Co-Browsing API

    Documentation

    What Data Does Upscope Store?

    Here's a breakdown of the type of data that Upscope stores for co-browsing and how long it is retained. Please note that this is in no way a warranty that data will be kept, and, unless specified in your Agreement, it might be deleted earlier at any time and without notice.

    Products

    This schedule also applies to the UserView and HelloScreen Co-Browsing modules, which are built on top of Co-Browsing API.

    Definitions

    • Upscope Cloud means our own hosting infrastrucutre.
    • On-premise means hosting the Upscope co-browsing bridge server within your own infrastructure.
    • Edge means data stored in Upscope Cloud datacenter closest to the Visitor, or the one you choose in your settings, or your on-premise installation.
    • USA means data stored in our main datacenter in the United States.
    • Edge, USA In Transit, means data stored on Edge, but retrieved from Edge by our main datacenter for processing. Because on-premise installations are not reachable by our main datacenter, these features might not be available.
    • Users are people who have an account on Upscope.
    • Visitor means people who take part in a co-browsing Session as "sharers", or who visit your website and we collect data of.
    • Agents means people who take part in a co-browsing Session as "viewers". These could be Users or viewers generated with our REST API.
    • Upscope Visitor ID means a unique identifier we assign to your Visitor.
    • Visitor Unique ID means a unique identifier you provide for the Visitor.
    • Session Content means content being shared during a Sessions.

    Data Never Sent to Upscope

    This data remains in your Visitor's browser and is never touched by Upscope.

    • The content of your Visitor's webpage until a Session is initiated and authorized by the Visitor, or until a screenshot is triggered (if enabled for our UserView product).
    • Any page content masked with the no-upscope CSS class or specified in your general settings.
    • Your Visitor's cookies or browser storage content.
    • If console access is enabled, the content of your Visitor's console until a Session is initiated. (If console access is disabled, the data does not leave the Visitor's browser even while in Session.)

    Data Sent to Upscope for Processing (Edge)

    This data is sent through Upscope's servers but is not stored or logged by Upscope. This is known as Session Content.

    • The HTML content of your Visitor's webpage after a Session is initiated until it is stopped.
    • The audio component of your Sessions, if you have audio enabled.
    • The full screen of your Visitors or agents during the Session, if you have full screen sharing enabled.
    • If console access is enabled, the content of your Visitor's console after a Session is initiated until it is stopped.
    • All agent instructions such as highlight, scroll, and clicks.

    Data Sent to Upscope for Processing (USA)

    This data is sent through Upscope's servers but is not stored or logged by Upscope.

    • If connected to some CRM integrations (e.g. Intercom), the content of your conversations or your CRM User' details.

    Cached by Upscope for 24 Hours (Edge)

    This data is stored by Upscope for up to 24 hours for performance improvement reasons.

    • The content of any publicly accessible asset on your website (e.g., stylesheet, image, font, etc.).

    Stored by Upscope for 1 week (USA)

    This data is used for debugging and only available to our DevOps team. This does not include Session content.

    • A log of all requests made to our servers, including user IPs, redacted request body, redacted responses.
    • Telemetry information on how the Users interact with our application.
    • Random sample of Visitors connections to our Edge servers.

    Stored by Upscope for 30 Days (Edge)

    This data is stored by Upscope for 30 days after the last time the Visitor is seen by Upscope, until you delete the data via the dedicated page, or until you delete your account.

    Some accounts that have a lot of Visitors might have their Visitor data auto-deleted after 24 hours.

    • The Visitor's last IP address.
    • The Visitor's last page view timestamp.
    • The Visitor's last page view URL.
    • The Visitor's country and city (derived from the IP address, not GPS information).
    • The Visitor's device information, such as browser and device type.
    • Whether the Visitor is currently online.
    • Optionally, the Visitor Unique ID from your system, provided by you or one of our CRM partners.
    • Optionally, the Visitor's list of identities (such as their name or email), provided by you or one of our CRM partners.

    If you use our Upscope Cloud REST API (USA In Transit)

    If you use our Upscope Cloud REST API, the above data is also sent to our USA data center for processing only. You will need to use the on-premise REST API if you use on-premise deployment.

    If you use a CRM integration (USA In Transit)

    If you use our CRM integrations, the above data is also sent to our USA data center for processing only.

    If you have screenshot features enabled (Edge)

    If you have enabled our screenshots features (with UserView or advanced APIs), we will collect details of the Visitor journey and store them on the Visitor's browser until they open a live chat conversation with one of our supported partner integrations, or until the saving is triggered through our Javascript SDK.

    The following data is then stored for 30 days or until the Visitor is manually deleted.

    • The HTML content of your Visitor's webpage, excluding redacted areas.
    • Details of the Visitor's journey such as clicks, things typed in fields, and other data sent through the Javascript SDK.
    • URLs of the last few page views of the Visitors.

    Stored by Upscope Until Account Deletion (USA)

    This data is only deleted if you decide to stop using Upscope and delete your account.

    • IP address, Visitor Unique ID (from your system), and list of identities (such as name or email) of all Visitors you have had a Session with, unless you delete the data via the dedicated page or our REST API. This does not apply to on-premise installations.
    • A log of all Upscope Cloud REST API calls made, including redacted request body and response.

    Non-Visitor data

    • A log of all webhooks sent to your server, without request body.
    • Details about your Upscope usage, such as the number of times of Sessions, the length of the Session, the Visitor ID. No Session content is included in this.
    • Your credit card details.
    • Any oauth key used for connecting to any integration.

    Stored by Upscope Until Account Deletion, if you have Session recording enabled (Edge)

    This data is only stored if you have Session recordings enabled. Your plan or settings might reduce the data retention period.

    • MP4 recordings of your Session Content unless you delete the data via the dedicated page or our REST API.

    Stored by Upscope for 1 Year After Account Deletion (USA)

    This data is stored by Upscope for 1 year after your account is deleted, or when you send us a request.

    • All your Session history, including timestamp, Upscope Visitor ID, Visitor Unique ID (unless it looks like an email). No Session content is included.

    Non-Visitor data

    • All your Agents' names, emails, phone numbers, IP addresses, and all changes to each of their accounts. If the Agents are part of multiple teams, this data will be retained as part of the other team.
    • All the changes made to your account settings.

    Stored by Upscope Indefinitely (USA)

    This data will be retained by Upscope indefinitely unless required to delete it by law.

    Non-Visitor data

    • All the contracts you sign with Upscope.
    • Your billing history, such as all payments made.
    • Your billing details, such as everything that you'd see on an invoice.
    • All your and your User' communications with Upscope, including emails, video calls and chat conversations.