Digital Experience Data Security

Local storage

Guide

Visitor

Guide stores the following visitor data:

  • visitorId: A unique identifier for this visitor.

  • proactiveOffersUsage: Information about proactive offers shown and accepted.

  • tags: An array of tags associated with the visitor.

  • customVariables: Any custom variables set by the customer.

  • shoppingCart: The current list of shopping cart items.

    Example: [{itemOrSku: "a", perUnitPrice: 123.3, quantity: 1, unitOfMeasure: "ea"}]

Visit

Guide stores the following visit data:

  • visitId: A unique identifier for this visit.

  • started: The timestamp when the visit started.

  • externalReferrer: The URL where the visitor came from.

  • utm: Urchin Tracking Module (UTM) parameters.

  • visitTimestamp: The most recent visit timestamp.

  • location: Geographical information about where the browser is located. This is calculated only when a rule requests it by using the getVisitLocation command.

Visit data is cleared after 30 minutes of inactivity.

Chat

  • All data in transit and at rest is encrypted.

  • DX Chat with OAuth authentication enabled can help prevent customer identity theft.

  • In the DX platform, you can set up automation as needed to support GDPR compliance, including anonymizing customer data.

  • For reporting purposes, only anonymized data is used.

  • The solution is both PCI and HIPAA compliant.

  • It is possible to hide specific data from agents and make it accessible only to specific roles.

Local storage keys

  • _BEVisitId – legacy analytics

  • _BEVisitTimestamp – legacy analytics

  • _BEVisitorId – legacy analytics

  • _BEChatWindow_version – internal use

  • _BECustomerId – customer identification

  • _BEChatWindow-* – internal use

  • cxone:* – analytics namespace

  • cxone_cache:* – local application cache

  • mui-* – Material UI user settings for UI theme, such as light or dark mode

Stored customer and contact data

Customer data such as the customer name is stored in the Customer data entity. Individual interaction instances between the customer and CXone are stored in the Contact data entity.

Personal data stored in Contact includes:

  • Custom Fields

  • IP Address

Personal data stored in Customer includes:

  • Custom Fields

  • Customer Name

Secure cookie

  • When using secure cookie authentication, the cookie must be allowed in the GDPR approval modal.

  • The cookie expiration is defined in Authorization Settings.

Contact and Customer data, including transcripts, are stored encrypted in Elasticsearch.

Attachments are stored in Cloud Storage with a defined expiration.

Location service

The location service is a separate backend service that is called from the Analytics module when geographical location information is required.

The service uses the browser's IP address to identify the browser location. This information is then stored in the visit for future use.

The IP address itself is not stored. Only the following location-related values are stored:

  • countries: Various names of the country, such as us, usa, united states, or estados unidos.

  • locations: Various names of states, counties, and towns.

  • preferedCountry: The preferred country name, such as united states.

  • preferedLocation: The preferred location name, such as boston, ma.

Fingerprints

When a new visit starts, the Analytics module examines the browser user agent and sends a new visitor event that includes the following browser fingerprint data:

  • applicationType: browser

  • browser: Chrome

  • browserVersion: 131.0.0.0

  • deviceType: desktop

  • language: en-US

  • os: Windows

  • osVersion: 10

These values can also be passed to the backend and displayed to an agent if necessary.