By design, ClickTale blocks recording and collection of any Personally Identifiable Information (PII) entered by keystroke, as well as any PII as defined by the customer. ClickTale prevents the collection, saving or display of PII via several tools, including:
- Blocking client-side keystrokes - ClickTale only keeps track of when keys are clicked, but not which keys are clicked.
- Client-side HTML rewrite rules - When an HTML page is sent directly from the user’s browser to ClickTale’s servers, any PII in the HTML (as identified by the customer) is removed using standard client-side expressions, before it is sent across the network.
- Blocking server-side HTML - As a failsafe, even if any PII unintentionally reaches ClickTale’s servers, it is removed by the server-side rewrite rules before can be stored.
- Tagging PII - Customers may also tag sensitive data in the HTML with HTML comments, to ensure that any PII in data is removed by the ClickTale parser before being saved on ClickTale’s servers.
No Third-Party Cookies
ClickTale does not allow third-party cookies in order to increase user privacy. In other words, ClickTale does not create a unique profile to track users across unrelated domains (domains that do not belong to the same customer).
No IP Address Retention
When a visitor session is complete, ClickTale determines and saves the geographical location of the visitor, but the IP address is deleted. In addition, customers have the option to anonymize the IP address. This is done by removing the D-block of the IP at the earliest possible stage of the collection.
PCI, HIPAA, GLBA
As discussed above, ClickTale takes stringent measures to avoid receiving any personal information from its customers, and as such the data ClickTale processes on behalf of its customer should be completely anonymous. Therefore, ClickTale customers are able to maintain their compliance with PCI, HIPAA and GLBA or similar laws regulating PII.