Data storage and retention
This document describes where and how the Frosmo Platform stores its operational data: data collected from websites, data generated based on the collected data, configuration data managed in the Frosmo Control Panel, and any other data required to operate the platform.
If you're looking for:
-
Information about what data the platform collects from customer websites, see Data collected from websites.
-
Information about how the platform collects the data from websites, see Data tracking solutions.
Data stored in the Frosmo back end
The Frosmo Platform stores its operational data in different databases in the Frosmo back end. In addition to main databases that are used across the platform, the platform also uses dedicated Redis databases (one per customer) for storing data related to custom features.
The Frosmo back end contains the following main databases:
-
Master
The Master database stores all the operational data that is displayed or managed in the Frosmo Control Panel. The data can be broadly grouped into company settings, site-specific data, and user account settings.
The data in the Master database is stored for the duration of the customer's subscription agreement. The data is removed manually.
-
Elasticsearch
The Elasticsearch database stores error data from across the Frosmo Platform, from both the front end and the back end. The error data is used for monitoring and debugging purposes. The database uses the server access logs as its source, so it can contain the same data as the access logs. In addition, for sites that use the data layer, the database can contain personal data retrieved from the data layer.
The data in the Elasticsearch database is stored for 31 days, after which it is automatically removed.
-
Reporting
The Reporting database stores aggregate data required to generate analytics reports, such as conversion reports, modification reports, and segment reports, and to display advanced tracking statistics. The data is parsed from other sources, so the database does not contain any data that is not stored elsewhere in the Frosmo Platform. If not combined with other data, the data in the Reporting database cannot be used to identify a data subject.
The data in the Reporting database is stored for the duration of the customer's subscription agreement. The data is removed manually.
-
Requests
The Requests database stores information about Message API calls that return modification content for display. The purpose of the database is to keep a record of what content has been returned to which visitor on which site. However, the database does not track whether the content is actually displayed. The Message API also uses this data to decide what content to return to a particular visitor, or whether to return any content.
The data retention period depends on the modification. If the modification hasn't been updated or displayed for 90 days, its request data is automatically removed.
The platform also saves operational data, such as usage data from websites, in logs and other data stores in the Frosmo back end. The platform processes some of the data into the different databases.
Server logs
Server logs are files for recording events on a web server, namely information about incoming page requests. Website visitors do not have access to the logs; the logs are normally only accessible to the webmaster. The data in the logs is only used for the technical monitoring of the platform, not for profiling, targeting visitors, or any commercial purposes.
The logs can be divided into the following types:
-
Access logs
The access logs contain:
-
Browser data
-
IP addresses
-
Requests to the server
-
Metadata, such as server request dates and times
-
Page referrer information
-
Resources requested from the server, including HTML and image files
-
-
Error logs
The error logs contain the same information as access logs but with some additional data about the server status and errors.
If a third-party cookie is used on a site, its content is also logged.
In addition, the server may store logs from applications handling requests for the web server. These logs may contain data stored in the Frosmo back end, but they do not contain any data that is not stored elsewhere in the Frosmo Platform.
The log data is used to create usage statistics. Before refining the data for statistics, any personal data, such as IP addresses, is removed.
By default, the logs are stored for six months, after which they are automatically removed.
Data stored in the visitor's browser
In addition to sending data to the Frosmo back end, the Frosmo JavaScript library stores data in the browser's local storage and cookies.
None of the library's core features require the use of cookies, so storing data in cookies can be disabled, if necessary. Local storage, in turn, is a safe way to manage data since web servers do not have access to it.
Local storage
Using local storage means that the data is stored in the visitor's browser.
Local storage is used for most of the data that is not sent to the Frosmo back end and also for some data that is sent to the back end. Depending on the website, the Frosmo JavaScript library can use either the site's default, origin-specific local storage or, if data needs to be shared between multiple origins, a cross-origin local storage implemented using an iframe, also known as a shared context, associated with the Frosmo domain. A common example of the latter is a site that uses both HTTP and HTTPS to deliver a service. This requires data to be shared between two origins. Using a shared context allows the origins to be treated as one and the same, which in turn allows the data to be stored only once and the visitor to be treated as a single user within the service.
The following table lists the data stored in local storage by the Frosmo Platform.
| Data item | Local storage key | Description | Retention period |
|---|---|---|---|
Context |
| Contains the visitor data that the Frosmo Platform collects and stores in the browser, and that allows the platform to personalize the visitor's user experience on the site. note By default, context data does not contain any personal data that can be used as such to identify the visitor. For more information about the context, see Context and shared context. | Indefinitely unless manually removed |
Local Frosmo ID |
| Uniquely identifies the visitor inside a single site. The ID allows the platform to track the visitor's interactions on the site and retrieve data specific to them from the Frosmo back end. For more information about the ID, see Default visitor indicators. | Indefinitely unless manually removed |
Quick context |
| Data needed for modifications whose content is preloaded. The data includes, for example:
note By default, context data does not contain any personal data that can be used as such to identify the visitor. This data is set only when the site:
For sites that use shared context, the platform stores the quick context data in the | Indefinitely unless manually removed |
Cookies
A cookie is a small piece of data sent from a website and stored in the visitor's browser while the visitor is browsing. Cookies are used, for example, to store temporary information or to track the visitor's browsing behavior.
The following table lists the data stored in cookies by the Frosmo Platform. In addition, Frosmo can create custom cookies for specific situations and needs, such as campaigns, but these are not a part of the basic cookie package described in the table.
| Data item | Cookie name | Description | Retention period |
|---|---|---|---|
First-party cookies | |||
Frosmo off |
| Used when the Frosmo Platform is disabled for the site on the visitor's browser. info This cookie is only used for development and is not needed for the Frosmo Platform to operate. | Session |
Frosmo Preview |
| Used by Frosmo Preview to check whether the visitor has the application open. If the visitor had the application open on the previous page or before a page reload, the application opens automatically after the current page loads. This cookie is set only when the visitor, who is also a logged-in user of the Frosmo Control Panel, has Frosmo Preview open on the site. info This cookie is not needed for the Frosmo Platform to operate. | Session |
Local Frosmo ID |
| Uniquely identifies the visitor inside a single site. The ID allows the platform to track the visitor's interactions on the site and retrieve data specific to them from the Frosmo back end. For more information about the ID, see Default visitor indicators. note This cookie is only used on Apple devices for sites that use shared context. | 1 year |
Quick context |
| Data needed for modifications whose content is preloaded. The data includes, for example:
note By default, context data does not contain any personal data that can be used as such to identify the visitor. This cookie is set only when the site:
For sites that use local context, the platform stores the quick context data in the | 365 days |
Third-party cookies | |||
Global Frosmo ID |
| Uniquely identifies the visitor across all sites of a company. note The platform no longer uses this ID and has not set the cookie since 2023-05-03. All existing cookies will expire by 2024-05-06 at the latest. | 1 year |
Additional data stored through APIs
The Frosmo Platform can collect and store data through the following APIs:
-
Custom APIs
A custom API is a customer-specific API created for a specialized purpose that cannot be realized using standard Frosmo Platform features. A custom API can in principle collect and store any data from a site.
-
Context API
The Context API stores and retrieves visitor context data to and from Frosmo servers. The API uses a Redis database on the regional platform server that services a site.
infoThe Context API is mainly used for storing context data on Apple devices. By default, the Frosmo JavaScript library stores a visitor's context in the browser's local storage. However, if you need to support shared context in the Safari browser on Apple devices, the library must access the context from a Frosmo server instead, which is where the API comes in. (Safari does not accept cookies or local storage data from websites the visitor has not visited, which is what the shared context basically is.)