VWO is committed to ensure the protection of data subject rights by law or GDPR with specific guidelines on how to respect and fulfill user rights and privacy. This article explains how VWO servers receive and process user information associated with a customer website and the privacy policies to secure their visitor data.
VWO service starts working after the customer adds the VWO JavaScript tracking code between the head tags of the website code. When any visitor lands on a page where a VWO test is running, the JavaScript code snippet fetches the appropriate configuration from the Content Delivery Network (CDN) and then applies changes to the DOM/HTML element when the website loads. VWO only interfaces with the front-end of the customer’s website and does not require any access to their backend system and database.
All customer data on VWO servers is stored safely by using the AES 256-bit encryption, with stringent access control policies. VWO does not access customer data, and all information collected by the customer is subject to their privacy policies.
Through a strategically distributed CDN servers across 10 locations across America, Europe, and Asia-Pacific regions, VWO implements a highly scalable and fault-tolerant system. Our services are hosted on the Google Cloud Platform (GCP) across the globe.
VWO stores customer information until the VWO account is active, and all data for expired accounts are deleted within 45 to 90 days after the date of expiry. For accounts that expired before the GDPR date (May 25, 2018), we are in the process of deleting the records. To delete data for a specific account, you can email us at support@vwo.com.