Privacy and security
for everyone, by default
When we began to develop RUMvision, guaranteeing privacy and security was one of our top priorities. This page explains how we collect, use, keep, and erase data for all users, not just EU residents.
Located in The Netherlands (EU)
Developed, hosted, and operated in The Netherlands, you need not worry about your data being transferred outside of the Schengen-EU.
We offer a DPA to EU consumers. Our DPA includes GDPR-compliant contractual conditions that represent our data privacy and security commitments.
What we do track
To find out if users are new or if they are actually returning visitors or if they are viewing multiple pages in a row, we do use localStorage and sessionStorage.
What you should know
RUMvision gathers information from actual user traffic. RUMvision collects no personally identifiable information (PII) such as IP addresses, names, email addresses, or other metrics that could be used to identify a user.
We do provide extended tracking, such as a user's country. However, it's disabled by default and users should notify their customers when they choose to enable it.
- Privacy by default
How our snippet works
For this we use localStorage by default, to get more reliable unique versus returning data. Users can disable usage of local- & sessionStorage though.
- Data processors
What happens with the data?
All visitor data is exclusively processed with servers in the EU. Because we believe in complete transparency, this is precisely what happens with the data:
- The data collected by the snippet, is submitted to AWS in Frankfurt. [their privacystatement is here]
- Data is fetched and transformed by a Dutch server and saved into Elastic Search [their privacystatment is here]
- When using our monitoring application, we are fetching this data from Elastic Search via Dutch datacenter BIT
- RUMvision itself is fully operational from Groningen, The Netherlands HQ. Everything, including development and support, is done here.
CSRF tokens make it impossible to replicate any process in this environment. Even if an account holder outside of the RUMvision environment unexpectedly falls for phishing, for example, no unwanted actions can be taken from the outside.
But if someone physically logs in illegally on behalf of someone else, any risk remains. Two-factor authentication can be turned on for each account to prevent this from happening. We strongly recommend this!
In addition, the use of third party packages and solutions is limited in the realization of this online environment. We mainly use Bootstrap and JQuery in our website and app solution.
Enabling 2FA (two-factor authentication/multi factor authentication) is a security measure that we strongly recommend.
All time-based 2FA authenticators, such as Google Authenticator, Microsoft Authenticator, and Authy, are supported. Simply sign in to your account, navigate to profile settings, and select "setup 2FA." Scan the QR code with your preferred authenticator and enter the generated token. Your account now has 2FA enabled!
Aside from the data processors we use for handling the collected data through our snippet, we have a couple of additional processors:
- Mollie - They are our Payment provider
- Sendgrid - This is our e-mail delivery provider, we make use of their services to send our automated e-mails (for registration, alerts, etc.)
- Microsoft/ Office 365/Teams - for webinars and demo's
- Google - we use Google Analytics for analyzing our website
To recap, our other data processors are:
- AWS - Frankfurt
- Elastic Search
When you use our services, we will gladly provide you with a Data Processing Agreement (DPA). Please keep in mind that we do not support custom DPAs; instead, we provide you with one that we use by default. We don't employ a large legal team to make changes because we are a small team with a strong focus on site speed, as we hope you understand.
Just reach out to info op rumvision punt com and ask for Karlijn!
We do! Here you go:
It's important to note that RUMvision does not collect any personally identifiable information (PII) such as IP addresses, names, email addresses, or other identifying metrics. However, it may collect information such as device memory, browser, internet speed, and data indicating whether a user is a first-time or returning visitor, or clicking through our site. This data is collected through LocalStorage and SessionStorage in your browser and is not shared or combined with other parties.
As a tool located in the Netherlands (EU), RUMvision is fully GDPR compliant, and we take your data and privacy seriously. We ensure that your information is protected and that your privacy is always respected.
localStorage stores data with no fixed expiration date, but some browsers like Safari may automatically clear it after a period of user inactivity. sessionStorage data, however, is cleared when the session ends, regardless of the browser.
The following is being saved:
A rumv localStorage key will be created. It contains a timestamp of the first pagehit and is solely used to identify returning visits to report them as such.
A rumv localStorage key will be created, containing the following:
The best method to send data varies per browser. To prevent analyzing the user's user agent/browser, we save this after the first lookup to speed up this process.
indicating if the current page was tracked (and the template used for doing so)
the amount of successive pageviews, to merge with other page data that is being collected and enrich monitoring data
After the first pagehit, the function to determine if the current page should be tracked is saved into sessionStorage.
This prevents the JS file from needing to be executed when it actually isn't necessary.
the samplingrate that should be sued
A uuid representing the session id. This is saved as:
- the session id should typically stay the same during the whole session
- helps identifying unique versus successive pagehits.
- groups experiences per session, allowing RUMvision users to debug on session-level
helps determining what info should be send to RUMvision. Some data won't change after the first pagehit, this flag is used to prevent sending duplicate information.
this flag contains an associative list of URL's that should be tracked. This is used by the regex, to quickly determine if data should be collected on the current page.
Yes you can. When logged into RUMvision:
- go to your domain settings;
- click on "configure snippet";
- go to the "Advanced" panel;
- Scroll to "Privacy and consent";
- uncheck "sessionStorage".
Do note that with sessionStorage enabled, our library becomes more performant as less checks have to be done during page navigations.
Data (especially unique versus total pagehits and returning visitor-rate) becomes more reliable too with sessionStorage enabled. But in general, our monitoring script will work perfectly fine when disabled.