The data of our customers is at the core of our business. We strive for the best possible protection of this data. To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we’ve put appropriate physical, technical, and organizational procedures in place to secure our systems. See below for details.
Our customers individually control access to the data that Germain UX has access to. Only users who are members of a monitoring environment’s administrative groups are able to grant or revoke access to collected data. How these roles are managed and the available options for managing access control in Germain UX are explained in detail on the online germainAPM documentation.
When a customer requires support from Germain UX , authorized Germain UX employees can be granted access to view customer data, restricted by a strong “need to access” policy. All such authorized Germain UX employees are bound by strict confidentiality agreements.
All systems operated by Germain UX are subject to health and security monitoring, audit logging, and automated analysis of system logs. When Germain UX support is requested for remote installations, access to customer systems is recorded by audit logs.
All electronic communication sent to and from Germain UX over HTTPS relies on TLS encryption on port 443. Germain UX components (Agent, Chrome Extensions, Dashboard, Engine, Enterprise Server, JS Script, Mobile Application), which are installed on-premise, encrypt all data before they are sent to Germain UX Server. Metric and transaction data is encrypted even while at rest, and each customer’s data is programmatically partitioned from the data of other customers.
Germain UX stores and retains different types of monitored data from your environments. The monitoring data is stored on the Germain UX Server. The following table shows the general retention periods for Germain UX, on-premise and on the cloud.
Germain UX users can delete Germain UX data at any time. If a user deletes an issue, the related support archive and analysis report are deleted from Germain UX datastore and the AWS S3 bucket immediately. The analysis result in Germain UX Health Control is deleted after 30 days.
Germain UX captures a lot of end-user data from monitored environments. This data can potentially include sensitive personal information, personally identifiable information (PII), and data that is sensitive to an individual end user.
This page provides information about potential sources that may include personal and sensitive data and how to configure capturing and masking rules in order to comply with data privacy and data protection laws and regulations, such as GDPR (Europe), California Privacy Act (CCPA), and Brazilian General Data Protection Law (LGPD).
Companies use Germain UX products to monitor the performance and quality of services such as web and mobile applications. Germain UX doesn’t, by default, track personal data, but such tracking is possible depending on individual environment configurations and the applications that they are monitoring. For these reasons, Germain UX is and must be GDPR compliant.
GDPR differentiates between data controllers and data processors.
The recording of personal data is acceptable under General Data Protection Regulations (GDPR) as long as the data collection is proportionate. A data controller must:
When Germain UX products capture personal data, it’s typically through the use of Real User Monitoring (RUM), also known as User Experience Monitoring (UEM), either using Germain UX’s JS Script, Germain UX’s Chrome Extension or/and Germain UX’s Mobile Application.
RUM captures performance metrics from inside a user’s browser and offers the ability to identify and track each user session, including entire click paths. This information is needed to monitor performance, provide high-quality service monitoring, and quickly resolve issues when problems are detected. For more details, see What personal data is captured by Germain UX?
Customers are required to be transparent with their users and inform them of the ways in which they collect and use their users’ information (typically by way of a Privacy Notice). Where customers engage any third parties to collect information about their users on their behalf (such as Germain UX), whether for the purposes of application and behavioral analytics or otherwise, this should be made transparent in its Privacy Notice.
Germain UX recommends the following RUM settings (assuming that these settings aren’t superseded by other legal requirements faced by your organization).
Through improper implementation or configuration, it’s possible that a web application may perform unintended data collection. It’s the responsibility of each organization to ensure that personal data are captured responsibly.
Session Replay records all interactions that a user may have with your application. To avoid capturing user sensitive data, Session Replay comes with a variety of configuration options such as form field masking, content masking, and attribute masking.
Note: You can exclude or anonymize data for specific users that are identifiable by criteria such as IP address or user tag. See Data Exclusion and Anonymization (log on to Germain UX > left menu > analytics > data privacy) to learn how.
You’re free to redistribute the policy language below for use within your organization’s own data-privacy and cookie policies for web applications.
Allow Germain UX to capture performance data related to button clicks, page loads and web requests that are triggered along my journey through this web application. This enables Germain UX to analyze application usage, improve performance, and address any troubles that may arise. Accepting this setting also enables Germain UX cookies.
If you’ve enabled the RUM setting for considering do-not-track headers, it’s recommended that you use the following language in your organization’s privacy notice:
You can enable your browser’s built-in do-not-track feature to ensure that no personal data is captured.
We use Germain UX to analyze usage patterns, optimize performance, and troubleshoot issues related to this app. Personal data may be captured during the course of monitoring. We won’t share or sell any personal data. This data is utilized only for analyzing app usage and performance.
What data is collected? Germain UX captures data related to button clicks and web requests that are sent by this app. Error messages and stack traces are captured when crashes occur. The only personal information Germain UX collects is the email address you use to log into this app.
Please note that email addresses aren’t captured out-of-the box. If you don’t use tags to tag your users for user-session analysis, you can omit the last paragraph in the notice above. If you record other personal data, you should document your guidelines for protecting those data.
If your application uses opt-in mode, you may re-use the following text blocks to create a privacy settings page in your app that explains those privacy controls that relate to Germain UX mobile application monitoring. Every text block describes a toggle button that allows every user to store his preferences. Whenever the user changes his preferences you can use mobile agent API calls to control the data collection level and whether crash reporting is enabled or disabled.
Allow Germain UX to capture performance data related to button clicks and web requests that are triggered along my journey through this app. This enables germainAPM to analyze application usage, improve performance, and address any troubles that may arise.
