# Data Handling
## Browser cookie
The Crownpeak Product Discovery activities SDK uses **persistent cookies** (or browser local storage) to store a user's **session ID** or a **boolean** representing user's opt-out choice. The session ID is either provided or generated by the SDK. When generated, it will be represented by a UUID.
The cookie persists until the user clears their browser cache.
## Server side data processing
### Collected data
| Data points | Purpose | Data processor |
| ---------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | -------------- |
| **Session ID** and the **anonymized logged in user ID** (email, username, user ID) | Cookie matching feature and calculation of user journeys | Crownpeak |
| User traits (you decide what exact information is being sent) | Enables the use of personalization algorithms | Crownpeak |
| Users IP addresses | Operational monitoring (capability to implement active protection and to do post-mortem security reports in case of attacks or breaches) | Crownpeak |
### Personal data removal policies
#### **Activity events data**
User information is anonymized and impossible to retro-match to an individual user. All users activity data will be stored on the Crownpeak platform as long as the client contract dictates the access to services.
**Operational data**
The policy for operational logging is as follows:
* **Online log analysis sub-system (ELK)**: Rolling window of 2 months
* **Backup of logs**: Retained for 2 years with regular monthly purging
### Security measures
* **Segregation:** Strict access controls to ensure proper separation of sensitive data
* **Changing Security Settings:** Only privileged administrators with dedicated and trained teams can modify security settings
* **Encryption:** Applied to logging storage to protect data integrity
* **Secure Communication:** All communication over the internet uses secure transport protocols (HTTPS/SSH)
### Place of processing
User data (IDs, traits, IPs) is stored and processed in the EU. Activity events are stored and processed in the EU and the same region as FHR or XO.
| FAS/XO region | User data (IDs, traits, IPs) | Activity data |
| ------------- | ---------------------------- | ------------- |
| EU | EU | EU |
| US | EU | US + EU |
| AP | EU | AP + EU |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://crownpeak.gitbook.io/product-discovery/tracking-and-sending-events/data-handling.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.