Data privacy and security features
Oracle has adopted security controls and practices for Oracle Cloud Services that are designed to protect the confidentiality, integrity, and availability of customer data that is hosted by Oracle in the Oracle Cloud Services.
Oracle Infinity has several mechanisms to help meet your organization's data privacy and security requirements, including the following:
- Secured user access: Your administrators can specify roles, groups, and data permissions and then invite users to sign in.
- Collection minimization: By default, Oracle Infinity collects a variety of data, some of which (for example, IP address) may be considered PII by some localities. Reference for a full list of data collected by default.
- Secure cookies: When you opt to persist first-party cookies, the cookies that are set by the Oracle Infinity Tag can only be read by a user through an HTTPS connection. This secured option is enabled by default for new versions of the tag. It can also be disabled if you need to host content on non-HTTPS sites. To update your existing Oracle Infinity Tag settings, contact your Oracle Infinity solutions consultant.
- IP address masking: You can use the optional
dcsipaparameter to mask IP addresses.
- Data retention: Oracle Infinity retains data in accordance with your Oracle Cloud Service contract. The period for which data is retained is specific to your Oracle Cloud Service. Data that falls outside your contracted retention period is irretrievably deleted. Data is also irretrievably deleted when your account is deleted.
- Data portability: You can export report data if you have purchased a package that includes Oracle Infinity Digital Analytics.
Review the Data Processing Agreement for Oracle Cloud Services and Oracle Cloud Hosting and Delivery Policies to learn about the default service level agreements and policies related to Oracle Infinity. Use the following link to learn more about Oracle Marketing Cloud and General Data Protection Regulation (GDPR).
Oracle Infinity enables customers to track user interactions on any device with a computer chip, or any application with a web connection. After collection, data is augmented with device and geographical lookup data before being sessionized and persisted for reporting needs, or passed on to a data export endpoint.
For data privacy and security, the Infinity data collection functionality integrates well with third-party consent management platforms. Additionally, the only default data point that Infinity collects that might be considered Personal Identifiable Information (PII) in some situations is user IP address. Even so, Infinity has integrated solutions to obfuscate the collected data. Infinity recommends not sending any PII, and recommends using hashed or otherwise obfuscated data when collecting anything of a sensitive nature.
Oracle Infinity Tags are minimized and obfuscated before being hosted on our CDN. This means that any customizations, as well as the tag source code, is difficult to reverse engineer and tamper with. This helps protect sites running the tags from customized attacks targeted at the tag code itself, and reduces the tag footprint on tagged sites.
The Oracle Infinity tag and mobile SDK (current versions) only support HTTPS data transmission. This means data is only sent from a client to the Infinity collection servers over SSL encrypted tunnels, which means listening in or intercepting this data is more difficult.
Since Oracle Infinity uses a “schemaless” collection model, clients can customize the keys and values used to transmit data to Infinity. Clients can use a key value that only holds meaning to them, such as “wt.ci_tg”, and encrypt or hash the value prior to transmitting it to Infinity. Then, they can leverage translation features to convert that hashed or encrypted value back to meaningful information in Infinity, or export the hashed values back to 3rd party consumers of that data after leveraging it in various features of Infinity.
Infinity collects data from online systems and streams it near real-time for analytics. You can use it to track site content and deliver data to Oracle Infinity Analytics for use with reports. You can use the collected data to drive marketing activities and integrate with other Oracle Marketing Cloud applications, or turn off data retention at rest entirely so that data is not persisted within the Infinity environment any longer than needed to process, augment, and deliver that data to configured export endpoints.
Oracle Infinity uses granular user access controls, encryption, anonymization, and more to help your organization protect data. Infinity follows all of the General Data Protection Regulation (GDPR) compliance requirements.
Additionally, the following features in Infinity ensure that data protection needs are met:
- Managing users: Your administrators can specify roles, groups, and data permissions and then invite users to sign in. Permissions down to the specific parameter level can be applied to collected data within Infinity to limit or prevent access to that data by unauthorized users. In this way, you can limit what datasets are available for Infinity users to use in creating reports or setting up queries and exports on a per login basis.
- : When you opt to persist first-party cookies, the cookies that are set by the Oracle Infinity Tag can only be read by a user through an HTTPS connection. This secured option is enabled by default for new versions of the tag. For assistance updating your Oracle Infinity Tag, contact your Oracle Infinity solutions consultant.
- IP address masking parameter: You can use the optional dcsipa parameter to mask IP addresses.
- Access to your collected data within Oracle is limited to only select individuals within the Infinity organization (required to run the hosted environment and assist you with technical support and troubleshooting), and those individuals that you add to your Infinity account. This data is also restricted to Oracle Infinity production environments, and is not used outside your account without your permission.