3 secure ways to handle user data in Raygun
Posted Dec 19, 2023 | 8 min. (1653 words)You know the feeling: You’re right in the middle of cracking a really convoluted coding problem, when an urgent support ticket pops up. It’s not just any ticket; it’s from a VIP customer with a high-severity issue demanding resolution within an hour. You have to drop what you’re doing and scramble, completely context-switching and losing all your momentum.
Often, the biggest challenge in these situations is recreating the exact issue reported by the user. Support tickets lack detail about the user’s setup, making it akin to finding a needle in a haystack of monitoring data. You’re also relying on the customer’s memories, leading to inaccurate or technically imprecise descriptions. Even trickier, some monitoring tools may hinder data retrieval due to sampling and retention policies.
The solution
This is where Raygun’s user tracking feature, known as Customers, becomes invaluable. It’s designed to accelerate issue replication by directly connecting each customer ID to their error and session data. This provides all the technical and contextual information needed about a user’s session and errors, readily accessible to both support and tech teams. By simply looking up the customer by their ID in Customers, teams can efficiently gather the necessary details. This functionality is particularly crucial in high-pressure situations, like swiftly identifying and addressing a VIP customer’s issue within the tight timeframes of your Service Level Agreements (SLAs).
Through this integration of detailed user data, Raygun not only aids in rapid problem identification but also helps ensure that your time remains your own, uninterrupted by on-call emergencies.
But wait, what about privacy?
Privacy concerns in tech are heightened due to the vulnerability of online data and growing awareness of data breaches. Understandably, Raygun users tend to have questions about the security of the customer data they share with Raygun.
Raygun complies with all major privacy and security laws including GDPR, HIPAA, and CCPA, and you have complete control over where and how your data gets used. (You can find instructions for signing our Data Processing Addendum here.)
We also offer three ways to connect user data with error and session information to meet different privacy needs. This article will guide you through each of these user tracking methods to align with your level of requirements. Your software developers, support engineers, and customer support teams will still get the benefits of easy issue replication, all while ensuring full control over data privacy.
Plus, we’ll share how to manage situations where personal identifiable information (PII) has inadvertently been sent to Raygun, walking you through the process of safely removing it.
The 3 levels of implementing user tracking
Level 1: Allows secure transmission of PII data
What information is visible in Raygun: Full name, email address, IP address, location and last seen. IP address and location data collection can be disabled at all levels.
This method ensures compliance and maximizes Raygun’s diagnostic effectiveness. It enables application users to locate customer issues via name or email in Raygun Crash Reporting or Customers, covering the last 6 months. This is invaluable for support staff, who can directly access error details to save time and improve customer interactions.
Please note anonymous users will be given a GUID to differentiate them from authenticated users.
Please note: clicking on the “Sessions” tab here allows support staff to view a list of a customer’s session with the application.
This approach allows support teams to proactively address issues before any customer contact, reducing support costs and enhancing the user experience.
To use this method, simply go to an error group, click on “affected users” in the sidebar of the error details page, and export a list of affected users. Support teams can then proactively contact these users about the specific error group they have encountered, ensuring a world-class level of communication on your customer-facing issues. The support team can also create a support ticket for the Engineering team from the page below by using one of Raygun’s popular issue management integrations, such as JIRA, Trello, Zendesk or GitHub.
How to implement
To implement level 1 user tracking, you can follow the instructions here.
Level 2: Enhanced privacy with User ID and CRM customer ID mapping
What information is visible in Raygun: Mapped user ID, IP address, location and last seen. IP address and location data collection can be disabled at all levels.
Level 2 tracking in Raygun gives you the best of both worlds, where the system maps the user ID to the user’s CRM customer ID for a secure and privacy-conscious approach. This method surpasses Level 1 in providing enhanced issue diagnosis capabilities. By linking user IDs with CRM IDs, we can facilitate efficient issue tracking and resolution while maintaining user privacy.
This approach is particularly beneficial for businesses that value both detailed diagnostic information and stringent data privacy. However, a notable downside is that support teams need to access their CRM tool to find the corresponding user ID in Raygun. Despite this extra step, this method simplifies correlating user experiences with customer records, leading to more targeted and effective problem-solving strategies.
