Protect user data privacy
This document provides details on how our data filtering mechanisms work to protect user privacy in Katalon autonomous test generation.
Protecting user privacy is important to us at Katalon. While our Katalon AI Agent tracks user interactions to generate test cases and build a user journey map, we understand that some of this data may be sensitive and could pose privacy concerns. To address this, we have implemented data filtering mechanisms to remove sensitive information before processing the data.
Types of data filtered
| Data type | Risk | Example |
|---|---|---|
| Social security numbers | These are unique identifiers for individuals and can be used for identity theft or fraud if obtained by unauthorized individuals. | 123-45-6789 |
| Email addresses | These can contain personal information and can be used for spam or phishing attacks if obtained by unauthorized individuals. | john.doe@email.com |
| Pv4 and IPv6 addresses | These can be used to track a user's location or identify their device, which can be a privacy concern for some users. |
|
| Phone numbers | These can be used for spam or scam calls if obtained by unauthorized individuals. | (123) 456-7890 |
| Zip codes | These can be used to infer a user's location and potentially identify them, which can be a privacy concern for some users. | 90210 |
How data is filtered
Katalon AI Agent applies several techniques and methods to remove sensitive data from the captured user interaction data.
Regular expressions
In the beta release of TrueTest, the agent uses regular expressions to filter data.
socialNumber = '^(?!0{3})(?!6{3})[0-8]\d{2}-(?!0{2})\d{2}-(?!0{4})\d{4}$'
simpleEmail = '[^@ \t\r\n]+@[^@ \t\r\n]+\.[^@ \t\r\n]+'
ipv4 = '(\b25[0-5]|\b2[0-4][0-9]|\b[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}'
ipv6 = '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))'
phoneNumber = '^[\+]?[(]?[0-9]{3}[)]?[-\s\.]?[0-9]{3}[-\s\.]?[0-9]{4,6}$'
zipCode = '/^[0-9]{5}(?:-[0-9]{4})?$/'
Data privacy compliance
Transparency: In the closed beta version, Katalon AI Agent transparently informs users about what specific sensitive data is excluded or anonymized via verbal communication as acknowledgment. If users feel their application under test (AUT) does not contain sensitive data, they can try the feature.
User control: Katalon AI Agent allows users to request a complete deletion of all tracked data and to stop using the feature if they do not trust the data privacy compliance.
Security monitoring: The internal Security team plays the Data Protection Officer (DPO) role to monitor the data and ensure compliance with GDPR requirements. The team conducts periodic penetration testing and security reviews to identify and address data privacy vulnerabilities.
By implementing these measures, Katalon AI Agent is committed to protecting user data and complying with GDPR requirements.