Executive Summary

ClickMint's A/B testing platform delivers experiment agility without compromising security, privacy, or site performance.

Security

Encryption and strict PII handling.

Performance

Near‑zero impact on page load time.

Compliance

Designed to support global enterprise compliance including GDPR.

1. Data Protection & Privacy

Encryption

TLS 1.2+ in transit
AES‑256 at rest

PII Handling

Raw PII never stored or transmitted.
Identifiers converted into one‑way tokens.

Zero Internal Tracking

Reporting uses client analytics sources (GA4) or first‑party events.

2. Secure AI Integrations

OpenAI Enterprise

Prompts not used to train models.
Full encryption and audit logging.

Amazon Bedrock

Encryption at rest and in transit.
AWS KMS manages keys.
No prompt storage or training.

3. Edge Security & Delivery

ClickMint leverages Amazon CloudFront.

Security controls include: - HTTPS everywhere - Origin Access Control - Signed URLs and cookies - Security headers - Logging and monitoring

4. Threat Model & Mitigations

Threat Mitigation

User re‑identification One‑way identifiers TLS downgrade TLS 1.2+ and HSTS Sensitive data leakage Field‑level encryption AI prompt exfiltration Enterprise policies Bot traffic skew AWS WAF bot control DDoS AWS Shield + CloudFront

5. Performance Evaluation

Testing Methods

Lighthouse
WebPageTest
JMeter global load testing

Results

First load < 1.2s globally
Cached load < 100ms

Performance Budgets

≤10KB JS added
≤30ms main‑thread blocking
≤+50ms LCP delta

Rollout Strategy

5% → 25% → 50% → 100%

Automatic rollback triggered by performance degradation or error spikes.

6. Governance & Operations

IAM least‑privilege roles
AWS KMS and Secrets Manager
Versioned deployments with staged rollouts
Monitoring via CloudWatch and GA4
Defined incident response procedures

Conclusion

ClickMint experiments remain secure, privacy‑preserving, and performance‑optimized while enabling rapid experimentation at scale.