If you’re using cookies on your website, you'll be responsible for requesting user consent in compliance with the CCPA and GDPR before setting any cookies other than those deemed strictly necessary for site operation.
The preferred method for personalization is to default to not require consent from visitors so that visitors can receive personalized experiences on their first page view, without seeing the page content visibly change or refresh, and to maximize the number of visitors seeing personalized experiences.
(Default) Grant consent
The default implementation of the Userled script will automatically grant consent to tracking. The Grant Consent method of implementation keeps this default in place, but allows the customer to revoke consent of tracking if they wish.
To enable visitors to opt out of tracking, you can configure your cookie/consent tool to invoke commands exposed by the Userled SDK.
To opt-out a visitor, you'll want to call the below method whenever a user chooses to opt out via a cookie consent tool.
window.Userled("revokeConsent")
This will ensure that no cookies are set and no behavioural tracking occurs.
Require Consent
If you want visitors to explicitly consent to tracking you must add requireConsent: true in the userledSettings in your Userled SDK snippet. This ensures consent is granted by visitors before Userled starts tracking activity.
window.userledSettings={app_id:"YOUR_APP_ID",requireConsent: true}
If you choose this option, no tracking will be enabled for your site visitors unless they explicitly opt-in to tracking.
From this point forward, you can trigger consent grant/revoke through our SDK functions:
a. window.Userled("grantConsent") will enable tracking.
b. window.Userled("revokeConsent") will disable all tracking.
Does outbound personalisation require consent?
No. Outbound landing pages generated through Userled for accounts and contacts are statically created in advance. There is no real-time processing or dynamic personalisation based on live visitor data. This means:
While the page contains personal data (e.g., a first name), it’s not dynamically inserted or processed at the time of access.
When you configure the Userled SDK to require consent prior to tracking, there are no cookies or behavioural tracking until after the visitor has granted consent.
So, from a GDPR standpoint:
The presence of a first name on a static page does not, on its own, constitute further processing or profiling that would require consent.
Any tracking that would require consent is covered when opt-in is enabled.
When are personalised experiences shown?
When consent is granted, visitors will see personalised experiences when:
Outbound: Always, as outbound pages are served as static pages.
Inbound: When the visitor matches the audience conditions for the inbound experience.
When consent is required or revoked (i.e. not granted), visitors will see personalised experience when:
Outbound: Always, as outbound pages are served as static pages.
Inbound: Never, as matching visitors to inbound conditions requires visitor identification.