All data collected by Pendo is treated as sensitive data. To further support your data privacy, policy, and compliance requirements, Pendo provides a variety of methods to prevent capturing data. You can use these methods to prevent general data capture across entire applications or sets of users, as well as to avoid capturing specific data attributes.
Conditional initialization
The most general way to prevent Pendo from collecting data is to not initialize Pendo at all in certain circumstances. This can be achieved by only initializing Pendo when a certain condition is met. For more information, see Conditionally initialize Pendo. For example:
if ( condition ) {
//do not track this user
}
else {
pendo.initialize(){
//pendo metadata
}
}
Do Not Process option
You can use our "Do Not Process" option to prevent data collection on specific visitors and accounts in Pendo by opting them out of Pendo analytics and guides. This option is typically used to help companies comply with GDPR requirements and allow end users to invoke their data rights. For information about GDPR at Pendo, see our General Data Protection Regulation (GDPR) article.
The "Do Not Process" option doesn’t delete historical data. You can invoke data rights on behalf of your end users, such as the Right to Erasure, by contacting Pendo technical support.
When you use the "Do Not Process" option for a visitor or account, the Pendo agent immediately discards their existing data and doesn't collect data on any subsequent events for that visitor or account. The visitor or account is no longer tracked and doesn't receive guides.
You can use the "Do Not Process" option in Pendo in one of two ways:
- Programmatically using Pendo's endpoint.
- Manually through the Pendo UI.
Programmatically turn on Do Not Process
You can turn on the "Do Not Process" option using the Pendo opt-out endpoint. For information, see our Engage API documentation. Customers can also programmatically bulk delete large numbers of visitors and accounts using Pendo's bulk deletion endpoint.
Manually turn on Do Not Process
You can turn on the "Do Not Process" option on the details page of the individual visitor or account in the Pendo UI:
- Navigate to People from the left-side menu.
- Open either Visitors or Accounts as needed.
- Find and select the visitor or account you'd like to opt-out of data collection
- In the Overview tab for this visitor or account, select the Do Not Process (GDPR) checkbox under Pendo Settings.
Visitors and accounts that appear in the Pendo UI have already been tracked at least one. After manually selecting Do Not Process (GDPR) in the UI, no additional data is tracked.
Disable IP address and geolocation
You can request that we disable the collection of geolocation information, such as IP addresses, by Pendo servers (both logs and databases).
While geolocation isn't currently used in the Pendo UI, we might add features related to these data points in the future. Should that happen, subscriptions that have IP address and geolocation logging disabled won't be able to take advantage of these features.
To disable geolocation logging, contact Pendo technical support.
Disable cookies
By default, Pendo uses localStorage and falls back on cookies if certain conditions are met. For information, see the Agent Cookies article.
Disabling cookies has the following potential implications:
- Unidentified visitor tracking might produce more anonymous visitors than unique visitors. This is because every page load, regardless of authentication, generates a new Visitor ID. We don't recommend turning off cookies if you're tracking unidentified visitors.
- Guide throttling might not work correctly for visitors who don't have cookies enabled.
- Guides might show more than once to the same visitor.
- Only Me segmentation breaks for unidentified users until they're identified again.
- Any existing cookies still exist until they expire.
To disable the use of cookies, set disableCookies to true in the initialize method of the Pendo install script, as shown below.
pendo.initialize({
disableCookies: true,
visitor: {
id: 'joe@acme.com'
},
account: {
id: 'Acme'
}
});
The above example would disable cookies for all visitors. You can disable cookies for specific visitors, such as those in the European Union or those who opt out of cookies, by using conditional logic.
Ignore specific HTML elements
Add the pendo-ignore class to an element to prevent all data collection for that element. For example, adding pendo-ignore to the BODY element prevents all data capture. For more information, see Exclude specific element tracking in the HTML attributes in data collection article.
Exclude specific HTML attributes
Pendo collects HTML attributes, which is explained in the HTML attributes in data collection article. To prevent the collection of specific HTML attributes, for example, if PII is displayed in a data attribute, ask Pendo technical support to add HTML attributes to your htmlAttributeBlacklist. This stops Pendo from collecting the attributes that you specify on all future Click Events and Focus Events.
Exclude inner text
Pendo collects text inside elements, which is explained in the HTML attributes in data collection article. To prevent the collection of an element's innerText, for example, if PII is displayed, set excludeAllText to true in the initialize method of the Pendo install script, as shown below.
pendo.initialize({
excludeAllText: true,
visitor: {
id: 'joe@acme.com'
},
account: {
id: 'Acme'
}
});
After excludeAllText is enabled, you can whitelist specific text strings using allowedText. Fore more information, see Analytics in the agent API documentation.
Transform URLs
You can use the Location API to modify the browser URL that the Pendo agent receives from your application. The actual application is still using the original browser URL, and end users only see the browser URL, but the Pendo agent receives a more detailed or sanitized version of the URL that is used for analytics and guide targeting.
For more information, see Tech Note: Transform the URL collected by Pendo using Location API (web only).
Exclude lists
Exclude lists are a subscription-wide setting available to Pendo admins in Settings > Exclude lists. Exclude lists don't prevent data capture, but do remove it from the Pendo UI.
Pendo calculates metrics using events. Exclude lists filter out events from the details and metrics calculation for all segments (except Exclude lists Accounts and Visitors) that match at least one of the filter settings: Server Hostname or Domain, Source IP Address, Visitor ID, Account ID.
For more information, see Exclude and Include Listing.