Skip to main content
All CollectionsSecurity & Privacy
What data does Chameleon collect and why
What data does Chameleon collect and why

Chameleon doesn't collect personally identifiable data by default

Chameleon Team avatar
Written by Chameleon Team
Updated over 7 months ago

Chameleon collects data on a lawful basis to enable users to access their account and Chameleon data, and to effectively show in-app Experiences to the right users.

We take security very seriously and we seek to continually improve our systems with the most cutting-edge techniques to guard against any attacks or unauthorized access.

👉 If you're looking for information about what analytics are available within Chameleon, then read the Experience Analytics Overview.


Lawful basis for processing data

As part of the EU GDPR (read more about how Chameleon is compliant here) organizations are required to provide a clear lawful basis for processing personal data. 


Chameleon as a Data Collector

Chameleon collects personal data, such as email address (when signing up for the service here) to enable Chameleon to uniquely identify customers and help them access their account, and all data associated with it. The basis of this is a legitimate interest in helping Chameleon deliver its core service. 

Chameleon also collects other personal data, on the basis of consent, to provide interested people with more information about Chameleon's product and other related and relevant content. Examples of this include:

  • Phone number (if requesting a demo here)

  • Email address (when subscribing to our blog here)

Learn more about which vendors Chameleon uses, their GDPR compliance, privacy terms, and opt-outs here

Chameleon is GDPR compliant and offers customers their individual rights to access, delete, and modify their data, etc. You can learn more information about how to do that here


Chameleon as a Data Processor

Customers can send Chameleon data about their users, to help show more targeted and relevant content, and to assess which users engaged with Chameleon tours. The legal basis for Chameleon processing this data is legitimate interest (to help provide Chameleon's service). 

Chameleon helps customers fulfill their obligations to their users, by offering various methods to access, delete and modify this data. You can learn more information about how to do that here.

Chameleon does not collect any personal data of end users by default. When the Chameleon code snippet is loaded on a customer's software page, the only data Chameleon obtains by default is user agent  and URL . We do not collect the IP address of end users.

💡 Sending user data to Chameleon enables you to deliver more contextual and personalized in-app Experiences. Check out how Chili Piper leveraged their warehouse data to generate $150K+ ARR, or how PetScreening leveraged their user data to increase conversions by 25% and 2x cross-sells. Learn more about sending data to Chameleon.

When using a button "Action" to fire a click on an element, or when placing in-line Embeddables, Chameleon also collects CSS selector  information to better identify the specific element. Learn more about selecting elements in Chameleon.


Data Protection Impact Assessment

As per GDPR's recommendations, Chameleon has completed a Data Protection Impact Assessment to help us identify and minimize data protection risks within our systems. 

Cookies, localStorage, and more...

Cookies: Chameleon does not use cookies for any accounts created after Oct 2022, for accounts created before this time we use cookies for accounts that use Tour shortlinks (a now-deprecated feature that generated a short link i.e. https://i.chmln.co/c/5a17sa). A Tour shortlink triggers a Chameleon Experience on page load. Contact us if you're unsure if your account is using Tour shortlinks.

localStorage: Local storage is used in three main ways (all are essential to the function of Chameleon).

  • First, localStorage is used to keep track of progress through a Chameleon Experience in order to manage state across different tabs and browsing sessions (i.e. which Step of a multi-Step Tour).

  • Second, for the temporary storage of "not yet synced" data about the performance of a Chameleon Experience (the Microsurvey response you selected or the button you clicked on).

  • Third, localStorage is used to know which user is currently identified to Chameleon. This allows Chameleon to know when the identified user is changed in order to clear the Chameleon keys in localStorage.

Chameleon uses the practice of data minimization to only track and store data essential to the function and performance of your Chameleon Experiences.


More information

You can learn more in the following places, as these are constantly being updated to comply with regulations and improved security:

Did this answer your question?