Anonymize personal data (on|off)
Don’t include my personal data (for example, my email address) in reported data
Allow Germain UX to collect crash reports, including stack traces and error messages. Germain UX uses this information to resolve problems that you may encounter while using this app.
Germain UX On-Premise component administrators have access to a number of data-privacy settings that affect the sharing of sensitive end-user data.
All Germain UX On-Premise components exchange information with Germain UX Enterprise, at least once, or periodically.
You may want to opt-out of certain communications, such as allowing Germain UX to proactively access your components and environments. However, some messages are mandatory and can’t be switched off.
All settings are enabled by default. Proper configuration of these settings depends on the unique needs of your organization. In addition to pro-active support settings, you’ll also find settings related to new Community-user setup and domain name management. Please see below for details on the available controls.
To ensure GDPR compliance, you must be aware of what personal data is captured by Germain UX and you must configure Germain UX to protect personal data.
Note: You must have component administrator privileges to access the Preferences page.
Germain UX On-Premise provides fully automated self-management capabilities that keep your system secure, reliable, and up-to-date. To achieve this, germainAPM needs to send certain information to the germainAPM Enterprise.
Each Germain UX On-Premise component reports license-relevant consumption data such as number of host units, custom metrics or log monitoring for each environment.
Germain UX components send status information, including component IDs, privacy flags, time zones, traffic levels, and maintenance windows. Server state, including number of CPU cores, CPU load, and used/free storage are reported on a per-component basis.
For each event, components send type, severity level, time stamp, and description detail so that Germain UX can remotely analyze and address problems or incompatibilities in your environment. When disabled, your organization is responsible for monitoring system events and collecting log files necessary for problem resolution prior to contacting Germain UX.
Germain UX On-Premise installation contain a Germain UX components that provides self-monitoring of component health.
In the case of detected events, Germain UX can remotely check the monitoring settings of your component configuration.
When enabled, Germain UX can remotely optimize your environment’s monitoring settings to ensure optimum performance and stability.
Germain UX proactively sends alerts for incompatibilities or technology-specific risks related to your environment. Germain UX can report information about installed Germain UX components versions, process technologies, hosts and other related entities and configurations. The retrieved information may be used for support and to improve germainAPM offerings. Germain UX may use this data (if aggregated and it can’t be used to identify end users) for industry analyses, benchmarking, and analytics. Learn more about how Germain UX sends information about monitored technologies in your environment.
Germain UX uses Woopra (a customer-analytics provider headquartered in San Francisco, California) to analyze the usage of Germain UX On-Premise and provides customers with better experience. Woopra utilizes cookies that are stored on each end user’s computer. Thereby, information such as IP address, geolocation, browser or device type, along with user-action details within Germain UX On-Premise are captured. Disabling this setting prevents such usage data from being sent.
Enable your own SMTP server to determine how Germain UX delivers email notifications, reports, and other communications to users and administrators.
You can find more information on configuring your own SMTP server in Configure an SMTP server connection.
The Germain UX Community provides an Internet forum for customers and digital performance experts to connect with each other and share ideas. Registered users can ask questions and view answers at Germain UX Answers and create support tickets.
The search bar in Germain UX’s UI can be used to query external content in both the germainAPM Answers user forum and within our online documentation. When disabled, users must to search these sites independently to find answers to their questions.
Enable this setting to generate a domain name (a subdomain of cloud.germainapm.com) with a trusted certificate for your Germain UX On-Premise component. Certificates are downloaded by HTTPS (REST API) via Enterprise.
Enable this setting to generate a domain name (a subdomain of cloud.germainapm.com) with a trusted certificate for your Germain UX On-Premise component. All users in your environment can then access cloud.germainapm.com. Please note that this process may take a few minutes. Once complete, you’ll be able to access the new URL. Disabling this option results in SSL certificates and the component URL being rolled back to the previous version. Remember to update your SSO IP settings with this URL.
The following information transparently documents the mandatory data that Germain UX receives from your Germain UX On-Premise component. Note that all communication between components and Enterprise is encrypted and always component-initiated only. Germain UX isn’t able to initiate a connection to customer components.
Frequency: Once during installation and during every upgrade
Component request: License key
Enterprise response: Account name, license name, Germain UX components installation flag (true/false), Germain UX components download URL
Frequency: Once (after first startup)
Component request: License key, component ID
Enterprise response: Registration status, username, password
Frequency: Once every 60 minutes
Component request: No component request
Enterprise response: License status, component ID, license key, license details, license model
Frequency: Once every 5 minutes
Component request: Component ID, privacy settings, time zone, traffic size, update/maintenance window. Each component node adds technical details including OS name and version, number of CPU cores, CPU load, total RAM, free RAM, total disk storage, used storage, server state, master node flag (true/false), and startup time stamp. Each Component adds its version, OS name and version, status, certificate issuer, and type (e.g., beacon forwarder).
Enterprise response: Health status, message
Frequency: Once each hour
Component request: Component ID, consumption timeframe. Each environment adds the number of new problems, RUM sessions, synthetic monitors. Every host adds a category, a list of monitored technologies, and monitoring timeframes. For each synthetic monitor, the ID, description, type, success count, failure count and action count are transmitted. See Export licensing data.
Enterprise response: Status, remaining RUM sessions, consumed RUM overage, host units overage, remaining synthetic monitors, consumed synthetic monitors overage. For each environment, its ID, consumed RUM sessions, consumed synthetic monitors, and host units are returned.
Frequency: Once each minute, or every 5 minutes if remote access is disabled.
Component request: Component ID, node ID, source type (e.g., server)
Enterprise response: Remote UI request flag (true/false), Websocket URLs
Frequency: Once each hour
Component request: No component request
We never send host names or other information that may compromise your component’s security.