VWO Privacy Centers helps you configure what data you want to collect from your website visitors. Using this option, you can ensure visitor privacy by defining how and what level of data you would like to track from your website users. To access the Privacy Center, go to SETTINGS > ACCOUNTS > PRIVACY CENTER.
VWO allows you to configure the privacy settings for your website visitors in the following ways:
VWO uses IP addresses to check for both traffic and to get location information. This setting only controls how the IP value is stored in VWO servers. The option to modify what location data is stored in VWO is present in the next section. By default, VWO replaces the last octet (digits after the fourth dot) with 0 for your visitor IP address that passes through the VWO server. You can change the format to store IP Information in SETTINGS > ACCOUNTS > PRIVACY CENTER using the options present in Select how VWO will store IP address of your website visitors dropdown.
VWO stores location information of your website visitors which includes- country, region, and city. Using the Store Location Information option present in SETTINGS > ACCOUNTS > PRIVACY CENTER, you can specify what level of visitor location information you want to store. If you do not want to track visitor location, simply uncheck the option. This option does not impact your geo-targeting for campaigns; it only decides how the location information is stored in VWO.
You can use the location filter during reports segmentation, only if this option is enabled.
Do Not Track
You can configure your privacy settings not to record or track any information about your website visitors. All modern browsers allow users to select if their activities on the browser can be tracked like websites visited, and so on. If you select the option Adhere to Do Not Track Settings present in SETTINGS > ACCOUNTS > PRIVACY CENTER, the VWO app will respect the user’s browser settings and does not track any activity. Also, VWO will not drop any cookies on the visitor's browser. To know more about cookies in VWO, refer to Cookies stored by VWO.
By default, this option is not selected, and VWO tracks the user activities regardless of whether or not the user has configured the Do Not Tracking option in their browser settings.
ATTENTION: If you are self-hosting your test files on your own server, the Adhere to Do Not Track Settings feature will not work.
Configure SameSite Attribute
With the version 80 update of Google Chrome, there comes a criterion where the cookies can be accessed with 3rd party context only when its SameSite attribute is set to None and secure. This means, you intentionally allow the cookie to be accessed with a third-party context.
This brings in better privacy by preventing cross-domain information leakage, but this update might impact how visitors are tracked uniquely if parts of your website (or the entire website itself) load in an iframe.
To know more about the SameSite cookie attribute, refer to SameSite Cookie.
Collect Only TLS 1.2 Data
Enabling this option ensures that your VWO account only tracks data when a visitor lands on your website over a secure TLS 1.2 protocol connection.
Anonymize Query Parameters
VWO by default prevents any sensitive information such as emails, phone numbers, passwords from reaching the VWO servers. You can use this section to customize the default set by VWO. All anonymized query parameters are displayed as vwo_anonymized to the end-user. By default, VWO detects information formats for email addresses and phone numbers and looks for query parameters that may contain authentication tokens, passwords, and user names.
Using the SETTINGS > ACCOUNTS > ANONYMIZE QUERY PARAMETERS section of your VWO account, you can:
- Disable the query parameters for which you want to ensure that no sensitive information is captured and sent to VWO. You can do this by entering the query parameters in the Blacklist (List of query parameters to anonymize) field
- Enable the query parameters which according to you must be sent to VWO servers as they do not hold any sensitive information. This can be done by entering the parameters in the Whitelist (List of query parameter to be excluded from anonymization) field
For example, to define a regex value for email, you can add the following query parameters as Email=[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+
By default, VWO blacklist’s the following- email address, credit card number, passwords, SSN, and IP address.
1. The password field will always be anonymized, regardless of whitelisting such fields.
2. For numerical inputs like credit card details, social security numbers, or CVV, enabling anonymization will replace the actual input with zeroes.
3. By default, VWO replaces the last octet of IP Address with 0 before saving it.