ClickTale Support Forums

I'm interested in using ClickTale on an HTTPS page that captures some sensitive user data, but I don't want to block all of that data from the recordings. The following questions are about how ClickTale secures and stores the recording data.

• Does ClickTale provide any additional security for retrieving the captured recordings and analytics other than basic username/password authentication?
• Are the recordings themselves encrypted?
• How/where is the recording and form entry data stored?
• Since ClickTale is able to capture key strokes on pages that are being secured using HTTPS, is there any point in the recording/transfer process when the data is not secured by ClickTale?
• How long does ClickTale store the data, and is it possible to have the data removed on a specified date?
• Can ClickTale data be imported or is it only viewable through the Web browser?

Dear bluehazetech,

You are welcome to use ClickTale on a HTTPS page but do note that our terms of service instruct you to block recording of any sensitive fields. It is forbidden to record and store such data into the ClickTale service due to privacy issues. When a certain field is blocked, we will still collect meta statistics about it that would help you know if the field is used and how often. Sensitive fields are those that contain: financial information, credit card or bank numbers, information about a person's health, etc.

Regarding non-sensitive data in a HTTPS form:

• ClickTale doesn't provide any additional security for retrieving the captured recordings and analytics other than basic username/password authentication.
• You can access your account via the HTTPS protocol if you manually change the protocol in the URL.
• The recordings and form entry data are stored on our servers in a SAS/70 Type II data center with all the high level security you would expect from a large hosting provider.
• When recording a HTTPS page, the recorded data is sent via HTTPS to ClickTale.
• We store the data for the duration of "Recording History" parameter in your Plan plus extra time that is required to execute our backup policy. You can also delete data from your account on a per project or per recording basis.
• There is no import/export functionality at this time. However you can probably mash-up some functionality yourself via HTTP to our normal UI. It depends on what info you want to import or export.

Regards,
Arik.

Thank you for your response, this is very helpful.

This is very important for me - when you say block out the fields what do you mean?

Hi, please see the following topic: viewtopic.php?f=2&t=193

Regards,
Arik.

Hello friends
I want to really Thanks to Arik, He has given useful knowledge In this forum which is helpful for me
Thanks again Arik