VWO servers are used to transmit and store visitor information from the tests running on your websites. However, by default, VWO identifies and anonymizes any Personally Identifiable Information (PII) or sensitive data of visitors before storing the data on its servers. PII includes passwords, social security numbers, phone, card information, and other details. To learn more about how to anonymize or whitelist your website data in VWO recordings, refer to How to secure your visitor’s data in VWO.
For deleted or expired accounts, the data is deleted within 45 to 90 days from the date of expiry. For priority cases, you can write to VWO support, requesting immediate deletion of accounts or specific visitor data. VWO may retain PII, and account data only as required and permissible by applicable laws, and for such period by applicable laws.
- Location Information – For accounts that are using the reports segmentation option, the location information helps filter visitors, based on their geographical location or region. You can customize what level of location information you want to track. To learn about location information, refer to Location Settings in VWO.
- IP Addresses – By default, the last octet of any IP address is anonymized before storing it on VWO servers. You can select different formats of anonymization formats to store the IP information. To learn how to change the anonymization option for an IP address, refer to IP Address Settings in VWO.
- Cookies – Visitor UUID and cookies information are used to identify variation accessed. The visitor journey is pseudonymized by using a one-way hashed value.
- Custom Dimensions – As a policy, VWO does not recommend sharing any personal information with VWO. However, in situations where it becomes mandatory to share such data, we recommend the use of salt with a minimum hashing requirement of SHA256, with at least 8 characters. To learn about Custom Dimensions, refer to Working with Custom Dimensions in VWO.
- Email Addresses – If you have VWO surveys running where email addresses are collected, VWO encrypts all survey responses by default.
Data Deletion/Disposal Policy
VWO has established policies and procedures for the disposal of electronic and physical media containing PII, account data, sensitive, and confidential information that ensures data security of its servers. We recognize that media containing PII and account data may be accessed and reused if safety precautions are not taken to protect the data.
Data Deletion Procedure
- Destruction/disposal of PII and account data and information media is done in accordance with Federal Data Protection laws and regulations and pursuant to VWO’s data retention policy/schedule.
- If any media is being reused, all PII, account data, and confidential data is rendered inaccessible, cleaned, or scrubbed. All media is formatted to restrict future access.
- VWO external services and third-party vendors, upon the termination of the contract, return or destroy/dispose of all PII, account data, sensitive, and confidential data. In cases where the return or destruction/disposal is not feasible, the contract limits the use and disclosure of the information to the purposes that prevent its return or destruction/disposal.
- Any disposed of media containing PII, account, and confidential data is disposed of, making sure that the data cannot be readily recovered or reconstructed.
- The methods of destruction, disposal, and reuse are reassessed periodically, based on current technology, accepted practices, and availability of timely and cost-effective destruction, disposal, and reuse technologies.
- VWO sanitizes all electronic media to “clear” or “purge” PII, account data, sensitive, and confidential information stored in accordance with NIST Special publication guidelines. If the media cannot be “cleared” or “purged,” then it must be “destroyed.”
Data Disposal Procedure
- Media containing PII, account data, and sensitive and confidential information is stored and disposed of in a safe and secure environment.
- Visitor/user data is deleted or overwritten by using techniques to make the original information non-retrievable.
- All unusable hard disk drivers shall be erased securely by using a degausser.
- A record of all media disposed of and the relevant authorization forms for such disposal is maintained for record and audit purposes.