Optimize e-commerce conversion rates

Disclaimer

This guide is intended for informational purposes only and does not constitute legal advice. While every effort has been made to ensure the accuracy of the information provided, it is recommended that you consult with a qualified legal professional to ensure compliance with all applicable laws and regulations.

In this e-commerce use case, an online store generates log data related to user interactions, transactions, and other supporting services, such as shipping and advertising.

This log data is crucial for optimizing and troubleshooting the user experience to maximize the conversion rates and sales of a web shop. When using Dynatrace to monitor the e-commerce deployment, observability data can be leveraged to meet multiple teams' needs.

Steps to consider to protect sensitive data and address your compliance requirements

If your logs contain personal information or other sensitive data, you may be subject to privacy or security requirements. Dynatrace does not require regulated personal information or sensitive data to provide value (and, per our Subscription Agreement, customers should not provide such data into the platform).

Start with reviewing the data that your logs collect. In this online store use case, this could include information such as a user’s IP address, email address, or ID. While this information may be necessary for certain use cases, you should decide whether you actually need this information for your specific purpose. Check whether your organization has guidelines on protecting sensitive data that you can use.

Key terms

Gain a deeper understanding of the different types of masking used in Log Management and Analytics compliance.

At-capture masking requires identifying and masking sensitive parts of your log records before data is transferred to Dynatrace. To achieve this, you can choose OneAgent to collect your logs. OneAgent has a built-in mechanism for sensitive data masking that can be granularly configured on the host, host group, or environment level.

For details, refer to Mask your logs at capture or Protect personal data by not capturing it (masking at capture).

When masking at storage is implemented, data is sent to the Dynatrace server for optimal analysis and is masked before it's stored.

For details, refer to Protect personal data by not storing it (masking at storage).

When data is masked at display, it's stored in its original form but is accessible only to the users of your choice.

For details, refer to Protect personal data by not displaying it (masking at display).

With this method, you can mask the data once it reaches Dynatrace, by setting log processing rules. After data is processed, it is sent to storage and is available for further analysis. The key advantage of this method is the fact that it allows data flow from all log ingest channels.

For details, refer to Mask your logs at ingest.

Scenario

As a business analyst, you need to optimize the conversion rates and user experience of an online store by analyzing user actions and seeing where they drop and what causes bottlenecks or any other issues.

The service has been configured to log all user actions, including the real user identifier, which in this case is the email address. With Dynatrace OneAgent monitoring the Kubernetes cluster, all log data is captured and automatically enriched with topology context, enabling seamless analysis within Dynatrace.

Example of raw data

Unsanitized source dataset containing sensitive information

Given that personal data is unnecessary for monitoring performance, conversions, or troubleshooting, you may want to consider masking this user data at capture. Data masked at capture does not leave your environment and is not ingested by Dynatrace.

Personal information contained in logs and methods of masking it

The table below lists some of the personal information that a log line might include and provides a link to the documentation that describes how to either mask the data, control access to this data, or help meet your compliance requirements in another way.

Data Type
Needed for the use case
Actions/mitigation
Learn more
IP Address
No
Capture only truncated IP address with masking at-capture.
User ID
Yes (for user count)
Protect clear User ID by only capturing hashed User ID with masking at-capture for logs.
User Email Address
No
Do not capture using Mask at-capture capabilities.
Transaction Amount ($)
Yes
Restrict access - allow for business analysts to analyze shopping UX.
Credit card
No
Do not capture using Mask at-capture capabilities.
Partial credit card
Yes
No action required; will appear in the log line.
User action (without user identifier)
Yes
Restrict access - allow for business analysts to analyze shopping UX.

Example of sanitized data

The screenshot below shows how the ingested logs can look after some of the actions described in the table above are applied.

Sanitized data in Dynatrace Notebooks