Skip to main content

Protect user data privacy

This document provides details on how our data filtering mechanisms work to protect user privacy in Katalon autonomous test generation.

Protecting user privacy is important to us at Katalon. While our Katalon AI Agent tracks user interactions to generate test cases and build a user journey map, we understand that some of this data may be sensitive and could pose privacy concerns. To address this, we have implemented data filtering mechanisms to remove sensitive information before processing the data.

Types of data filtered

The following is a list of filtered data types and examples:
Data typeRiskExample
Social security numbersThese are unique identifiers for individuals and can be used for identity theft or fraud if obtained by unauthorized individuals.123-45-6789
Email addressesThese can contain personal information and can be used for spam or phishing attacks if obtained by unauthorized individuals.john.doe@email.com
Pv4 and IPv6 addressesThese can be used to track a user's location or identify their device, which can be a privacy concern for some users.
  • IPv4 addresses: 192.168.0.1
  • IPv6 addresses: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Phone numbersThese can be used for spam or scam calls if obtained by unauthorized individuals.(123) 456-7890
Zip codesThese can be used to infer a user's location and potentially identify them, which can be a privacy concern for some users.90210

How data is filtered

Katalon AI Agent applies several techniques and methods to remove sensitive data from the captured user interaction data.

Regular expressions

In the beta release of TrueTest, the agent uses regular expressions to filter data.

Regular expressions, or regex, are patterns that define a search rule for text. Katalon AI Agent uses regex to match and remove sensitive data that matches certain patterns, such as social security numbers, email addresses, IP addresses, phone numbers, and zip codes.
socialNumber = '^(?!0{3})(?!6{3})[0-8]\d{2}-(?!0{2})\d{2}-(?!0{4})\d{4}$' 
simpleEmail = '[^@ \t\r\n]+@[^@ \t\r\n]+\.[^@ \t\r\n]+'
ipv4 = '(\b25[0-5]|\b2[0-4][0-9]|\b[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}'
ipv6 = '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))'
phoneNumber = '^[\+]?[(]?[0-9]{3}[)]?[-\s\.]?[0-9]{3}[-\s\.]?[0-9]{4,6}$'
zipCode = '/^[0-9]{5}(?:-[0-9]{4})?$/'

Data privacy compliance

Katalon AI Agent is committed to complying with the General Data Protection Regulation (GDPR) and has taken the following actions to ensure data privacy:
  • Transparency: In the closed beta version, Katalon AI Agent transparently informs users about what specific sensitive data is excluded or anonymized via verbal communication as acknowledgment. If users feel their application under test (AUT) does not contain sensitive data, they can try the feature.

  • User control: Katalon AI Agent allows users to request a complete deletion of all tracked data and to stop using the feature if they do not trust the data privacy compliance.

  • Security monitoring: The internal Security team plays the Data Protection Officer (DPO) role to monitor the data and ensure compliance with GDPR requirements. The team conducts periodic penetration testing and security reviews to identify and address data privacy vulnerabilities.

By implementing these measures, Katalon AI Agent is committed to protecting user data and complying with GDPR requirements.