Appearance

Privacy Controls

Assumetr shifts the burden of privacy compliance from the client (frontend code) to the server. Instead of asking developers to manually strip PII out of individual tracking calls, you configure Privacy Controls centrally in the dashboard.

Every control you configure here is heavily audited. Any change is recorded in the immutable ledger, and these controls form the foundation of your Evidence Packets.

Available Controls

1. IP Address Handling

By default, Assumetr never stores raw IP addresses.

  • Hash IPs (Default): The incoming IP address is cryptographically hashed with a daily rotating salt. This prevents persistent tracking while still allowing basic geographic aggregation (city/country) if needed.
  • Drop IPs: The IP address is completely discarded upon ingest.

2. URL Collection

URLs often accidentally contain sensitive PII (e.g., ?email=john@example.com or /users/123/password-reset/tokenabcd).

  • Collect Full URLs (Default): The entire URL is collected.
  • Strip Query Parameters: All ?key=value pairs are removed before the data is processed or forwarded.
  • Path Only: Only the pathname (e.g., /dashboard) is kept. Origin, search, and hash fragments are dropped.

3. Session Stitching

  • Enabled (Default): Assumetr stitches events together into sessions using an ephemeral, HttpOnly server-side mechanism that expires.
  • Disabled (Strict Mode): Every event is treated as completely independent. No session aggregation is performed.

4. Retention Windows

You must declare how long raw telemetry data can be retained before it is permanently purged.

  • 30 Days
  • 90 Days (Default)
  • 1 Year

When data crosses this threshold, it is automatically purged by Assumetr's automated retention processes. The deletion itself generates a cryptographically signed "Retention Proof" which is included in your Evidence Packets.

Generating Evidence

When you alter a privacy control, the ledger records exactly when the policy changed. If an auditor asks "were you collecting IP addresses on October 14th?", your Evidence Packet will definitively answer that question with cryptographic proof.