Trinetix FLOW (Functional Learning and Operational Workflows) — for the browser extension and embed runtime.
This Privacy Notice explains how the Trinetix FLOW browser extension and embed runtime (together, the “FLOW runtime”) process information when they operate on the web applications used within your organization. It applies to the software components that run in your browser and to the associated Trinetix services that support them.
The FLOW runtime displays in-application guidance, including guided tours, tooltips, pop-ups, a launcher, a resource center and, where enabled, an artificial-intelligence assistant, on top of the web applications you use. All such content is configured by our organization through the Trinetix FLOW platform. Your organization determines which guidance is published and whether artificial-intelligence features described below are enabled.
The FLOW runtime is designed to minimize the information it collects. In particular:
Anonymous identifiers. The FLOW runtime generates a random visitor identifier, stored in your browser’s localStorage and scoped to each website, and a session identifier, stored in sessionStorage on a per-tab basis and rotated following thirty minutes of inactivity. These identifiers are not linked to your identity and are not shared across devices. They are transmitted together with analytics data.
Product analytics. Analytics is enabled by default for your organization. For each event, the following information is transmitted: the event name, drawn from a fixed list (for example “tour started”); a timestamp; the page URL reduced to its domain and path, excluding any query string or fragment; and structural properties such as content identifiers and labels, durations, device type, delivery channel, and the manner in which a tour was initiated. The events cover the guidance surfaces (tours and their individual steps, tooltips, pop-ups, launchers and the resource center) and a small set of health and diagnostic signals, for example when a session starts or when a tooltip could not locate its target element; the latter may include the element selector involved. No page content is transmitted. The only free-text value transmitted through analytics is the text you enter into the Resource Center search box, which is limited to two hundred characters, is not further masked, and is transmitted only if you use the search function; this text also helps identify searches that returned no results. “Device type” is recorded as a category (desktop, tablet or mobile) derived from your window width; exact screen dimensions are not transmitted.
The artificial-intelligence assistant operates only where your organization has enabled it and has configured an artificial-intelligence key. It is activated in one of two ways:
In both cases, the assistant also transmits the page URL and the CSS selector of the relevant element, so that appropriate guidance can be identified.
Masking. Sensitive values are masked before any request reaches an artificial-intelligence model or is stored. On your device, email addresses, long numeric sequences (of seven digits or more), and recognizable secret, payment-card and social-security-number patterns are masked first. On the server, which is authoritative, phone numbers, an organization-defined denylist of keywords, and organization-defined patterns are additionally masked. Where such server-side masking cannot be applied, no call to an artificial-intelligence model is made and no data is stored (a “fail-closed” approach). The page URL and the element selector are deliberately not masked; please refer to Section 7.
In order to load content and verify eligibility, the FLOW runtime transmits a public site key or a signed session token. The signed session token encodes the relevant system and environment, is never transmitted as separate fields, and is used to derive your organization on the server. For eligibility checks, the runtime additionally transmits a stable internal identifier derived from your system and organization; this identifier is not personal. No personal data is transmitted.
The browser extension additionally transmits the website’s domain (the origin only, and not the full URL) in order to verify whether your organization has published guidance for that website, and requests the list of registered domains upon starting. To perform these functions, the extension operates on the websites you visit; on websites for which your organization has published guidance, it removes that website’s content-security-policy response headers (including any report-only policy) so that the guidance can load.
Tour progress (enabling the “resume where you left off” function) and “already shown” and frequency-cap flags are stored locally within your browser and are not transmitted. The anonymous identifiers described in Section 3 are likewise stored locally but, as noted, are transmitted together with analytics data.
For the purpose of generating assistance, the full page URL, including any query string and fragment, is transmitted and stored within the artificial-intelligence “content gap” record. Analytics data, by contrast, retains only the domain and path. As a query string may contain sensitive values, you should avoid including personal data in URLs on pages where the artificial-intelligence assistant is enabled.
FLOW keeps analytics events and artificial-intelligence records for as long as your organization’s FLOW tenant and the corresponding system remain active. These records are deleted when your organization’s tenant or that system is deleted, and Trinetix will delete or return them earlier at your organization’s request, ordinarily within one month. Session recordings captured to help author artificial-intelligence knowledge are deleted automatically after sixty days. Because the runtime identifies end-users only by random identifiers, deletion requests are handled at the level of your organization’s data rather than an individual end-user (see Section 10).
Controller and processor roles. Your organization is the data controller for the information processed through the FLOW runtime, because your organization decides what guidance is published and whether the artificial-intelligence features are enabled. Trinetix acts as the data processor, processing that information on your organization’s instructions and within your organization’s FLOW tenant. Trinetix acts as a controller only for the limited operational data it generates to run and bill the service, such as aggregate token-usage counts and masking counts; this operational data contains no page content and no free text.
Your rights. Where the General Data Protection Regulation applies, you have the right to request access to your personal data and its rectification or erasure, to request restriction of or to object to its processing, to data portability, to withdraw consent where processing relies on consent, and to lodge a complaint with a supervisory authority. You may exercise these rights as follows:
Sub-processors. Trinetix uses the following sub-processors to provide the service:
For any questions regarding this Privacy Notice or the processing described above, please contact:
Name: Trinetix Inc.
Postal address: 30 N Gould St STE 4722, Sheridan, WY 82801, USA
Email: requests.legal@trinetix.com
Data Protection Officer: Taras Lytovchenko, email:
requests.legal@trinetix.com