Content Privacy Management (Masking/Whitelisting Content)
At Insightech, we take user privacy very seriously and we have developed features to specifically help protect the privacy of your users, and their personally identifiable information (PII) as they interact with your website.
You must mask PII displayed in HTML content to protect your users privacy. We recommend performing a review of your website to identify any PII at the time of setup.
Insightech provides two methods to help you remove PII:
- Insightech automated masking of common PII elements
- Custom PII masking (set in your account profile)
In instances where PII isn’t automatically masked, you must mask HTML using custom masking. You can also whitelist content that has been automatically masked by Insightech that isn’t PII. See the Whitelisting section below for details.
Please also see our Terms and Conditions for more details on our Privacy and PII policy.
Insightech Automated Masking
Insightech automatically detects all input fields that could contain user keystrokes. Masking is completed before data leaves the visitor’s browser, and the raw data is never transferred to, or stored by Insightech.
However, there are some cases where dynamic text contains PII which will need to be manually masked. See below for examples.
Custom PII Masking
Masking will not automatically occur across all elements on your website. User input fields will automatically be masked, while other dynamic text elements (or system responses) will need masking.
Here are some examples:
- Order confirmation details
- Address checker responses
- Logged in user details
- Webchat messages
You must mask HTML content to protect visitors privacy when their personal identifiable information (PII) is displayed on the web pages being tracked.
There are two strategies to custom mask PII content (both are recommended):
- Manually masking in Insightech - This can be used for a quick fix for any elements that need to be manually masked.
- Setting common CSS class in HTML - By instructing your IT/development team to assign a common CSS class to all elements that need masking, you won't need to manually mask every element when it is created. We strongly recommend this as good practice, as it can be used across any third party vendor.
Strategy 1 - Manually masking in Insightech
This method gives you the full flexibility to mask any content that you need to across your website. We recommend using this in conjunction with Strategy 2 for effectively protecting against any PII capture.
To mask your content from the UI - you will need to edit the tracking code settings within your profile by clicking Admin → Tracking Code → Advanced Tracking Configurations
Once here, all you need to do is put in the CSS selectors of your choosing to mask the content. This can be a CSS class, or a unique CSS selector path to the element of your choice.
If you have a common CSS class (E.g. ".vendor-hidden") defined in strategy 2, make sure to include this here.
Once this is saved, your platform will automatically roll out the changes across your website.
Strategy 2 - Setting Common CSS Class in HTML
This is the most important strategy, and will require you to work with your IT/development team that rolls out new front-end content updates.
It is strongly recommended that you define a common CSS class that should apply for all newly created elements that contain PII, so that they can be commonly masked.
Example CSS class:
By following this process, and by putting this CSS class into the masking input in Strategy 1, you can have a consistent method to ensure that PII is not captured by Insightech.
These classes can be used across any 3rd party vendor platform, so we strongly recommend this strategy as good general practice for any new content.
Whitelist Specific Fields From Masking
If Insightech has automatically masked content that isn’t personally identifiable information (PII), and you’d like to make it available in the platform, don’t fear! You can whitelist these fields and they will appear in the platform.
Similar to the manual custom masking of content in Strategy 1 above, content can be whitelisted by inputting the appropriate CSS selectors (class, or unique path) the Whitelist Fields input
It is recommended to be cautious when whitelisting input fields, so that no PII is captured.