Control your environment without installing any third-party code.As an add-on package, SiteSpect Enhanced Analytics combines two powerful tools to fortify and finely tune campaign data:
  1. Outlier Data: To identify and mitigate anomalous data that can skew data-driven decision making.
  2. Real User Monitoring (RUM): Capture & analyze actual user interactions and layer performance metrics into any campaign report.
For more information visit
SiteSpect is CCPA Compliant. The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for US residents of California. More information about SiteSpect’s CCPA support is located on our Customer Notice On EU GDPR and CCPA Support page.SiteSpect will dedicate resources to the equivalent of a full-time employee to work with your team at your offices.SiteSpect will dedicate resources to the equivalent of a half-time employee to work exclusively with your team across any of the professional services.SiteSpect will dedicate resources to the equivalent of a full-time employee to work exclusively with your team across any of the professional services.SiteSpect provides on-site training sessions custom designed especially for your business and IT teams to help you achieve your business goals.SiteSpect has a curriculum of training modules and best practices that you can take advantage of to increase your team's adoption and mastery of the user interface.We offer training to get you up and running quickly, including test building courses & analytics interpretation.Take advantage of SiteSpect's premium help and knowledge portal where you will find FAQs, how-tos, and detailed step-by-step instructions for successful use of the SiteSpect platform.We offer monthly webinars on SiteSpect featured functionalities and best practices for increased value and success.Identify additional testing and personalization opportunities from the results of past campaigns.Our professional services team will work with you to create visualizations to demonstrate how SiteSpect affects your revenue.Optimization Consultants will provide full analytical reports on campaign performance, highlighting KPI impact, segment analysis, and key insights.Optimization Consultants will show you the best way to get the most out of your traffic across a large number of tests and personalization campaigns.Learn how to track and monitor running tests and personalization campaigns.Learn best practices for efficiently creating and executing tests and personalization campaigns.Design, develop, and optimize all of the components for your program.Learn how to structure experiments to maximize learning and efficiency. A/B vs. MVT, Controlled Experiments vs. Personalization.Add a workflow tool to integrate your prioritization and team workflow directly into SiteSpect.Your Optimization Consultant provides best practices and process recommendations for running a high functioning optimization program.SiteSpect will provide guidance and support for making decisions regarding scheduling tests in order to maximize efficiency and generate as much learning as possible as efficiently as possible.Working with key stakeholders in your organization, SiteSpect will provide test ideas that improve the customer experience and move the needle on your key performance metrics.Your Optimization Consultant will provide best practices for creating data-driven hypotheses that answer key business questions.Based on our experience and your analytics, your Optimization Consultant will help you identify optimization opportunities and establish a workflow for collecting and managing input from across your organization.Provided by your SiteSpect Optimization Consultant who understands your business objectives and works with you to achieve your testing goals and increase ROI.Number of hours SiteSpect professional services representatives will work on strategy, creation, or analysis for your optimization program.Enforce an optimization workflow with campaign administrators, builders and read-only roles.Custom integration with 3rd party tools such as Adobe Analytics, Google Analytics, CrazyEgg, Hotjar and more.Build and optimize the customer experience on iOS and Android apps. Build experiences visually, directly on your mobile device, leverage our SPAs or use API only solution.Leverage Custom Variables to capture dimensions about users, such as products purchased, categories viewed and items searched.Isolate users in single Campaigns or allow them in multiple overlapping experiences.Create a unified customer experience by connecting experiences for recognized users across devices.Automate your optimization program through our API: and deploy server-side functionality with on/off switches or progressive rollouts. Leverage cookies, headers or parameters for feature flagging. Test and optimize your CMS, recommendation engine, and other vendor tools.Leverage our SPA SDK to test and optimize your Single Page Application. Support for major frameworks such as Angular, React, and others.Modify the source code of pages on the fly with Regular Expressions, with zero impact to performance. Replace, remove, add in new functionality before pages are rendered in the browser.SiteSpect offers a number of capabilities for effective front-end testing. Use Visual Editor or Regular Expressions to modify source code, support SPA frameworks, define pages for reusability in tests, and minimize performance hits for users and servers.Use point-and-click actions to modify text, images, buttons, promotional banners, and styling. Create, move, rearrange, hide, and track behaviors across channels. Works with SPAs out of the box, such as React and Angular.Push winning Variations to all traffic to benefit early from wins. Push hot fixes your website to quickly resolve issues, to all traffic or segments of users.Respond to real-time alerts and in-product messages to proactively manage your campaigns. Known when a campaign has a winning variation, is hurting conversion, does not have any recent visits, or is disabled.Quickly analyze and understand relevant campaigns and outcomes. Measure conversion, KPIs, user actions, events, conversion funnels, and other key user interactions in our comprehensive dashboard.Personalize the experience for mobile devices, geo location, user types, and user behaviors. Build your own Audiences to align with your key segments of users and leverage your Data Layer.Experience our proxy architecture built from the ground up to avoid flicker and ensure fast experience delivery across desktop, tablet, and mobile devices.Training to get you up and running quickly, includes test building courses & analytics interpretation.Dedicated optimization consultant for strategic and tactical guidance. Your GoLive Report is a success plan to get your team up and running, including website audit, test ideas and optimization roadmap. You will also get ROI (return on investment) modeling backed by Forrester.Depending on which package there are countless tests, segmentations and optimizations within your control across almost any digital touchpoint.Run as many Campaigns as you want.Our optimization experts work with you to recommend 10 impactful test ideas to improve customer experience and impact your bottom line, and build 10 Campaigns so you can quickly benefit from our platform.Directly ingest SiteSpect traffic logs into your monitoring infrastructure to diagnose underperforming applications/servers and identify site errors in near real time.SiteSpect sends a sample of log data to, a log visualization service. This service offers full flexibility to view and analyze logs relating to traffic health and routing. Your network operations center can also use this service to build your own visualization and dashboards or integrate into existing systems.SiteSpect is GDPR Compliant. The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collecting and processing personal information of individuals within or who are citizens of the European Union. More information about SiteSpect’s GDPR support is located on our Customer Notice On EU GDPR Support page.SiteSpect is HIPAA ready, which saves you time when you use SiteSpect in your HIPAA-compliant environment. SiteSpect obfuscates and encrypts visitor behavior and does not store any personal data. SiteSpect also offers on-premise and other deployment models to guarantee personal data never leaves your datacenter.SiteSpect supports Single Sign-On (SSO) authentication through Active Directory and SAML. SSO allows you to centrally manage SiteSpect permissions and login credentials. It also makes it easier for SiteSpect users to quickly log in and switch between their applications saving time and improving productivity.Restrict user access to SiteSpect by IP address.Restrict access to your websites by IP address. Create lists or ranges of IP addresses that allow trusted (whitelisted) users to access your websites or prevent access from disallowed (blacklisted) users.Two-Factor Authentication, also known as 2FA, requires not only a password and username but also something that only a user has access to, such as a token. Using a username and password together with a token makes it harder for potential intruders to gain access to SiteSpect.SiteSpect complies with both the EU-US and the Swiss-US Privacy Shield Frameworks. SiteSpect certifies that it adheres to the Privacy Shield Principles with respect to personal data. More information about SiteSpect’s Privacy Shield support is available on our Business Services Privacy Policy - GDPR and Privacy Shield page.SiteSpect includes a complete history of every user action. Quickly undo changes in the audit history list and audit any change as part of your change management process.SiteSpect maintains the privacy of all customer data by ensuring no test data is exposed and that data is not grouped with or shared with others in any way.SiteSpect leverages Alert Logic to monitor and track security vulnerabilities. This provides you with an additional line of defense as we will notify you of any detected threats or attacks on your website.SiteSpect supports nine different permission levels that provide control and configurable access. Set view and edit permissions on a per user basis for building, managing, and analyzing campaigns.SiteSpect fully supports encryption for all types of in-transit data such as end-user content, SDK and API transmissions, and business user data. We also support testing on HTTP and HTTPS websites.

