How to mask confidential data during session recording in Zoho PageSense?

Masking data in session recording

Masking elements allow you to hide various sensitive information such as name, card details, password, email address, and home address of your visitor in the recordings. By default, all keystrokes or inputs entered by your visitor will be masked and replaced by asterisks (*) on your recording screen in PageSense. Additionally, we also allow you to select specific elements and interaction areas that you want to mask in your recording screen to maintain your visitor's privacy for information on your website. 

Privacy protection settings

By anonymizing the IPs of your website visitors, we make sure that no individual's privacy is violated. We also provide an option to display a banner on your website which informs the user that they are being tracked using cookies and provide them an option to opt-out of this tracking.

Masking elements with Zoho PageSense

Masking user inputs:
By default, all keystrokes entered by the visitor aren't tracked or stored. All inputs are masked by asterisks (*). 

Masking website elements:
 You can also mask other website elements. By doing so, the masked element, and any interaction that a visitor makes with it will not be recorded.

Why should you mask elements in recordings?

We provide several options to our users for preserving their website visitor's privacy. However, there might be instances in which a visitor's personal identifiable information is displayed on your website and it is in your hands to ensure that you aren't violating their privacy. 

So, when you create a session recording experiment, we strongly suggest that you mask all personal identifiable information of your visitor that appears on your website.

What is classified as personal information?

The list below is a broad set of information that can be labeled personal to a user. 
  1. Full name 
  2. Gender
  3. Race
  4. Date of birth
  5. Age
  6. Any medical record
  7. Face, fingerprints, or handwriting
  8. Residential address: country, state, postcode, or city 
  9. Name of the school they attend or workplace
  10. Grades, salary, or job position
  11. Email address 
  12. National identification number 
  13. Passport number
  14. Vehicle registration plate number
  15. Driver's license number
  16. Credit card numbers
  17. Any form of digital identity: Login name, screen name, nickname, or handle
  18. Genetic information
  19. Telephone number
  20. Criminal record

Make sure you mask these and any other information on your website that points to your visitor's identity.

Examples for the elements you should mask:
 Example 1:
If you have a section of content that lists a person's medical condition, or if a person has to select from a list of conditions for medical purposes.

Example 2:
If you have sections on your website that are personalized based on the digital identity of the visitor, for example, user name, user id, handle.

Example 3:
If you have a pop-up on your website that confirms the credentials entered by the visitor, for example, salary, job position, place of residence, or telephone number.

Different ways of masking elements

Masking elements by choosing elements directly from website

1. In the session recording experiment, go to the Privacy tab.

2. In the Elements to Mask section, click the Select elements directly from web page option. This will open an Element Selector window.

3. Enter the URL of the web page which contains the element you want to mask and click Load Page.

4. Select the element to mask by clicking on it. You can select elements across multiple web pages on your website. Simply load the required web page within the Element Selector window.

The elements that you mask will not be recorded or stored and nor will any interaction that your website visitors make with them. All keystrokes made by the visitor will be masked by default and will be replaced by asterisks (*).

Masking elements by entering selector IDs manually

1. In the session recording experiment, go to the Privacy tab.

2. In the  Elements to Mask  section, enter the selector IDs of the elements you want to mask.
 
     

The elements that you choose to mask will not be recorded or stored and neither will any interaction that your website visitor makes with them. All keystrokes made by the visitor will be masked by default and will be replaced by asterisks (*).

Info
You can add multiple sector IDs for elements across different pages, or you can select the elements directly from the web page by clicking the  Select elements directly from web page  option.

Masking elements using custom attribute "zps-mask"

I n addition to traditional methods of masking elements in session recording, PageSense also provides an option of masking elements directly from the developer end.  Developer-side masking using the custom attribute zps-mask is a foolproof way of preventing elements from being recorded. Just add the zps-mask attribute to any element you want to hide. 


Example:

<form id="payment" class="payments-wrapper" zps-mask="true">
    Credit Card No : <input type="text" id="credit-card-no">
    <!-- etc -->
 </form>

When to use "zps-mask" for masking elements?

Masking using the interactive editor might fail when there is a change in DOM ordering and the selectors generated for masking have position-based indices.  When selecting elements to mask within the element selector window, we look for selector IDs, classes, or attributes. When the HTML markup of your web page doesn't have explicitly defined IDs, classes, or attributes, the selector generated for masking will have an index with respect to its position in the DOM. 

Example: body > :nth-child(12). 
Here, the element can have a different position in DOM order when loaded within the element selector window when compared to its position within your web page. This makes masking the element based on its selector (with such indexed positions) fail.

In this case, you should add the zps-mask custom attribute to the element's HTML making it impossible to record any interaction your visitor makes with it.

We hope this documentation helps make the process easy for you. Please feel free to reach out to us anytime by dropping an email to support@zohopagesense.com if you need more explanation or have any questions.