Privacy and Security at Code Cube
Code Cube is a software company specializing in data monitoring solutions. Our commitment to privacy and security is fundamental to our operations, reflected in both our product design and organizational policies. We maintain stringent privacy controls and security measures across our entire infrastructure and product suite.
Our privacy-first approach is supported by comprehensive organizational policies and technical implementations that ensure data protection at every level. We operate in compliance with international privacy regulations and industry best practices, with a particular focus on GDPR compliance and data minimization principles.
Privacy and Security Framework
Code Cube implements a comprehensive privacy and security framework supported by formal policies and technical measures:
- Access and Identity Management
- Restricted access to Code Cube cloud environment for employees only
- Role-based access control (RBAC) for all systems
- Regular access reviews and audit logging
- Managed through Identity and Access Management Policy and Personnel Security Policy
- Data Protection and Security
- Only technical metadata collection and storage
- Regular data field reviews and automated cleaning processes
- Automated deletion of data older than 12 months or when required a shorter period.
- Secure communication between Cloud Run and Cloud Functions
- Implementation guided by Encryption, Backup, and Change Management Policies
- Compliance and Monitoring
- GDPR compliance with data processing agreements
- Regular privacy impact assessments
- Security audits and penetration testing
- Clear documentation of data flows
- Incident response procedures following Breach Response Policy
- Regular monitoring for unusual access patterns
Tag Monitor - Privacy Regulations
The Code Cube Tag Monitor is a sophisticated monitoring solution that tracks and analyzes Google Tag Manager implementations across your digital properties. All data retrieved through the Tag Monitor is securely stored and processed in Code Cube's Google Cloud Platform infrastructure, utilizing a combination of Cloud Run, Cloud Functions, and BigQuery services. In alignment with our commitment to data privacy and GDPR compliance, Code Cube implements a privacy-by-design approach and does not store any user or personal information. Our system is specifically designed to collect only essential technical metadata required for monitoring tag behavior and performance, ensuring both compliance and operational efficiency.
Data Collection and Storage
The Tag Monitor processes and stores the following data points for both the client- and server-side environment. All data is stored in BigQuery with appropriate access controls and retention policies.
Parameter name in BigQuery | Nested field | Description |
timestamp | Timestamp on when the request was send in date and time format | |
initial_url | URL of our API that receives the data | |
url | URL of the page where the request was send from | |
event_name | Event name / trigger that fired the tag in GTM | |
event_timestamp | Timestamp on when the request was send in UNIX format | |
container_version | Google Tag Manager container version | |
container_id | Google Tag Manager container ID | |
tag | Details on the specific tag that is monitored. | |
id | Tag Id | |
name | Tag name of the tag that was fired | |
status | Tag status | |
execution_time | Execution time of the tag | |
parameters_key | Custom parameter key | |
parameters_value | Custom parameter value | |
consent_params | Parameters related to Consent Mode | |
DataLayer Guard - Privacy Regulations
The Code Cube DataLayer Guard employs a dual-approach system for monitoring dataLayer events while maintaining strict privacy standards. The primary method utilizes a custom scraping mechanism that simulates browser interactions to capture dataLayer events, ensuring no real user data is collected during the monitoring process. For scenarios where direct scraping is not feasible, such as purchase completion events, DataLayer Guard implements a secure fallback method through Google Tag Manager that includes robust data protection measures.
To maintain privacy compliance while handling potentially sensitive information, DataLayer Guard implements an automated depersonalization system that processes all incoming dataLayer objects. This system actively scans for sensitive data fields (including but not limited to names, addresses, postal codes, emails, and phone numbers) and automatically replaces their values with a <PROTECTED VALUE> placeholder before storage. This proactive approach ensures that even when collecting data through the GTM fallback method, no personally identifiable information (PII) is retained in our systems. The depersonalization process is implemented at the endpoint function level, providing a consistent and reliable privacy barrier regardless of the data collection method used.