Business Services Privacy Policy – GDPR and Privacy Shield

Privacy Notice Relating to the European Union General Data Protection Regulation (GDPR) and the EU-U.S. Privacy Shield

For the purposes of this document, SiteSpect refers to three corporate entities:

  • SiteSpect, Inc., located in Auburndale, Massachusetts, United States
  • SiteSpect Limited, located in Derby, Derbyshire, United Kingdom
  • STSP Europe BV (d/b/a SiteSpect Europe), located in Breukelen, The Netherlands

Some SiteSpect clients are located in the European Union (EU) and other regions, and / or do business with clients within the EU, or elsewhere.  In these cases, the company in which SiteSpect is contracted is required to comply with all GDPR obligations.

SiteSpect is committed to meeting all of the EU GDPR requirements.

SiteSpect complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, the United Kingdom, and Switzerland transferred to the United States pursuant to Privacy Shield.  SiteSpect has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit

The Federal Trade Commission has jurisdiction over SiteSpect’s compliance with the Privacy Shield and SiteSpect is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

As part of the GDPR and Privacy Shield obligations, companies are required to advise you of their policy in a clear and transparent manner.  They are required to provide this information free of charge.  Listed below are a few (but not limited to) of the requirements:

  • Who is responsible to control your personal data (if any), and their contact information
  • The purpose of its collection
  • Specifically, what is collected
  • If it is shared with any third parties, and why
  • Details of transfers to third countries and how it is protected during this transfer
  • Your ability to “Opt Out” or withdraw consent at any time
  • Your ability to access your personal data
  • If the collection is part of a statutory or contractual obligation
  • The existence of any automated decision making or profiling
  • The source, if data is collected by a third party

Responsibility to Control Your Personal Data

SiteSpect has designated its Data Privacy Officer to oversee the control of personal data and coordinate SiteSpect’s compliance with the GDPR and Privacy Shield obligations. The contact information for the Data Privacy Officer appears near the end of this document.

