|
This article covers the following: |
Overview
VWO servers are used to transmit and store visitor information generated by tests running on your websites. However, by default, VWO does not require the storage of any personal data to function. VWO does not capture or record data entered into input fields such as text boxes, email fields, password fields, search boxes, or form inputs. This automatic masking ensures that any sensitive information entered by visitors is never recorded or stored. To learn more about how to anonymize or whitelist your website data in VWO recordings, refer to How to secure your visitors’ data in VWO.
For deleted or expired accounts, the data is deleted within 45 to 90 days from the date of expiry. For priority cases, you can write to VWO Support, requesting immediate deletion of accounts or specific visitor data. VWO may retain PII, and account data only as required and permissible by applicable laws, and for such period by applicable laws.
Visitor-Level Data Collected and Stored by VWO
The table below outlines the visitor-level data that VWO collects and stores on its servers to enable experimentation, targeting, and reporting.
| Field Name | Definition | Sample |
| IP Address (anonymized) |
VWO applies IP de-identification by masking a portion of each visitor’s IP address by default. This masking prevents the identification of an individual.
By default, the last octet of the IP address is removed. This behavior is configurable by customers, up to complete removal of IP storage, ensuring compliance with privacy-by-design principles.
For more information on how to change the anonymisation settings for IP addresses, see IP Address Settings in VWO. |
10.16.72.0 10.16.0.0 10.0.0.0 0.0.0.0 |
| Cookie UUID | A randomly generated Universally Unique Identifier (UUID) is created and stored in the visitor’s browser. This UUID is stored in VWO, contains no fingerprinting or personal data, and is used only as a pseudonymized reference to distinguish browser sessions. | 4201E4DB-4C25-BA4DDD31-C137C7 18D30E |
| Country |
Country-level geographic information derived from the visitor’s location and used for targeting and experimentation.
Customers can configure it to store just country/country & region/country, region & city data, or completely turn it off.
To learn about location information, refer to Location Settings in VWO. |
USA |
| State |
State or region-level geographic information used for testing and targeting.
Customers can configure it to store just country/country & region/country, region & city data, or completely turn it off. |
California |
| City |
City-level geographic information derived from the visitor’s location and used for experimentation.
Customers can control whether city-level data is stored or disable it altogether. |
San Francisco |
| Device Type |
The type of device used by the visitor to access the website.
This information is commonly used for segmentation and testing. |
Mobile/tablet/desktop |
| Device Operating System | The operating system of the visitor’s device, captured to support analysis, targeting, and experimentation. | Microsoft Windows |
| Browser Type | The web browser used by the visitor to access the website, used for segmentation and testing purposes. | Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Edge, Opera, etc. |
| Referring URL | The URL from which the visitor arrived at the website. This helps identify traffic sources, including organic and paid campaigns. Query parameters in the URL can indicate paid campaign attribution. |
Organic search: www.abc.com
Inorganic search: www.abc.com/anfjmdbfsdhf/avf dkv jbivkahdvdrger12332/1231feqw
(The bold part of the sample URL indicates a query parameter, which helps you understand from which paid campaign your visitor visited your website.) |
| Visitor Type | Indicates whether a visitor is accessing the website for the first time or has visited previously. |
Visitor category as either:
|
| Screen Resolution |
The pixel dimensions of the visitor’s screen, represented as width × height.
This information helps understand how visitors view the website across different devices. |
1536x864 |
| Conversion |
In A/B testing, a conversion is a specific, desired action a user takes on a website or app. This parameter indicates whether a visitor completed a predefined goal or desired action, such as a purchase or form submission.
When a visitor performs an action that fulfills your set goal, it means a conversion has occurred. |
Yes/ No |
| Conversion Time | The timestamp at which a conversion event occurred. This helps analyze converted traffic, conversion patterns, and time-based performance of tests. It also provides granular information on when conversions were high and/or low. | 2024-12-05 04:57:38 | 2024-12-05 04:57:39 |
| User Language | The language preference detected from the visitor’s browser or system settings. | en-us |
| URL |
The webpage URL that the visitor accessed.
This information is used to track page-level activity and behavior. |
http://bdbd.zyx.com/analyse.html |
| Email Address and Phone Number | When using VWO Pulse surveys, customers may optionally choose to collect email addresses and/or phone numbers. The inclusion of these fields is entirely at the customer’s discretion. Where enabled, such data is protected using field-level encryption. VWO does not require the collection of this information, and customers retain full control over their survey configurations. |
+1-XXXXXXXXXX |
| Custom Dimension | Using Custom Dimensions, you can categorize and differentiate visitors on your website. VWO never recommends collecting any personal data using a custom dimension. | For example, if you are a SaaS company, you may want to categorize users based on their subscription plans. Or, a travel agency that recently ran promotional offers may want to view conversion by age-group. This can be done using Report Segmentation. |
Data Deletion & Disposal Policy
VWO follows a standard data deletion process under which all user/visitor data is securely deleted within 45-90 days after contract expiry, termination, or completion of services. Data deletion is performed through automated and secure scripts, ensuring consistency and minimizing manual intervention. These processes are aligned with ISO 27001 Information Security Management System (ISMS) controls and NIST-aligned secure data destruction practices, and apply across production systems and backups as per defined retention cycles.
Certain VWO features and products may have different data retention timelines based on their functionality and customer plan. For example, session recordings for VWO Insights (Enterprise plans) are automatically deleted 90 days after data collection. Such variations are designed to balance product functionality, performance, and privacy requirements.
For detailed, product-specific and plan-specific data retention timelines, please refer to the VWO Data Retention Policy.
Need more help?
For more information or further assistance, contact VWO Support.