Your support team can take the same proactive steps as in Level 1, but there’s an extra step to match up the mapped user ID in Raygun within your CRM, before you can retrieve the email addresses of affected users in your own system.
How to implement
Implementing Level 2 in Raygun, where you map your user ID to your CRM customer ID, typically involves using Raygun’s API to send the mapped IDs. However, the specific tracking code can vary based on the programming language and CRM system you’re using.
Here’s a generic example in JavaScript:
rg4js('setUser', {
identifier: '123456789', // Your CRM ID or another ID such as a UUID
isAnonymous: false, // Indicates whether the user is anonymous or not
});
In this code:
identifier
is the unique identifier from your system for this user, such as your CRM ID.
isAnonymous
is a flag indicating whether the user is logged in (or identifiable) or if they are anonymous. An anonymous user can still have a unique identifier.
This setup respects user privacy by not transmitting names or other personal identifiers while still allowing you to map user activity to customer records in your CRM.
If you want to completely anonymize your users, see the instructions for level 3.
Level 3: Fully shielded issue resolution with UUIDs
What information is visible in Raygun: By default, and with no user tracking defined in your code, every user in Raygun is represented by a random unique identifier using Universally Unique Identifiers (UUIDs). IP address and location data collection can be disabled at all levels.
Level 3 in Raygun allows for protected user privacy and effective tracking. By using UUIDs, we uniquely identify user interactions without collecting personal information. IP address and location data collection will be collected by default, but can be disabled in the app at any time. This approach caters to high confidentiality standards, ensuring robust privacy and security. However, the lack of personal identifiers can limit the depth of issue diagnosis. Support teams and software engineers will have access to essential tracking data, but without direct user identification, pinpointing and resolving specific customer issues will be more challenging.
With this approach, you will intentionally ignore the set up for Customers, which is the last (optional) setup step on the setup instructions page. Using this approach, when you visit the Customers section, you will see that all your users have been assigned a random UUID:
How to implement
By simply not adding the Customers code snippet when you’re creating an application inside Raygun, you’ll ensure that L3 will be used. By default, using tracking code snippets is not a mandatory step (though highly recommended) on our setup instructions page.
What about Real User Monitoring?
If you also use Raygun Real User Monitoring, the same level of user information you can see in Customers will also be sent into Real User Monitoring.
Opting to disable IP address and location data collection in your application settings can affect the completeness of information in the Geo and Live tabs inside Real User Monitoring. Without this data, you may notice these tabs appearing incomplete or even empty. This limitation can pose a challenge for software engineers, especially when investigating issues like slow page loads. For instance, without location data, it becomes difficult to determine if slow page speeds are due to users being geographically distant from your data center. Such information is crucial for ruling out location-based factors in performance issues.
Help! How do I remove sensitive data from Raygun?
You can easily remove sensitive data from your Raygun apps. Simply follow these instructions to remove PII data from your application.
Choosing the right balance: Utility vs. privacy in Raygun
User tracking offers immense benefits for developers and support teams, facilitating precise issue diagnosis and efficient problem resolution. To meet the varied needs of different businesses. Raygun provides three levels of user tracking integration, each with varying degrees of privacy implications. Level 1 allows for the most detailed insights with full PII data, while Level 2 balances diagnostic depth with privacy by mapping user IDs to CRM IDs, and Level 3 prioritizes privacy with de-identified user tracking using UUID.
Raygun is committed to upholding data privacy and adheres to international standards, ensuring that all integration levels are secure and compliant. We encourage customers to select the level that best aligns with their specific needs and company policies, to achieve both thorough issue diagnosis and stringent data privacy.
If you’re already using Raygun and think you might want to adjust your user tracking to one of the options we’ve laid out in this post, explore the linked resources above to get started. Contact the Raygun team in-app anytime for asssistance.
If you’re not currently a Raygun user, and you’re looking to enhance your issue resolution process without ever compromising on user privacy, start your 14-day free trial now.