Purpose of Collection

As noted in our general Privacy Policy, SiteSpect contracts with a variety of companies to provide a service to test variations in the digital customer experience on its client’s websites.  Users of the websites are unlikely to be able to detect that SiteSpect is involved during the browsing experience.

In order to fulfill SiteSpect’s contractual obligation to its clients, it must collect some specific information.  In addition, SiteSpect is contractually obligated to maintain compliance with the Payment Card Industry Data Security Standard (PCI-DSS) which requires preservation of audit logs for at least one year.

SiteSpect will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.

What is Collected

While SiteSpect believes that aggregated data it collects does not constitute personally identifiable information (PII) as defined by the GDPR and Privacy Shield, it secures this data as if the data is PII.  The data is subject to strict access controls and when processed and transmitted by SiteSpect, the data is encrypted.

While providing services to our clients, SiteSpect collects the following data, which is stored in audit logs and available in reports accessible by clients of SiteSpect that could potentially raise privacy issues under GDPR:

  • The user’s browser agent-string (also known as the User Agent)
  • The user’s Ancillary Cookie Value (if configured by the client and consented to by the user on the client’s website)
  • The user’s OmniChannel Cookie Value (if configured by the client and consented to by the user on the client’s website)
  • The user’s IP address
  • The user’s SiteSpect ID, an anonymous, randomized identifier stored as a cookie

Definitions of the above terms

The user’s browser agent-string is supplied by the user’s browser and it tells the website information about the browser and operating system.  This allows the website to customize content for the capabilities of a particular device. On average, only one person in about 1,500 will have the same agent-string as you.  On its own, that isn’t enough to reveal a person’s identity, but in combination with other details like geolocation to a particular ZIP code the agent-string might be used to identify an individual.  Here is an example of an agent-string that was sent by a user using the FireFox browser, “Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0”.

The Ancillary Cookie Value and OmniChannel Cookie Value are simply “-” by default, which reveals nothing about the identity of the user.  However, the website of the SiteSpect client can set these values, once it has obtained a user’s consent to use cookies.

An IP address is a numerical label which is used to identify one or more devices on the Internet.  While SiteSpect stores the entire IP address in its audit logs, when reported to SiteSpect clients only the first two octets of the IP address are displayed.  By only providing a portion of the IP address to the clients, the clients ability to relate the IP address to a specific individual is limited, and location data will be limited to the state- or possibly county-level of detail.  According to an EU court decision, an IP address is only personal information when it is accompanied by other data that when used together could reveal an individual’s identity.

The SiteSpect ID is a anonymous, randomize identifier that is generated for each user device and stored as a cookie.  Commonly the cookie is named “SSID” and set to persist within the user’s browser. This is used to associate multiple visits to a website by the same user, to ensure consistency of the user experience. By setting this cookie value to “0” (numeric zero), an end user effective opts-out of any further data collection by the SiteSpect business service.

Disclosure of Personal Data

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your Personal Information to any regulatory or law enforcement agency if we believe that such action is necessary to protect the rights, property or personal safety of SiteSpect, its customers or any third party.

SiteSpect complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland to the United States, including the onward transfer liability provisions. In cases of onward transfer pursuant to the Privacy Shield Principles, SiteSpect is potentially liable.

A subset of the data collected may be shared with SiteSpect’s customer’s in order to provide its service to test variations in the digital customer experience on its client’s websites.

Individuals have the right to request that SiteSpect limit the use and disclosure of personal data to third parties. Such requests should be made to and will be processed within a reasonable timeframe.

Data Transfers Between Countries

All data transmitted by SiteSpect from the EU to the US and vice versa is encrypted using TLS.

Your Ability to “Opt Out” or Withdraw Consent

Since SiteSpect does not control the user interface of the webpages that its clients’ users are interacting with, it does not display any consent notices.  Instead, it is the client’s websites that have the obligation to obtain user consents.

Contacting SiteSpect for Privacy Inquiries or Dispute Resolution

Since SiteSpect is a service provider, it does not control or collect the personal data that you may have shared with our client.  Furthermore, if you ask one of our clients to provide you with a copy of all the personal information that they have about you, the client will be obligated to also pass that request on to SiteSpect.  Therefore, SiteSpect recommends that if you wish to inquire about what data SiteSpect has about you, the initial inquiry should be submitted to the point of contact published by the online web site operator’s privacy policy.

You still retain the right to contact SiteSpect directly. To request a copy of the data that we have about you or to confirm that SiteSpect systems are clear of any PII about you, please include the IP address used, since SiteSpect does not store your name or other identifying information. Evidence that you are in possession or control of the device that uses the IP address should be included in the inquiry.

In compliance with the Privacy Shield Principles, SiteSpect commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact SiteSpect at or through the postal address listed below.

SiteSpect has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at

The same points of contact may be used to make any inquiries about SiteSpect’s compliance with the EU GDPR and Privacy Shield or to initiate any privacy complaints.

Please contact us by email at or in writing at:

SiteSpect, Inc.
Attn: Data Privacy Officer
275 Grove St, Suite 3-400
Auburndale, MA 024668