RUM Data Security

Overview

Real User Monitoring (RUM) involves collecting data from end users' browsers and mobile devices. To protect user privacy and ensure data security, FlashDuty provides various configuration options and tools to manage data collection, storage, and access.

Privacy Options

Client Token

The browser RUM client token is used to match data from end-user browsers with a specific RUM application in FlashDuty. It is unencrypted and can be seen from the client side of the application.

Although the client token is only used to send data to FlashDuty and does not pose a risk of data leakage, we recommend the following good token management practices:

Regularly rotate client tokens to ensure they are only used by your application

Automatically filter out bots when capturing RUM data

Authentication Proxy

One method to filter bots using client tokens is an authentication proxy. In this approach, a placeholder string is used instead of the clientToken when initializing the RUM SDK. The proxy knows the real client token, but the end user does not.

The proxy is configured to check for valid user information before passing session data to FlashDuty, thus confirming that a real user is logged in and transmitting traffic to be monitored. When receiving traffic, the proxy verifies that the data contains the placeholder string and replaces it with the real clientToken before forwarding the data to FlashDuty.

Event Tracking

Events are interactions between users and specific elements of your website or application. Events can be automatically captured through the SDK or sent through custom actions. You can turn off automatic tracking of user interactions and page visits, capturing only the interactions you choose. By default, RUM generates action names from actions automatically collected by the SDK using the target content. You can explicitly override this behavior with any given name.

Transmitting RUM Events Through a Proxy Server

You can transmit all RUM events through your own proxy server so that end-user devices never communicate directly with FlashDuty.

User Identity Tracking

By default, user identity is not tracked. Each session has a unique session.id associated with it, which anonymizes the data but allows you to understand trends. You can choose to write code to capture user data (such as names and email addresses) and then use that data to enrich and modify RUM sessions, but this is not required.

Data Retention

After configuring event capture, events are stored in FlashDuty. You can decide how long captured events and properties are retained in FlashDuty.

By default, the data retention period for production environments is:

30 days for sessions, views, actions, errors, and session recordings

15 days for resources and long tasks

Removal of Personal and Sensitive Data

You can use multiple options to remove personally identifiable information (PII) and sensitive data, including IP addresses and geolocation information. Some scenarios where PII might appear in RUM include:

Action names on buttons (for example, "View Full Credit Card Number")

Names displayed in URLs

Custom tracking events set by application developers

Masking Action Names

By default, if you want to mask all action names, you can use the enablePrivacyForActionName option in combination with the mask privacy setting. This automatically replaces all action names that have not been overridden with the placeholder Masked Element. This setting is also designed to be compatible with existing HTML override attributes.

IP Address

After initializing a RUM application, you can choose whether to include IP or geolocation data in the User Data Collection tab.

When IP data collection is disabled, the change takes effect immediately. Any events collected before disabling will not have IP data removed. This is performed on the backend, meaning the browser SDK still sends the data, but the IP address is omitted and discarded by the FlashDuty backend pipeline during processing.

Geolocation

In addition to removing client IPs, you can also choose to disable the collection of geolocation (country, city, county) or GeoIP information from all future collected data. If you uncheck the Collect Geolocation Data box, the change takes effect immediately. Any events collected before disabling will not have the corresponding geolocation data removed. Data omission is done at the backend level, meaning the browser SDK still sends the data, but geolocation data is omitted and discarded by the FlashDuty backend pipeline during processing.

Data Security

Overview#

Privacy Options#

Client Token#

Authentication Proxy#

Event Tracking#

Transmitting RUM Events Through a Proxy Server#

User Identity Tracking#

Data Retention#

Removal of Personal and Sensitive Data#

Masking Action Names#

IP Address#

Geolocation#