Our data journeyLearn more on how we take care of your data
The Exatom platform is built with a digital privacy focus for your website visitors in mind, this from day one. Moreover, Exatom pioneered cookieless Form Analytics, a way to provide website owners actionable insights on how their forms are performing without the need to show a cookie notice and invade your visitor's digital privacy.
At Exatom, we'll never
- Collect any data entered on your forms by your visitors
- Create or use any persistent identifiers to identify visitors over an extended period
- See if your visitor is active on any other websites where Exatom is used
- Store any personal data like IP address, user-agent or detailed geographic location
- Sell any personal data
Tags and technology
Your website should be handled with care, and that is why we heavily invest in how our tags are operated and make sure they play nice with every environment.
No matter which technology or platform you use to create your web-forms, we continuously try to make our platform compatible with each one.
We support dynamic forms and fields, multi-step forms, single-page applications, and many more scenarios.
We're compatible with most popular frameworks and modern website technologies.
We're using a Content Delivery Network to cache and host the content of our tags. This means fast response times for every website visitor, no matter where they are located.
To get started with Exatom it's required to place our tags on your website, each customer receives a set of two. Our tags provide all the necessary data points to provide our services while maintaining your website visitor's digital privacy.
You can place the Exatom script tags directly on your website or within your tag-management solution of choice.
Tag one: Event tag
Tag two: Conversion tag
Cookieless analysis explained
Cookies should be delicious, but they have a terrible aftertaste in this digital era. And this is something we understand entirely at Exatom. With our startup, we've bundled a few decades of experience in digital marketing to work on technology that is future-proof and puts your visitors' digital privacy first.
Did you know that only 30% of visitors agree and accept the default choices in your cookie notice? That's only a third of your website visitors that you have visibility on! With cookieless data measurement, you're assured of insights into all your traffic.
Sessions, new or existing
All the data points that we collect are tied to a session, which is a visitor activity timespan of 30 minutes or as long the visitor is active on your website. Based on the session, we can calculate metrics like starts per form, hesitation, conversion attribution, etc.
To see if the event we're analysing is for a new or existing session, we'll need to use a visitor identifier and retrieve its current session.
Visitors and temporary identifiers
To assign all visitor activities to a single session, we'll need a temporary identifier that is unique to the visitor but also respects its digital privacy.
To establish a privacy-safe identifier, we're using the following process
- We create a temporary irreversible cryptographic hash for each website visitor that allows us to analyse visitor behavior without using cookies
- Our hashing method uses the following data composition: Exatom client-code, user-agent, IP address, current date; All these data points are concatenated into one long string of text and hashed with the irreversible cryptographic SHA-256 algorithm using a secret key.
Example of a temporary identifier (hash)
Exatom client-code: ABCD Visitors browser user agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Visitors IP address: 220.127.116.11 Day: 2020-01-01
Given the above data the resulting irreversible SHA-256 hash would be aa6db7d9e2a962d1169947c6d36bffbc32491fe595bc8a9689909be57963c099Based on the composition of the hash, it's impossible to
- Identify visitors over an extended period (1 day max)
- Seeing on which websites a visitor is active, as we include the Exatom client code
- Obtain any of the input data from the temporary identifier
- A SHA-256 hash is one way only, so cannot be reversed to get the original data
- SHA-256 is one of the most secure hashing functions on the market
- A rotatable secret key is used to create the hash
What data is collected on my website
To ensure digital privacy for each of your online visitors, we deploy the principle of data minimisation. This means we only collect, process and store the data necessary to provide Exatom services.
At Exatom, we will never collect any data entered on your forms. In our data examples, you can see that the value data points will always contain an asterisks *.
Every time the browser executes our tag, we'll collect it as a pageview and internally lookup to see if you have any forms configured that match and assign the pageview appropriately.
Type: pageView Page: https://exatom.io Date and time: 2020-01-01T00:00:28.302Z Random identifier: 60c60519-46f62673-a5bf4e8-56e4f5fa
Forms found on your website
When a visitor starts interacting with a form on your website, we capture its basic structure and use it to help you manage your forms easily.
