When building Simple A/B Test, it was important that it be both a useful product, but also provide a good level of privacy to its users. As the world continues to move online, it is possible to both offer better analytics without compromising user privacy.
So how does it work?
As a website owner
When you sign up, we store the basic information to provide this service. We only make use of Local Storage to keep you logged in, and the sensitive data we collect from you is:
- Email - so we can log you in and contact you.
- Password - we use bcrypt with a high working factor.
- Website - we store the website you’ll be using our product on so that we know which tests to load when a user visits a website.
- Payment information - only if you decide to upgrade to a paid plan.
As a website visitor
Rather, we opt for randomly allocating hashed IPs into buckets. While this might reduce the quality of the test results as user can change networks, or hop from wifi to mobile networks, it’s a fair tradeoff for user privacy.
As such we store the following data when a user visits a website:
- Hash’d IP - this is stored as Sha256, a one way cryptographic function.
- Bucket - do you fall in to the A or B test.
- Created At - old hashes are purged after three months.
Website owners will never know which bucket you fall in to, nor will they have access to which hash visited their website as we don’t track this data. We only update high level analytics when a view or event is triggered.
The key principals guiding development are:
- Tools will be developed with privacy in mind.
- Where more accurate tracking is required, anonymised or aggregate data is returned.
- User data is always deleted at the earliest possible moment.
- Build useful tools to help website owners grow their products.