Skip to main content

Protect user data privacy

This document provides details on how our data filtering mechanisms work to protect user privacy in Katalon autonomous test generation.

Protecting user privacy is important to us at Katalon. While our Katalon AI Agent tracks user interactions to generate test cases and build a user journey map, we understand that some of this data may be sensitive and could pose privacy concerns. To address this, we have implemented data filtering mechanisms to remove sensitive information before processing the data.

Types of data filtered

The following is a list of filtered data types and examples:
Data typeRiskExample
Social security numbersThese are unique identifiers for individuals and can be used for identity theft or fraud if obtained by unauthorized individuals.123-45-6789
Email addressesThese can contain personal information and can be used for spam or phishing attacks if obtained by unauthorized individuals.john.doe@email.com
Pv4 and IPv6 addressesThese can be used to track a user's location or identify their device, which can be a privacy concern for some users.
  • IPv4 addresses: 192.168.0.1
  • IPv6 addresses: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Phone numbersThese can be used for spam or scam calls if obtained by unauthorized individuals.(123) 456-7890
Zip codesThese can be used to infer a user's location and potentially identify them, which can be a privacy concern for some users.90210

Credit card information:

  • Card number
  • Card expiration date
  • Card CVC
These can be used to make unauthorized transactions, commit identity theft, or engage in financial fraud.

4242424242424242

02/27

123

PasswordThese can be used to gain unauthorized access to accounts, steal sensitive information, and potentially engage in identity theft or fraudulent activities

How data is filtered

Katalon AI Agent applies several techniques and methods to remove sensitive data from the captured user interaction data.

Regular expressions

In the beta release of TrueTest, the agent uses regular expressions to filter data.

Regular expressions, or regex, are patterns that define a search rule for text. Katalon AI Agent uses regex to match and remove sensitive data that matches certain patterns, such as social security numbers, email addresses, IP addresses, phone numbers, and zip codes.
socialNumber = '^(?!0{3})(?!6{3})[0-8]\d{2}-(?!0{2})\d{2}-(?!0{4})\d{4}$' 
simpleEmail = '[^@ \t\r\n]+@[^@ \t\r\n]+\.[^@ \t\r\n]+' 
ipv4 = '(\b25[0-5]|\b2[0-4][0-9]|\b[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}' 
ipv6 = '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))' 
phoneNumber = '^[\+]?[(]?[0-9]{3}[)]?[-\s\.]?[0-9]{3}[-\s\.]?[0-9]{4,6}$' 
zipCode = '/^[0-9]{5}(?:-[0-9]{4})?$/'

Autocomplete

Katalon AI Agent will remove the credit card number, its expiration date and CVC by detecting the "cc-" prefix in those information.
CREDIT_CARD_NUMBER: 'cc-number'
CREDIT_CARD_EXP: 'cc-exp'
CREDIT_CARD_CVC: 'cc-csc'

Password type

Katalon AI Agent will remove passwords by detecting the "password" type in the "input" field within HTML form.
<form>
  <label for="passwordField">Password:</label>
  <input type="password" id="passwordField" name="password">
  <input type="submit" value="Submit">
</form>

Exclusion list

Katalon AI Agent allows users to define elements or properties that should be excluded from data capture. This can be done by specifying a CSS class named katalon-excluded to the UI elements.

Data privacy compliance

Katalon AI Agent is committed to complying with the General Data Protection Regulation (GDPR) and has taken the following actions to ensure data privacy:

  • Transparency: In the closed beta version, Katalon AI Agent transparently informs users about what specific sensitive data is excluded or anonymized via verbal communication as acknowledgment. If users feel their application under test (AUT) does not contain sensitive data, they can try the feature.

  • User control: Katalon AI Agent allows users to request a complete deletion of all tracked data and to stop using the feature if they do not trust the data privacy compliance.

  • Security monitoring: The internal Security team plays the Data Protection Officer (DPO) role to monitor the data and ensure compliance with GDPR requirements. The team conducts periodic penetration testing and security reviews to identify and address data privacy vulnerabilities.

By implementing these measures, Katalon AI Agent is committed to protecting user data and complying with GDPR requirements.