Form Name: contact-form ID: contact HTML ID: #contact Destination: /app/website/contact Page: https://exatom.io/contact Order: 0 Page title: Exatom - contact us Is visible: yes Fields Name: full_name Label: Your full name ID: fullName HTML ID: #fullName HTML tag: input HTML type: text Order: 0 Value: * Is visible: yes Group label: Contact us Name: email_address Label: Business email ID: email HTML ID: #email HTML tag: input HTML type: email Order: 2 Value: * Is visible: yes Group label: Contact us Date and time: 2020-01-01T00:00:03.978Z Random identifier: 3a384ab9-be87606c-be8b563-c2f1753e
Every interaction a visitor makes on your forms is analysed and sent over for reporting purposes. For example, when a visitor focuses a field, inputs the requested data, selects a radio button, ticks a checkbox, uses autofill, submits your form, etc.
Form Name: contact-form ID: contact HTML ID: #contact Destination: /app/website/contact Page: https://exatom.io/contact Order: 0 Random identifer: ebcefe10-d809-4540-9387-cc7545f6bb19 Event Type: change Value: * Date and time: 2020-01-01T00:00:03.983Z Event number: 3 Field HTML tag: input HTML type: text Order: 1 Label: Your full name Name: full_name ID: fullName Random identifier: 1119bd36-3676-4728-b8cd-9742adde4acb
Every time the browser executes our conversion tag, we will attribute it to one of your configured forms.
Tag ID: ABCD1 Type: conversion Date and time: 2020-01-01T00:00:45.000Z Details (optional) Transaction ID: ORD-12381236452673 Revenue: 123.22 Random identifier: 273b28c8-4384-4b57-bbf2-88ef407fd268
Motivational Widget events
When we show a visitor a Motivational Widget or when one is clicked or closed we record those signals for reporting purposes.
Type: Motivational Widget Impression Trigger Type: ExatomFormStartHesitation ID: c4a9ae02-33ae-4639-98c1-8c1ec9883202 Random identifier: 2020-01-01T00:00:58.503Z
Data processing location
Our tags are cached and hosted on a worldwide CDN (Content Delivery Network) closest to your visitor, reducing load times to a minimum.
Exatom's data collection leverages AWS (Amazon Web Services) to process and store all your data. This all happens out of the AWS Frankfurt (Germany) location.
AWS has certification for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, 27701:2019, 9001:2015, and CSA STAR CCM v3.0.1. All the AWS services that Exatom is using all fall under the before mentioned certifications.
Data storage and retention
All the stored data does not contain Personal Information, such as IP address, User-Agent, or GEO location.
Our business is privacy-first and founded with a healthy set of digital privacy principles. In terms of storage, this means we'll never store the full IP address, user-agent and geographic location. Instead, we only use small parts of it or anonymise it by applying irreversible cryptographic hashing.
IP address, user-agent and geographic information
The IP address is used to create your temporary identifier and determine your geographic location; from that result, we only store the country, region-code (ex.: Belgium, West Flanders). Your IP address and any other GEO location data is discarded and never stored.
The user-agent describes what browser and device you are using, for example, Mozilla Firefox on a Mac OS desktop machine. We use the user-agent for our temporary identifier and determine what browser- and device type you're using. Again we only keep data we need, discard detailed version info and never store the entire user-agent string.
Your IP address and user-agent data points are always sent to us by the browser, and it's impossible for Exatom not to receive them. As we take digital privacy seriously, we only use this data to extract minimal bits and only store anonymous data or apply an irreversible cryptographic hashing method to it.
Our event data is the original data described above and stored for 90 days. After that period, data is securely erased and will not be available anymore.
As long as you are a client to us, we'll keep storing your reporting data.
In today's digital world, privacy should not be taken with a grain of salt and should be, like Exatom, be one of the basic principles for building or evolving your business.