Platform
ProductHow it works
Solutions
PartnersFinancial ServicesInsuranceInsurance
Resources
Case StudiesBlog & NewsVideos, Webinars & PodcastsTechnicalFAQ

Sensitive Data Storage, Redaction & Access Options

The Zeitworks technology platform is powered by behavioral data observed passively by the Zeitworks software sensor technologies. The sensor collects several different data types that measure a variety of user behavior exhibited in the course of daily work. The data includes textual log files containing information on user-initiated events (e.g., mouse, keyboard, and application events). The sensor also occasionally collects screenshots of the current application window when user-initiated mouse click events occur—this type of data guides Zeitworks team of HITL (human-in-the-loop) data annotators during the customer onboarding process.

Zeitworks abides by and maintains the highest security standards and practices, including SOC 2 security compliance (note: SOC 2 Type I will be completed by the end of Q2 2022). However, because the data the Zeitworks sensor collects can contain personally identifiable information (PII), or sensitive corporate information, the Zeitworks platform supports several configuration options that determine how sensitive data is processed, redacted and stored.  Zeitworks customers in different industries and of different sizes may prefer one particular option over others depending on rules, regulations, best practices, or preferences of IT and SecOps teams. 

Please see 3 main configuration options below:

Option #1 - Secure Storage in the Zeitworks Cloud

In this default configuration, all data is pushed to the Zeitworks data processing cloud over a secure connection. Upon arrival, the data is stored encrypted at rest. The first step of subsequent data processing steps is sensitive data redaction. Standard sensitive data types (names, addresses, SSN, credit card numbers, etc.) are identified and removed from the data (this information is NOT needed by downstream data processing and analysis steps). The Zeitworks redaction system can also be customized on a per-customer basis, taking into account any non-standard sensitive data types a particular customer may have in their business process workflows.

This option is ideal for Zeitworks customers who either lack sensitive data in their business process workflows, or, used initially for short-term POC trial engagements (longer term engagements can use one of the options below).

Option #2 - Utilizing Customer Storage for Screenshots

In this configuration, screenshots are not uploaded to Zeitworks' cloud. Instead, they are sent to a storage location owned and operated by the customer, but still accessible on-demand by Zeitworks HITL (human-in-the-loop) annotators and tools, on an image-by-image basis. HITL annotators typically need to access a small percentage of screenshot images during customer and process onboarding. Once a process has been thoroughly analyzed and labeled, this data can be deleted by the customer and subsequent continuous analysis can be done using the textual event data.

Option #3 - The Zeitworks Redaction Server Runs Inside Customer Perimeter

In this configuration, the Zeitworks redaction server technology can be moved and run in the customer's cloud or on-premises compute resources instead of in the Zeitworks cloud. This assures that (virtually) no sensitive data the Zeitworks sensor collects leaves the customer's perimeter or network. Instead, all data (text logs and screenshots) once collected by the sensor, is sent to the internal redaction server for desensitizing before it is sent on to the Zeitworks cloud for further processing.

In addition to these main options, other variations are possible. If you have any additional questions, please contact us at security@zeitworks.com