As Tealeaf CX captures and processes data, the private or personal information of the people who visit your web site can be changed, masked, or removed. These three points of privacy management has distinct features, uses, and best practices associated with it.
Data privacy and web application development
Data privacy in Tealeaf can have implications on web application development at your company.
Tealeaf can block or encrypt data in the request or response. However, there are a number of good practices in web application development that may facilitate management of data privacy.
Fields that have been encrypted using privacy rules in the Tealeaf Passive Capture Application or Windows pipelines cannot be decrypted in the Portal. These encrypted fields can be decrypted only during replay.
As an alternative, you can leave the configured fields in an unencrypted state in the session data and then define privacy rules specifically to be applied during session replay, permitting the display of the unencrypted data in the Portal, as needed.
UI capture privacy
If the Tealeaf UI Capture for AJAX has been implemented in your web application, you can manage the transmission of HTML form data from within the visitor's browser by using JavaScript that is provided by Tealeaf.
UI Capture privacy masks or blocks information that is collected from HTML forms and other browser elements by the Tealeaf UI Capture for AJAX. This JavaScript library periodically sends data back to your web server which enables capture and processing by the Tealeaf system.
The Tealeaf UI Capture for AJAX requires additional installation and implementation in your web application.
Because this client-side information can contain sensitive or personal visitor data, you might need to use Tealeaf UI Capture for AJAX to cleanse the data before it leaves the browser. Cleansing data also distributes the act of blocking visitor data across all visitors' computers, which lowers the processing overhead for the Tealeaf system.
UI capture privacy cleanses data through by masking or blocking it. It can only mask or block data collected via the Tealeaf UI Capture for AJAX. This library does not provide access to data contained on the page, which is not managed by the library. The following types of data cannot be made private by UI Capture:
- A visitor ID embedded in the HTML of the page.
- A static element not captured by the library, which contains the visitor's account balance or Social Security number, or similar.
Implementation considerations
You cannot use UI Capture Privacy to cleanse data if you do not have the Tealeaf UI Capture for AJAX implemented in your system.
In the Tealeaf UI Capture for AJAX, the Client config file includes the tlfieldblock
configuration object where you can specify the fields whose values you wish to mask. You can replace values with a specified string, which enables searching for fields that have been masked through the Portal, without revealing the data.