Privacy & Compliance

Learn about Revisit's privacy and compliance features, including data masking, GDPR compliance, consent management, and data protection controls. This guide covers how to protect user privacy while maintaining powerful analytics capabilities.

Data Masking & Protection

Revisit automatically protects sensitive information through intelligent data masking and configurable privacy controls.

Automatic Sensitive Data Masking

Revisit automatically masks sensitive data types:

Password Fields: All password inputs are automatically masked with ••••
Email Addresses: Email inputs are partially masked (e.g., jo***@example.com)
Phone Numbers: Phone inputs are masked except last 4 digits
Credit Card Fields: Automatically detected and masked
One-Time Codes: Inputs with autocomplete="one-time-code" are masked
Text Areas: All textarea elements are masked by default

Privacy First: Sensitive data is never stored in plain text, ensuring user privacy protection.

Custom Masking Selectors

Configure additional masking rules for your specific needs:

Input Name Patterns: Mask inputs by name containing specific keywords
Textarea Elements: Mask specific textarea elements by name or selector
Generic Elements: Mask any HTML element using CSS selectors
Active Management: Enable/disable masking rules as needed
Description Support: Add descriptions to explain masking rules

Example: Use input[name*="ssn"] to mask social security number fields.

IP Address Protection

IP addresses are automatically anonymized for privacy:

IPv4 Addresses: Last octet masked (e.g., 192.168.1.x)
IPv6 Addresses: Last segment masked (e.g., 2001:db8::x)
Geographic Data: Optional geocoding with IP anonymization
User Agent Storage: Configurable user agent data collection

GDPR Compliance

Revisit is designed with GDPR compliance in mind, providing data protection controls and user rights management.

Data Controller Roles

Clear separation of data controller responsibilities:

Dashboard Account: Leveloper Kft. acts as data controller
Visitor Data: You act as data controller, Revisit as processor
Data Processing Agreement: DPA available for compliance
Legal Basis: Support for legitimate interests or consent

Data Subject Rights

Support for all GDPR data subject rights:

Right of Access: Export session data and recordings
Right to Rectification: Correct inaccurate data
Right to Erasure: Delete specific sessions or entire account
Right to Restriction: Limit data processing
Right to Portability: Export data in structured format
Right to Object: Object to processing based on legitimate interests

Data Retention Controls

Flexible data retention policies:

Session Data: Retained until manually deleted (no auto-purge)
Account Data: Retained while service is active
Application Logs: Deleted monthly with compliance records
Export Links: Valid for 1 week then automatically removed
Manual Deletion: Complete data removal on account deletion

Consent & Privacy Signals

Revisit respects user privacy preferences and provides consent management options.

Do Not Track (DNT) Support

Automatic respect for DNT signals:

DNT Detection: Automatically detects DNT header
Recording Prevention: No recording when DNT is enabled
Identifier Blocking: No visitor IDs or cookies set
Server Respect: Server-side ingestion respects DNT

Global Privacy Control (GPC)

Support for GPC privacy signals:

GPC Detection: Recognizes GPC header signals
Recording Blocking: Prevents recording when GPC is active
Cookie Prevention: No tracking cookies when GPC detected
Cross-Site Respect: Honors GPC across all domains

Consent Management

Flexible consent options for your website:

Consent Banners: Integrate with your existing consent management
Legitimate Interests: Use legitimate interests basis with masking
Opt-out Mechanisms: Provide users with opt-out options
Privacy Policy Updates: Update your privacy policy as needed

Security & Encryption

Revisit implements robust security measures to protect your data and user privacy.

Data Encryption

Comprehensive encryption for data protection:

Transport Security: TLS 1.3 for all communications
Password Protection: bcrypt hashing for passwords
Token Encryption: AES-256-GCM for integration tokens
Cookie Security: HttpOnly, Secure, SameSite attributes
CSRF Protection: Double-submit CSRF token validation

Access Controls

Multi-layered access control system:

Multi-Factor Authentication: Optional 2FA for enhanced security
Session Management: Active session monitoring and revocation
Trusted Devices: Device-based authentication with revocation
API Key Security: Secure API key generation and rotation
Audit Logging: Complete audit trail of data access

Infrastructure Security

Secure infrastructure and hosting:

Self-Hosted: Infrastructure hosted in Hungary (EU)
Network Security: Segmented services and network isolation
Backup Security: Encrypted backups with point-in-time recovery
Monitoring: Continuous monitoring and alerting
Incident Response: Rapid response to security incidents

Compliance Documentation

Access comprehensive compliance documentation and legal agreements.

Legal Documentation

Complete legal framework for compliance:

Privacy Policy - Comprehensive privacy policy covering data processing
Cookies Policy - Detailed cookie usage and management
Terms of Service - Service terms and conditions
Data Processing Agreement (DPA) - GDPR-compliant data processing terms
California Privacy Notice - CCPA compliance information

International Compliance

Support for various privacy regulations:

GDPR (EU): Full compliance with European data protection regulation
CCPA (California): California Consumer Privacy Act compliance
International Transfers: EU-based hosting with appropriate safeguards
Standard Contractual Clauses: SCCs for international data transfers
Data Residency: Data stored in EU (Hungary) by default

Third-Party Integrations

Privacy considerations for optional integrations:

Google Gemini: AI analysis may involve international data transfers
GitHub Integration: Encrypted token storage for issue creation
Jira Integration: Secure token management for ticket creation
Email Services: EU-based email infrastructure
No Advertising: No advertising technology or data sharing

Best Practices

Follow these best practices to ensure privacy compliance and protect user data.

Implementation Guidelines

Best practices for privacy-compliant implementation:

Update Privacy Policy: Include session recording in your privacy policy
Configure Masking: Set up custom masking rules for sensitive data
Consent Management: Implement appropriate consent mechanisms
Data Minimization: Only collect data necessary for your purposes
Regular Audits: Periodically review data collection and retention

User Communication

Transparent communication with users:

Clear Disclosure: Inform users about session recording
Purpose Explanation: Explain why you're recording sessions
Opt-out Options: Provide clear opt-out mechanisms
Data Rights: Inform users about their data protection rights
Contact Information: Provide contact details for privacy inquiries

Ongoing Compliance

Maintain compliance over time:

Regular Reviews: Periodically review privacy practices
Policy Updates: Keep privacy policies current
Staff Training: Train staff on privacy requirements
Incident Response: Have procedures for data breaches
Documentation: Maintain records of compliance efforts

Next Steps

Now that you understand privacy and compliance, explore other aspects of Revisit:

Learn about Session Recording to understand what data is captured
Explore AI Analysis features
Check out Billing information
Manage your Project & Account settings

Need Help?

If you have questions about privacy compliance or need assistance with data protection, our support team is here to help.

Contact Support