Chameleon collects data on a lawful basis to enable users to access their account and Chameleon data, and to effectively show in-app Experiences to the right users.

We take security very seriously and we seek to continually improve our systems with the most cutting-edge techniques to guard against any attacks or unauthorized access.

👉 If you're looking for information about what analytics are available within Chameleon, then read the Experience Analytics Overview.

As part of the EU GDPR (read more about how Chameleon is compliant here) organizations are required to provide a clear lawful basis for processing personal data. 

Chameleon collects personal data, such as email address (when signing up for the service here) to enable Chameleon to uniquely identify customers and help them access their account, and all data associated with it. The basis of this is a legitimate interest in helping Chameleon deliver its core service. 

Chameleon also collects other personal data, on the basis of consent, to provide interested people with more information about Chameleon's product and other related and relevant content. Examples of this include:

Learn more about which vendors Chameleon uses, their GDPR compliance, privacy terms, and opt-outs here. 

Chameleon is GDPR compliant and offers customers their individual rights to access, delete, and modify their data, etc. You can learn more information about how to do that here. 

Customers can send Chameleon data about their users, to help show more targeted and relevant content, and to assess which users engaged with Chameleon tours. The legal basis for Chameleon processing this data is legitimate interest (to help provide Chameleon's service). 

Chameleon helps customers fulfill their obligations to their users, by offering various methods to access, delete and modify this data. You can learn more information about how to do that here.
​
Chameleon does not collect any personal data of end users by default. When the Chameleon code snippet is loaded on a customer's software page, the only data Chameleon obtains by default is user agent  and URL . We do not collect the IP address of end users.

When using a button "Action" to fire a click on an element, or when placing in-line Embeddables, Chameleon also collects CSS selector  information to better identify the specific element. Learn more about selecting elements in Chameleon.
​

As per GDPR's recommendations, Chameleon has completed a Data Protection Impact Assessment to help us identify and minimize data protection risks within our systems. 

Cookies: Chameleon does not use cookies for any accounts created after Oct 2022, for accounts created before this time we use cookies for accounts that use Tour shortlinks (a now-deprecated feature that generated a short link i.e. https://i.chmln.co/c/5a17sa). A Tour shortlink triggers a Chameleon Experience on page load. Contact us if you're unsure if your account is using Tour shortlinks.

localStorage: Local storage is used in three main ways (all are essential to the function of Chameleon).

Chameleon uses the practice of data minimization to only track and store data essential to the function and performance of your Chameleon Experiences.

You can learn more in the following places, as these are constantly being updated to comply with regulations and improved security: