Personal data protection and privacy are the core values of LiveSession. Below we’ve described everything you need to know about the CCPA - California Consumer Privacy Act. If you don’t have time to read through complex legal documents, this short summary should be enough.
Disclaimer: LiveSession will never sell your, your employees’ or your website visitors’ personal data to anyone.
We’re fully GDPR compliant, which is why the CCPA is a natural next step for us. As GDPR is a distinct European regulation, we prepared this short guide to CCPA for you:
What is CCPA?
It’s a law related to processing personal data of citizens of the European Union (EU) and the European Economic Area (EEA).
It’s a law related to processing personal data of a natural person who is a California resident, which also covers:
- every individual who is in the State for other than a temporary or transitory
- every individual who lives in the State but it outside of the State for a temporary or transitory purpose.
Why you and LiveSession are bound by the CCPA?
Our services are available to customers from all over the world. Our tool records the user’s activity on a website or in an app. This recording is called session replay.
As our customer under the CCPA, you are considered as a business, while LiveSession is aservice provider. CCPA applies not only to companies doing business in California, but also to any other businesses managing and processing personal information of California’s citizens.
We give you a tool we’re responsible for. You can use it in accordance with the law.
CCPA applies to any business including any for-profit entity that collects consumers’ personal data, does business in California, and satisfies at least one of the following thresholds:
- Has annual gross revenues higher than $25 million;
- Stores personal information of 50,000 or more consumers, households, or devices;
- Earns more than half of its annual revenue from selling consumers’ personal information.
Please note that everything you’ll read here is not a legal advice. We suggest you contact your legal advisor to make sure if you are bound by the CCPA.
What is a session replay? How is it related to personal data?
A session replay is a reconstruction of the user’s journey on a website or within a web application. It consists of mouse and keyboard movements, scrolls, taps, and clicks. Watching a session replay feels like sitting next to the user and watching them interact with your website.
When you use LiveSession on your website, you allow the service to process user data. There are two main ways of processing data, passive and active.
Passive processing is related to session replays stored on Google Cloud. As our client, you’re the only person who can access this data.
Active processing involves the data you send us intentionally, such as company details, email addresses, and the names of your employees. You need to share this information to use our service.
Is it possible to use LiveSession without recording any personal data?
Yes, it’s possible. Here’s how it works:
Passively processed data is anonymous by default. This applies to forms on your website, too. If you’d like to identify recorded users, you can do it with our custom properties feature. By default, we do not record any inputs that can be potentially sensitive. On the other hand, if personal data is included in the static content of your website, you need to anonymize it yourself. Otherwise, it will be recorded.
Important tip: We suggest that you audit your website. Make sure that you exclude all fields that could contain sensitive information. This is a way to make sure that your website is CCPA-compliant.
What are the user rights provided by CCPA?
Here are some of the user rights under the CCPA that you need to consider:
- The right to amend, access, and receive copies of personal data.
- The right to erase data.
The user can ask you to delete their personal data. It’s also known as the right to be forgotten. You can erase the user’s data very easily.
- Limitations on data processing
- The right to object to the processing of personal data.
- The right to data portability
- the right to non-discrimination for the exercise of your privacy rights.
If requested, it’s possible to move the user’s personal data to another place. To exercise these rights, please get in touch with LiveSession at: https://livesession.io/contact/
The CCPA requires us to answer within 45 days. We’ll do our best to reply as soon as possible