Tips and Tricks · 7 min read

5 steps to size up digital experience privacy

The Fullstory Team
Posted October 29, 2021
5 steps to size up digital experience privacy

Historically, digital strategies have been supported and validated through quantitative digital analytics metrics—hits, conversion, scroll depth, and bounce rate, to name a few.

Though all too often the focus on quantitative reporting leaves a qualitative gap. It’s great to be able to show the delta between hits, conversions, and so on, but it’s missing a deeper element. For example, tools such as Google Analytics are great at showing these quantitative metrics, but come up short in answering why bounce rate is high.

That said, the more qualitative or quantitative data teams gather from disparate tools, the more pressing the need to minimize risk.

If you’re evaluating privacy in your current stack of digital experience tools, follow these five steps to see if you’re employing current best practices—or if it’s time to make the leap to a Digital Experience Intelligence platform.

Step 1: Review current and desired analytics

Consider how your organization’s website or mobile app serves up information to users. The most obvious output in the browser is the content itself—the text and images a browser shows a visitor.

What many users don’t pay attention to, but are just as critical to product managers and engineers, is the behind-the-scenes information: the messages printed to the browser’s console, communication with internal and external services, or semi-structured data that resides in the markup of your application and data layer, among other things.

This technical surface area has historically been the exclusive domain of developers. Unlike traditional analytics that require manual instrumentation, modern platforms automatically monitor this input and output.

Today, modern digital experience tools can log both visible and behind-the-scenes data through non-technical configuration. This ultimately provides a much more complete data set and alleviates the need for business users to rely on developers, allowing them to conduct self-guided investigations as needed.

If you’re evaluating the privacy capabilities of a digital experience platform, first review what data is captured by the platform, and make note of any initial privacy considerations. Often, data capture is configurable, which promotes the ability to maintain user privacy and support a valuable business case.

Consider the following areas of your website or mobile app and configurable data capture scenarios:


Step 2: Identify a default level of privacy

With a broader understanding of digital experience platforms’ privacy capabilities, the next step is to identify and articulate the privacy needs of your organization.

While a simplistic example, a company that offers online piano lessons has a different perspective on privacy than one managing million-dollar brokerage transactions. Both are critical, but some businesses ingest more private information than others.

For modern digital intelligence tools, the clarity of qualitative information logged has several levels, providing a spectrum of information:

  • Unmasked formatting provides the highest level of fidelity—recording the experience exactly as the user saw it.

  • Masked content provides a middle ground in which text and images are irreversibly redacted.

  • Exclusion ensures the highest level of privacy where nothing is recorded or transmitted to the DXI platform.


Where your organization sits on this privacy spectrum is a matter of how much content requires a given level.

A general guideline is that ecommerce websites lean more toward the unmasked end of the spectrum. This is because most content is product-related and customer-related data is contained within well defined flows, such as login and checkout.

Conversely, a human resources-focused SaaS website or mobile app skews toward the completely masked end of the spectrum, with elements selectively unmasked.

While all organizations will likely end up with partially masked content, knowing the direction your organization leans will ultimately aid a platform’s implementation and maintenance.

Step 3: Align content with privacy preferences

With an idea of where your organization’s needs are on the privacy spectrum, the next step is to document privacy preferences regarding the information that exists within your website or mobile app at the desired level.

Many teams find success working with a stoplight chart that can be used to classify data and align it to a given privacy level.


Tactically, this process may require stepping through key user journeys or the pages and screens of your website or mobile app. Doing so helps teams understand the types of information that exist in the user experience.

Fortunately, most websites or mobile apps have common design artifacts: a login screen, an account page, landing pages, detail pages, checkout, confirmation, and so on. Investigate representative examples of design artifacts and pay close attention to any with a transactional nature (e.g. checkout).

The output should be a set of high-level guidelines and content examples that digital experience platform business owners can use to configure recording behavior. 

Step 4: Create a balanced privacy implementation

By this step, you’ve reviewed your website or mobile application, have documented privacy preferences, and aligned critical pages with the levels of privacy needed. Next, assess how best to implement privacy in each location.

Privacy levels can be applied through two approaches:

  • Code-first, which entails adding details into your website or mobile app so the platform applies the desired privacy level.

  • In-app, where rules are created by end users of the platform and rely on the structure or information already within your website or mobile app.

These two approaches cater to different personas and levels of maintenance:

  • Code-first changes are made by developers to the application itself. While this creates tight coupling between your application with desired privacy settings, it requires active participation from development teams.

  • In-app rules allow end users to define privacy settings that are stored within the platform. In-app rules leverage the structure of a website or mobile app to apply privacy behavior. And, because that structure may change over time, it’s possible that these rules could be reverted through application development.

The two approaches are, however, not mutually exclusive. In-app privacy rules provide an immediate, effective solution. Combined with periodic reviews, stable in-app rules can be transferred into the application’s code base using the code-first approach. This act of privacy hardening transfers validated rules into long-term privacy protection.

Step 5: Create a culture of privacy stewardship

After initial implementation, privacy maintenance is supported by various roles throughout the organization.

  • Business owners typically act as platform administrators. Administrators have the sole ability to adjust privacy levels. Consequently, they must know how to carry out privacy adjustments and understand the cross-organization effect.

  • Product managers provide tactical recommendations related to privacy. These recommendations are informed through upcoming feature changes and ongoing development. 

  • While developers have a less active role in instrumenting analytics, they should be mindful of software development best practices: class names, identifiers, or data attributes, and others. These help increase the compatibility between the digital experience tool and the organization’s application.

  • Finally, end users of a platform should have a clear understanding of the organization’s privacy preferences and a clear process to request changes to business owners.

In closing

As you compare digital experience analytics tools and assess each using this five-part process, you’ll find that not all are created equal. For instance, many legacy platforms don’t allow for a spectrum of privacy—additionally, they log PII alongside other data by default, putting user privacy at risk.

Digital Experience Intelligence solutions such as Fullstory are different. The DXI platform was built to understand user journeys, without sacrificing user privacy.

After this process, teams have working practices and documentation for choosing the right tool for using qualitative and quantitative data to improve user experience. And, while privacy is a perpetual, ongoing process, the right tool can automate aspects of the process, freeing up teams’ time for critical work.

Schedule your demo of Fullstory’s Digital Experience Intelligence solution today. Even if you just need assistance sizing up the state of your tools’ privacy capabilities, we’re happy to help.

Ready to personalize your digital customer experience with Fullstory?

Request a demo or try a limited version of Fullstory for free.

The Fullstory TeamContributor

About the author

Our team of data and user experience experts share tips and best practices.

Return to top

Related posts

Blog Post
10 conversion rate optimization best practices to better your bottom line

We break down some of the conversion rate optimization best practices that will help you scale.

Read the post
Blog Post
How DailyPay uses Fullstory’s intelligence, integrations, and insights for better CX

Find out how 9 DailyPay teams are using DXI to transform their customer insights and feedback loops.

Read the post
Blog Post
4 ways DXI helps globally dispersed teams

No matter where your users are—or where your team is—Digital Experience Intelligence tools can pinpoint user friction. Here’s how.

Read the post