Great customer experiences start with trust
Kameleoon solves the biggest challenges in security and optimization
Our unique and flexible consent management feature enables you to adapt your consent management policy to your geographic and business needs.
GDPR and CCPA compliant, Kameleoon does not collect or process any personally identifiable information (PII).
We are HIPAA compliant, and will sign Business Associate agreements (BAA) before our systems are used with any individual’s protected health info (PHI).
We value security as much as you do
Industry standard end-to-end encryption
- All data passing through Kameleoon’s servers is encrypted, from the moment it is collected on browsers until it is deleted at the end of retention, to conserve visitor privacy.
- Data in transit is encrypted in TLS 1.2 and above, with AES128 or better encryption, to safeguard against tampering, eavesdropping, and message forgery.
- Data at rest is encrypted in AES256.
Dedicated infrastructure & trained personnel
- Kameleoon’s entire platform runs on dedicated servers to which only Kameleoon personnel have access.
- With a dedicated network, Kameleoon personnel can compartmentalize and compute data as needed.
- Kameleoon’s personnel adheres to the principles of ISO27001 to ensure the integrity and security of customer data.
- All of Kameleoon’s internal processes and procedures are streamlined for optimal traceability.
Single sign-on (SSO) access control
- All customers receive their own logically separated tenant of our platform, complete with SSO compatibility to guarantee protection against unauthorized access to customer data.
- All Kameleoon personnel’s access to internal resources, consoles, and infrastructure is granted through SSO authentication enhanced with mandatory Multi-Factor Authentication.
Continuous security and compliance assessments
We use SecurityScorecard to assess our compliance with security best practices and provide valuable insight into potential vulnerabilities.
More privacy and security-enhancing features
Fully compliant with the latest PCI DSS
Fully insured, Kameleoon complies with version 3.2.1 of the Payment Card Industry Data Security Standards. Run campaigns confidently, knowing that Kameleoon does not store customer banking data.
IAB approved for publishers
Kameleoon’s Transparency and Consent Framework (TCF) version 2.0 approval by IAB helps media brands ensure compliance around privacy and consent.
Kameleoon does not contract with public clouds. We have private data centers in the US and EU to keep data compliant, confidential, and secure.
Custom deployment options
Kameleoon supports single-tenant cloud installations and on-premises deployment options.
Create unlimited separate environments for your different products, sites, or apps. Manage them all from one Kameleoon account.
SSO Login with every major provider
Log in to Kameleoon using Google, LinkedIn, Salesforce, etc. Our single sign-on (SSO) makes it easier for your teams to log in while protecting your data.
Enable advanced security options in you account, including maximum password attempts, password strength requirements, forced password regeneration, automatic timeout settings, and IP whitelisting.
Kameleoon offers five native user profiles with varying levels of rights and access privileges and allows for the creation of custom profiles for granular access control.
Data breach & disaster recovery
Should a breach in data security occur, Kameleoon has the appropriate incident management policies and procedures in place, in accordance with ISO27001 standards.
Frequently Asked Questions about security and privacy
What data does Kameleoon collect?
Kameleoon natively collects and stores browsing data from the visitors of our customers' websites. You can view the full list of collected data in the front-end, broken out by storage category, here.
Data is collected on the back-end for the purposes of reporting and analytics and to power our Back-end / Front-end Bridge. View the full list of collected data in the back-end here.
Our customers can further enhance their data with integrations to their third-party solutions, including CDPs, DMPs, or ESPs. Kameleoon encrypts or otherwise makes all data unreadable.
Does Kameleoon collect personally identifiable information (PII)?
Kameleoon does not natively collect and store personally identifiable information (PII) in our database. If Kameleoon customers choose to leverage PII (e.g., target based on email address in an experiment), PII will be stored on the user’s device in LocalStorage, and we work with our customer to handle that data in accordance with their instructions. Saving data on the user’s device allows Kameleoon to be GDPR and CCPA compliant while making experimentation possible for our customers.
Kameleoon collects IP addresses if and only if Geolocation is enabled on a website. This data is stored exclusively in LocalStorage; never on our data servers. All features based on IP can be disabled to allow Kameleoon customers to remain compliant with regulations restricting IP-based targeting.
Geolocation is collected on a city-level; therefore, individuals cannot be identified based on their geolocation.
Kameleoon uses a single first-party cookie, kameleoonVisitorCode. This cookie helps Kameleoon customers implement our Back-end / Front-end Bridge, used for safeguarding against data loss caused by browser privacy restrictions, like Apple’s Intelligent Tracking Prevention (ITP).
We do not use any third-party cookies.
Does Kameleoon have access to PCI data?
Kameleoon does not collect or store customer banking data, and we are PCI compliant. You can find our most recent Attestation of Compliance here.
Will any external third parties have access to my data through transmission, storage, or disposal?
Kameleoon does not sell, distribute, license, or otherwise export or make available any customer data made available to it as a result of normal and authorized use.
No third party will have access to your data, under any circumstances.
How does Kameleoon process consent?
Kameleoon stores visitor browser data to make reporting and analysis possible for Kameleoon users. Visitors have the ability to deactivate any experiences launched through Kameleoon. If a visitor chooses to not consent to their data being used for personalization, they have access to a link that allows them to opt out of all forms of processing of their data.
Kameleoon’s flexible consent management feature allows users to configure different operational modes, depending on consent status, in order to remain compliant with all legal frameworks. Learn more in our Documentation.