Project Settings: Privacy in Optimizely Web Experimentation

  • Updated
Relevant products:
  • Optimizely Web Experimentation
  • Optimizely Performance Edge
This topic describes how to: 
  • Manage settings in the Implementation and Advanced tabs of your project Settings
  • Mask descriptive names and disable force parameters for additional privacy
  • Understand tradeoffs between additional privacy and integrations/compatibility
Optimizely Performance Edge is a lightweight experimentation product that delivers significantly faster performance than previous versions of Optimizely Web Experimentation. It does this by relying on a streamlined "microsnippet" which limits the range of available features.

Optimizely Performance Edge and Optimizely Web Experimentation anonymize IP addresses the same way, so all information contained in this article applies to experiments created with either version of Optimizely Experimentation.

The Optimizely Experimentation snippet contains objects that make it easier for users to QA and debug experiments, as well as transmit information to other systems. Some objects and experiment views can be exposed if precautions are not taken, so some users prefer a higher level of privacy for the functionality and information contained in these objects. Read on to learn about privacy options that help you protect your experiment information and comply with privacy laws in certain countries.

Adjust your project's privacy options in Settings > Implementation:

  • Mask descriptive names

  • Disable the force variation parameter

  • Allow anyone to view draft or paused experiments by appending the query parameter

  • Anonymize IP addresses

Privacy settings only show for projects that are not a custom snippet project.

Here is how to find your project's privacy settings:

  1. Navigate to Settings > Implementation.

  2. Scroll down to Snippet Settings then Privacy.

    privacy.png

We have a different article about account privacy. At Optimizely Experimentation, we take the security of your data very seriously -- and we know you do too. Here are some suggestions to help you protect your Optimizely Experimentation account.

Mask descriptive names

To share data with third-party analytics platforms, Optimizely Experimentation contains some information about experiments, variations, audiences, sections, and segments that need to be exposed at the client level. Although these descriptive names are helpful for debugging and offer significant benefits for some third-party integrations, you can replace the descriptive names with numerical IDs for additional privacy.

Check the box to enable the Mask descriptive names setting and click Save:

mask-descriptive-names.png

After you mask descriptive names, your third-party services will receive numerical IDs instead of names. New projects will have Mask descriptive names enabled by default so that variation names will not pass into your analytics platform. This also means that Optimizely Web Experimentation will not be able to pass the descriptive names of individual variations into your analytics platform.

Here is where to find descriptive names and IDs in Optimizely Web Experimentation.

If you change data object name settings while an experiment that has a standard or custom third-party integration is running, you'll create two sets of results for that experiment in your analytics platform. The best time to make the change is when there are no experiments with any sort of integration running.

Disable the force variation parameter

Force variation parameters help you manually force yourself into a specific variation for a specific experiment on any page containing your Optimizely Web Experimentation JavaScript file. The parameters allow you to skip all targeting conditions (such as audience targeting) and go straight to a variation or personalized experience. This can be handy for QA and debugging.

For example, let us say you change the text or an image on your homepage. You can append a query parameter to quickly view change without worrying about meeting the targeting conditions. 

The force variation parameter is disabled by default so visitors cannot force variations to show if they are not supposed to see them.

disable-forced-variation.png

  • To use the parameter to QA live, published experiments, uncheck the Disable the force variation parameter setting and click Save

  • To use the parameter to QA draft or paused experiments as well as live, published experiments, uncheck the Disable the force variation parameter setting and check Allow anyone to view draft or paused experiments and click Save

Return both features to the default when you've completed QA by checking the Disable the force variation parameter setting and click Save.

If you check Allow anyone to view draft or paused experiments, anyone can view your draft or paused changes by appending optimizely_token=PUBLIC (instead of the real token) to the Preview URL. Enable this setting with care, and disable it when you've finished QA.

Alternatively, use the Share Link feature to show draft variations and experiences that have not been published to team members without exposing these variations or experiences as broadly.

Exclude draft and paused experiments

In Optimizely Web Experimentation, draft and paused experiments are excluded by default, so you do not need to check this option.

Anonymize IP addresses for this project

In some countries, you may be required to remove the last block of an IP address to protect the identity of your visitors. You can remove the last block of your visitors’ IP address before Optimizely Web Experimentation stores event data. This setting has been enabled by default for all projects. 

If you are an administrator, you can also do this automatically at the account level.

If you enable IP anonymization for this project

  • The last octet of the IP address changes into a 0 (zero) for all tracking calls made to Optimizely Web Experimentation

  • The full IP address won't be stored anywhere and cannot be retrieved later

IP anonymization for this project is enabled automatically.

To change if IP anonymization is set automatically. Go to Account SettingsSecurity and Privacy tab > Uncheck Anonymize by default

ip_anonymization_settings.png

If you are using both IP anonymization and IP filtering, make sure that the regular expression that you use for IP Filtering treats the final octet as 0 (zero).

Filter IP addresses out of results

You can filter individual IP addresses, or IP ranges out of your experiment results. This is handy if you want to exclude your company's employees from being counted toward experiment results. Check out this article on IP filtering to learn more.

Here is how to find your project's IP filtering settings:

ip_filtering.png

  1. Navigate to Settings > Advanced.

  2. Scroll down to Results Filtering.

  3. Enter a regular expression (1,500 characters maximum) for the IP addresses you'd like to filter from your Results page.

  4. Click Save.

IP filtering will not prevent certain visitors from seeing the experiment—it only excludes them from the experiment results. To exclude IP ranges from being included in experiments, see our article on IP address audience conditions.

If you use a regular expression to match multiple IPs, your IP filtering regex should match the full IP address. Partial matches will not work. If you have turned on IP anonymization as well, the IP filtering regex should match the last octet as 0 (zero).