Overview
Skilltype’s desire to provide value to its users and customers brings the need to understand how users interact with the platform. Capturing and analyzing this interaction entails using both off-the-shelf and custom-built tracking technologies. Skilltype understands the need for transparency and communication with this effort and seeks to strike a balance that allows for tracking that serves the overall effectiveness of the platform through continuous user experience improvements without infringing on or violating user privacy. This blog aims to surface our approach and considerations for what we believe to be a responsible path for user behavior analytics on the Skilltype platform.
Scope of User Behavior Analytics
Understanding Access Patterns and Technologies
The Skilltype application, accessed via https://app.skilltype.com through a web browser or mobile device, serves as the primary mechanism for user interaction. To make these interactions effective requires that we understand our users’ experience by capturing information that includes the following:
- Browser type and version
- Screen resolution and capabilities
- Date and time of visit
- An approximate geographic location that helps serve assets (images, content, etc.) from the closest data center possible for quick-loading
- Supported language(s)
Skilltype also makes use of the following techniques:
- Translating natural language input into an intent to trigger platform actions.
- Using explicit tags and stated interests by users to recommend content.
- Capturing anonymized event data such as likes and bookmarks to enable content discovery.
We use tools for this purpose that include:
- Plausible, a privacy-friendly Google Analytics alternative
- Amplitude, a GDPR-compliant data analytics platform
- Custom-built solution
Our considerations include:
- Using services that allow for the omission of collecting personally identifiable data such as name, email address, or billing information.
- Instrumentation of application code and application log data must exclude PII.
- When necessary, Skilltype purges data manually or programmatically or requests third-party systems to purge the data.
- We identify a user only once they’ve signed up and logged in. This then enables us to provide a personalized user experience and support.
Understanding Feature Usage for Development
Skilltype captures interactions with application features such as item bookmarking, clickthroughs, page views, downloads, and more. This data helps us understand which features deliver the most value for our customers and helps us focus our engineering efforts. We also rely on integrating state-of-the-art Machine Learning technologies deployed within our own infrastructure to help us recommend the best resources to a user while on the platform.
User Behavior Analytics Capture Architecture
The secure transmission, processing, and storage of user behavior data is a core principle in designing and implementing Skilltype’s technology. We built our cloud infrastructure on AWS, allowing us to take advantage of all the resources this provider puts into its security, data privacy, and compliance programs. Skilltype relies on the best practices that AWS makes available when deploying resources in the cloud.
We built our architecture from the ground up to address data privacy concerns, engineering anonymization into the process and securely accessing and storing the processed data. The following high-level diagram provides an overview of the steps we’re taking to protect our customer data.
- All communication between a user’s device and Skilltype communication is encrypted.
- Skilltype selectively captures behavior data and securely relays it to API backends within the Skilltype cloud infrastructure.
- The API backends send data to automation pipelines that anonymize and distribute that data to the systems that need it behind the scenes.
- Business Intelligence tooling is linked to an anonymized data warehouse.
- Business Intelligence and reporting systems are hosted directly on Skilltype’s cloud platform and are securely accessible only to Skilltype staff.
The major benefits to privacy and security with this approach are as follows:
- The behavior data captured never leaves the platform.
- Skilltype ensures secure transmission of data from end to end.
- Self-hosting specific tools and using managed services through our cloud provider allows Skilltype to develop innovative solutions while limiting how much data is shared with third parties.
Our Guiding Principles on User Privacy
Skilltype engineering treats security as a core principle. To that end, these are the data privacy considerations that guide the design and implementation of not only our user behavior tracking but also the rest of our platform:
- Interaction event data must be anonymized before storage and must use encryption at rest and during transport.
- User behavior analysis is performed using anonymized data that cannot be traced back to a named user.
- A user can request to be forgotten. Skilltype complies with the request by permanently deleting all Personally Identifiable Information (PII) generated by the user. Skilltype retains the anonymized interaction data.
- There must be no means of cross-referencing a forgotten user’s data back to an anonymized set of records.
- PII is never sold to or knowingly shared with third parties.
- If or when a breach of the above guidelines is detected, Skilltype openly and transparently communicates the scope of the breach to affected customers and prioritizes engineering efforts to address it.
Conclusion
At Skilltype, we understand the trust that our customers place in us to safeguard their private information while they derive value from the platform. We repay this trust by engineering our software with security and privacy as core design principles. We also understand that our approach needs to keep pace with our customers’ evolving privacy needs in an era where every service provider seeks to monetize their behavior data. To that end, Skilltype does not share PII data with third parties or use technologies that make it challenging to obfuscate or anonymize our user data.
We commit to being transparent about the data we collect and how we use it. We want to hear from you if and when you have any questions or concerns about data privacy and security.