Monitoring made
GDPR andprivacy compliant
Hosted in the EU and no PII is being tracked. Even browser details are splitted up into pieces before reaching our servers.
Privacy and security
for everyone, by default
When we began to develop RUMvision, guaranteeing privacy and security was one of our top priorities. This page explains how we collect, use, keep, and erase data for all users, not just EU residents.
Located in The Netherlands (EU)
Developed, hosted, and operated in The Netherlands, you need not worry about your data being transferred outside of the Schengen-EU.
DPA Available
We offer a DPA to EU consumers. Our DPA includes GDPR-compliant contractual conditions that represent our data privacy and security commitments.
What we do track
To find out if users are new or if they are actually returning visitors or if they are viewing multiple pages in a row, we do use localStorage and sessionStorage.
- FYI
What you should know
RUMvision gathers information from actual user traffic. RUMvision collects no personally identifiable information (PII) such as IP addresses, names, email addresses, or other metrics that could be used to identify a user.
We do provide extended tracking, such as a user's country. However, it's disabled by default and users should notify their customers when they choose to enable it.
- Privacy by default
How our snippet works
We collect data through a snippet that is installed on your website. This snippet only collects data on the pages you've specified as being tracked. Our snippet (anonymously) tracks user experiences using Javascript.
For this we use localStorage by default, to get more reliable unique versus returning data. Users can disable usage of local- & sessionStorage though.
- Data processors
What happens with the data?
All visitor data is exclusively processed with servers in the EU. Because we believe in complete transparency, this is precisely what happens with the data:
- The data collected by the snippet, is submitted to AWS in Frankfurt. [their privacystatement is here]
- Data is fetched and transformed by a Dutch server and saved into Elastic Search [their privacystatment is here]
- When using our monitoring application, we are fetching this data from Elastic Search via Dutch datacenter BIT
- RUMvision itself is fully operational from Groningen, The Netherlands HQ. Everything, including development and support, is done here.
FAQ security + privacy information
Looking for other questions about or solution, tracking, dashboarding or account and users? See our general FAQ instead. Extra questions, reach out to support!
Account security
Is my data secure?
CSRF tokens make it impossible to replicate any process in this environment. Even if an account holder outside of the RUMvision environment unexpectedly falls for phishing, for example, no unwanted actions can be taken from the outside.
But if someone physically logs in illegally on behalf of someone else, any risk remains. Two-factor authentication can be turned on for each account to prevent this from happening. We strongly recommend this!
In addition, the use of third party packages and solutions is limited in the realization of this online environment. We mainly use Bootstrap and JQuery in our website and app solution.
How to setup 2FA
Enabling 2FA (two-factor authentication/multi factor authentication) is a security measure that we strongly recommend.
All time-based 2FA authenticators, such as Google Authenticator, Microsoft Authenticator, and Authy, are supported. Simply sign in to your account, navigate to profile settings, and select "setup 2FA." Scan the QR code with your preferred authenticator and enter the generated token. Your account now has 2FA enabled!
GDPR
Who are your data processors?
Aside from the data processors we use for handling the collected data through our snippet, we have a couple of additional processors:
- Mollie - They are our Payment provider
- Sendgrid - This is our e-mail delivery provider, we make use of their services to send our automated e-mails (for registration, alerts, etc.)
- Microsoft/ Office 365/Teams - for webinars and demo's
- Google - we use Google Analytics for analyzing our website
To recap, our other data processors are:
- AWS - Frankfurt
- Elastic Search
DPA with RUMvision
When you use our services, we will gladly provide you with a Data Processing Agreement (DPA). Please keep in mind that we do not support custom DPAs; instead, we provide you with one that we use by default. We don't employ a large legal team to make changes because we are a small team with a strong focus on site speed, as we hope you understand.
Just reach out to info op rumvision punt com and ask for Karlijn!
Do you have a privacynotice to add to our privacystatement?
We do! Here you go:
We utilize RUMvision as an analytical tool on our website to track user experience related to page speed and web performance. This data is collected anonymously through a small snippet of JavaScript code, allowing us to optimize and enhance your browsing experience.
It's important to note that RUMvision does not collect any personally identifiable information (PII) such as IP addresses, names, email addresses, or other identifying metrics. However, it may collect information such as device memory, browser, internet speed, and data indicating whether a user is a first-time or returning visitor, or clicking through our site. This data is collected through LocalStorage and SessionStorage in your browser and is not shared or combined with other parties.
As a tool located in the Netherlands (EU), RUMvision is fully GDPR compliant, and we take your data and privacy seriously. We ensure that your information is protected and that your privacy is always respected.
What is being saved in the RUMvision cookie?
Although technically we don't use cookies, it does fall in the same category: we use both localStorage and sessionStorage.
localStorage stores data with no fixed expiration date, but some browsers like Safari may automatically clear it after a period of user inactivity. sessionStorage data, however, is cleared when the session ends, regardless of the browser.
The following is being saved:
localStorage
A rumv localStorage key will be created. It contains a timestamp of the first pagehit and is solely used to identify returning visits to report them as such.sessionStorage
A rumv localStorage key will be created, containing the following:- browser_brand
The best method to send data varies per browser. To prevent analyzing the user's user agent/browser, we save this after the first lookup to speed up this process. - page
indicating if the current page was tracked (and the template used for doing so) - pageviews
the amount of successive pageviews, to merge with other page data that is being collected and enrich monitoring data - regex
After the first pagehit, the function to determine if the current page should be tracked is saved into sessionStorage.
This prevents the JS file from needing to be executed when it actually isn't necessary. - samplingrate
the samplingrate that should be sued - session_id
A uuid representing the session id. This is saved as:- the session id should typically stay the same during the whole session
- helps identifying unique versus successive pagehits.
- groups experiences per session, allowing RUMvision users to debug on session-level
- submitted
helps determining what info should be send to RUMvision. Some data won't change after the first pagehit, this flag is used to prevent sending duplicate information. - urls
this flag contains an associative list of URL's that should be tracked. This is used by the regex, to quickly determine if data should be collected on the current page.
- browser_brand
Can I disable the RUMvision cookie?
Yes you can. When logged into RUMvision:
- go to your domain settings;
- click on "configure snippet";
- go to the "Advanced" panel;
- Scroll to "Privacy and consent";
- uncheck "sessionStorage".
Do note that with sessionStorage enabled, our library becomes more performant as less checks have to be done during page navigations.
Data (especially unique versus total pagehits and returning visitor-rate) becomes more reliable too with sessionStorage enabled. But in general, our monitoring script will work perfectly fine when disabled.