refer to Cookies stored by VWO.
By default, this option is not selected, and VWO tracks the visitor activities regardless of whether or not the visitor has configured the Do Not Tracking option in their browser settings.
If you are self-hosting your test files on your own server, the Adhere to Do Not Track Settings feature will not work.
Configure SameSite Attribute
With the version 80 update of Google Chrome, there comes a criterion where the cookies can be accessed with 3rd party context only when its SameSite attribute is set to None and secure. This means, you intentionally allow the cookie to be accessed with a third-party context.
This brings in better privacy by preventing cross-domain information leakage, but this update might impact how visitors are tracked uniquely if parts of your website (or the entire website itself) load in an iframe.
To know more about the SameSite cookie attribute, refer to SameSite Cookie.
Anonymize Query Parameters
VWO by default prevents any sensitive information such as emails, phone numbers, passwords from reaching the VWO servers. You can use this section to customize the default set by VWO. All anonymized query parameters are displayed as vwo_anonymized to the end-user. By default, VWO detects information formats for email addresses and phone numbers and looks for query parameters that may contain authentication tokens, passwords, and usernames.
Using the ⚙ > Accounts > Privacy Center > Anonymize Query Parameters section of your VWO account, you can:
- Disable the query parameters for which you want to ensure that no sensitive information is captured and sent to VWO. You can do this by entering the query parameters in the Blacklist (List of query parameters to anonymize) field
-
Enable the query parameters which according to you must be sent to VWO servers as they do not hold any sensitive information. This can be done by entering the parameters in the Whitelist (List of query parameter to be excluded from anonymization) field
For example, to define a regex value for email, you can add the following query parameters as Email=[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+
By default, VWO blacklist’s the following- email address, credit card number, passwords, SSN, and IP address.
1. The password field will always be anonymized, regardless of whitelisting such fields.
2. For numerical inputs like credit card details, social security numbers, or CVV, enabling anonymization will replace the actual input with zeroes.
3. By default, VWO replaces the last octet of IP Address with 0 before saving it.
IP Addresses to Exclude
Excluding IP addresses enables you to avoid tracking certain IP ranges on the web pages where the VWO SmartCode is running. To learn about excusing the IP addresses, refer to How to Exclude IP Addresses from VWO Tracking?.