Personal Data Information
On this page you will find described the data that userTrack uses and stores on user's PC and on your own server about your visitors that are being recorded using the tracker.js script.
Cookies (data stored on user's computer)
- userTrack stores data in sessionStorage to identify the current's user session. This unique ID is destroyed once the user ends his session (closes the browser tab).
- userTrack also uses localStorage to store user preferences (eg: disable tracking) and for performance improvements as a caching layer before sending data to the server.
1. What data is stored on the server where userTrack was installed?
The following data might be considered personal information and could be used to associate a person's identity to a specific recorded session:
- Each session (user) is assigned an unique ID called token.
- IP of the user.
- Using the IP, geolocation data will be generated (Country and City).
- Browser version and screen resolution.
- Date of visit, visit duration, pages visited.
- Actions done by the user on that site, (unless otherwise disabled by the administrator), such as:
- Mouse movements, clicks and scroll activity
- Window resizing events
- Keyboard input on fields that have not been excluded from tracking
- Tags (or labels) which can be automatically be generated or associated by the webmaster.
Note that point (6) above might lead to sensitive information being tracked about the user. It is the webmaster's responsibility to make sure that the tracker is not included on any pages where the user has to enter sensitive information, or at least to disable tracking the form inputs which ask for sensitive information if the user did not consent to this data being stored.
We are currently working on adding the ability to show an opt-in or opt-out dialog to the user regarding userTrack activity.
2. Why is this data stored?
The data mentioned above is stored in order to aid with improving the user experience by analyzing common user behavior, more precisely it is used to:
- Playback recordings of the visit. (eg: so the webmaster can understand why the user did not perform a specific action.)
- Generate aggregated heatmaps/scrollmaps, used to understand which parts of the website's UI draw the most attention.
Both those tools are meant to be used for improving the user experience while browsing the site.
3. Data removal
Q: How can the user ask for deletion of his data? A: As the user's token is destroyed from his machine after the session ends, normally the only personally identifiable information is the IP. The user can contact the webmaster and ask for his data to be removed based on the IP address that he mentioned.
Q: What can a user be associated with a session? Unless there is other personal data stored (as mentioned in point 1.6), the recorded data can not be considered personal information as the actual person who generated the visit can not be directly associated with a specific recording.
Q: How long is data stored for? A: By default, the number of sessions stored is limited (to 500, but the limit can be altered by the webmaster) and once this limit has been reached old sessions will be replaced by newer ones. Data can also easily be deleted, in bulk, by the webmaster.
Data stored for webmasters using the userTrack dashboard
Being a self-hosted solution, userTrack does not track any data on external servers regarding usage of the webmasters using the userTrack dashboard to view the recorded data, eg: we don't save data about webmasters when they access your /userTrack dashboard.
There are cookies saved on the webmaster's own PC when he logs into the userTrack dashboard in order to keep him logged in for future visits.