Документация данных Salesfocus
Приватность

Приватность

Salesfocus SDK and ingestion are privacy-first. The browser runtime collects anonymous behavior facts, not content or identifiers. Privacy guard rejects unsafe payloads even when they arrive through custom_track or a malformed integration.

no-form-values

Сырые значения форм никогда не читаются, не хэшируются, не сохраняются и не отправляются.

  • input.value / textarea.value / select.value: ПДн и чувствительные данные. Действие SDK: Не читать вообще; блокировка privacy guard. Замена: field_type, field_index, focus/change факт.
  • email/phone/name/address/comment: ПДн. Действие SDK: Удалять, даже если пришло через custom_track. Замена: field_type или forbidden_field_detected.
  • document.body.innerText/full text: Полный текст страницы. Действие SDK: Не собирать. Замена: object text_hash только для выбранных безопасных объектов.

Allowed replacements are structural facts: field type, field index, focus/blur/change signal, validation state bucket, and submit attempt. Do not store the value itself even when it looks harmless.

safe-url

URLs are stored as origin plus sanitized path. Query strings and fragments are stripped unless a specific attribution key is explicitly allowlisted and safely hashed/bucketed.

  • raw URL query: Может содержать email/token/session. Действие SDK: Query allowlist/hash; остальное drop. Замена: path_sanitized, utm allowlist/hash.
  • raw yclid/gclid/ym_client_id: Идентификаторы. Действие SDK: Хэшировать только если config разрешает. Замена: yclid_hash, ym_client_id_hash.

path_sanitized must not contain email, token, session id, yclid/gclid raw values, or arbitrary query parameters.

content-hash-length

Selected or copied text is represented only by safe metadata when the collector is enabled: hash, length bucket, object code, and event type. Full page text and arbitrary DOM text are forbidden.

  • No explicit Excel rows in this group; keep the rule as a general guardrail.

Never hash form values; hashing a forbidden value is still collecting it.

rejected-events

Rejected rows store safe reason and shape data only.

  • No explicit Excel rows in this group; keep the rule as a general guardrail.

Таблица rejected может содержать reason_code, safe_detail и payload_shape_json. Она не должна содержать запрещенные значения, сырой HTML, сырой текст, cookies, localStorage или сырые query strings.

payload-shape-only

When a payload is unsafe, store only enough shape to debug the integration.

  • document.cookie: Cookie/идентификаторы. Действие SDK: Не читать; запрет в коде. Замена: Ничего.
  • localStorage/sessionStorage сайта: Может содержать токены/ПДн. Действие SDK: Не читать. Замена: Ничего.
  • innerHTML/outerHTML/full DOM: Содержимое сайта и возможные ПДн. Действие SDK: Не собирать и не отправлять. Замена: selector_hash, structure_hash, tag/code.
  • clipboard text / copied text: Может содержать ПДн. Действие SDK: Не читать содержимое. Замена: selection_len_bucket.
  • canvas/webgl/audio/fonts/plugins fingerprinting: Fingerprinting. Действие SDK: не собирать. Замена: device_type/browser_family грубо.
  • точные координаты mousemove stream: Риск replay/fingerprint/performance. Действие SDK: Агрегировать и bucket. Замена: pointer_distance_bucket, stop_count.

Examples of safe shape diagnostics: top-level keys, value type names, event type, source, and a coarse reason. Do not include values from the rejected payload.

Чеклист очистки URL

  • Strip query and fragment before storing page path.
  • Hash or bucket allowlisted attribution values only when configured.
  • Reject payloads that include raw yclid, gclid, email, token, cookie, or session values.
  • Keep origin separate from path_sanitized.

Чеклист хэширования текста

  • Hash only approved selected/copied text contexts.
  • Cap length and never include full text in logs or rejected rows.
  • Never hash input, textarea, select, comment, address, name, email, phone, or payment values.
  • Treat unexpected text fields in payload as privacy violations.

Политика значений форм

  • Form collectors emit focus/blur/change/validation/submit signals only.
  • field_value, value, text, innerText, and similar keys are rejected when they carry user content.
  • form_submit_attempt means a submit happened; it does not mean conversion or valid lead.
  • Validation details must be safe buckets, not user-entered values.

Чеклист производительности

  • Use passive listeners where possible.
  • Batch events and avoid heavy DOM scans per event.
  • Do not hash on mousemove, scroll tick, or every keystroke.
  • Keep payloads small and checkpoint-based.
  • Do not mutate visible DOM or add UI on client sites.

Приватность Checklist

  • No cookies, localStorage/sessionStorage, raw client ids, raw query strings, full DOM, full text, or form values.
  • No canvas, WebGL, audio, font, plugin, or hardware fingerprinting.
  • No production console noise.
  • Rejected rows must contain safe details only.
  • Admin and docs links must use codes and reason keys, not private values.
Обновлено
training_label_readyДашборд