General Questions

What is PrivacyID?

Privacy is a growing concern for all users across the web. Global and regional consent regulations are evolving to address the needs of users. Web browsers are continually changing to add new restrictions on third-party scripts and cookies which increases stress on business and IT. This changing landscape is leading to a reduced ability to identify returning visitors, affecting a variety of services related to analytics, marketing, personalization and other areas that businesses rely on to operate online. This impacts business strategy, revenue and overall user experience.

PrivacyID is a service which aims to address many of these concerns by helping to reliably identify returning users to your website while maintaining privacy and control. It handles all the heavy lifting for you so that you can focus on what matters most in your business.

How does PrivacyID work?

In simple terms, PrivacyID integrates into your web server and assigns a unique, anonymous identifier to each visitor on your site. It handles all the necessary logic needed to persist user identifiers in a secure long-life cookie that conforms to all the latest browser privacy restrictions and gives you control over which scripts can access these identities using an intuitive web interface and a simple JavaScript API.

The management of the PrivacyID service revolves around three core concepts: Sites, Scripts and Consent Categories. These are explained below.

What are Scripts?

Scripts represent each JavaScript service running on your website which you need to provide user identities with. Scripts can be assigned one or more consent categories which will control its access to user identities.

What are Consent Categories?

Categories are used to represent different types of consent that users can allow. These can be any name of your choosing and can represent consent concepts such as “Strictly Necessary”, “Functional”, “Personalization” etc. You can assign one or more categories to a script and that script will only receive user identities if the user has consented to all categories.

Do I need Consent Categories?

The consent category feature is optional and is available for websites which need to comply with privacy regulations such as GDPR and CCPA. These websites often show a banner to first-time users asking for their consent to use various cookies on site.

Users are typically given an option to accept all cookies or to approve only certain categories of cookies. The consentCategories API allows websites to pass the user's consent preferences to PrivacyID to be used in determining which scripts should have access to the user's identity.

Tracking & Data Questions

Does PrivacyID track users across websites?

No, PrivacyID does not enable users to be tracked across different websites.

Does PrivacyID track any PII (Personally identifiable information)?

No, PrivacyID does not track or store any sensitive user information that can be used to personally identify users. The userId API allows linking a persistent ID with the user to help PrivacyID identify them, but this data point is transformed using a secure one-way cryptographic hash before it is tracked so it is never exposed outside of your network and PrivacyID has no way to determine the original value.

What data does PrivacyID track?

The purpose of PrivacyID is to assign random user identities to each visitor on your site and persist these identities securely with respect to evolving privacy standards and browser limitations. As such, PrivacyID has no need to track or store any PII (Personally Identifiable Information) outside of your website.

How does PrivacyID generate its user identities?

PrivacyID generates a random string as a user identity for each visitor which it stores in a secure server-side cookie that conforms to browser and privacy standards. It does not use any PII such as the browser user agent or IP Address and does not “fingerprint” users.

Integration Questions

Can the PrivacyID be implemented through a Container Tag?

No, PrivacyID implementation involves server-side tasks.

How does PrivacyID help improve other services I use such as Google Analytics?

Many of the third-party services you use for your business whether they be analytics, marketing and personalization or something else will each rely on being able to identify returning visitors in order to perform optimally. They all more or less achieve this in the same way, by generating random user IDs for visitors and storing this information in a JavaScript-accessible cookie in their browser.

The growing problem with this approach is that with the advent of increasing privacy concerns from users, browsers have begun to impose more and more limitations on cookies in the browser which is reducing their lifespan and affecting all the services business rely on to function.

Many of these services, including Google Analytics, provides mechanisms for website operators to associate their own user identities with the identity that the service has created. This allows the service to recognise the user even when their own cookies have been limited by the browser.

PrivacyID is able to help in this area. By integrating PrivacyID on your web server it is able to persist its user identity for a much longer period of time than regular cookies while doing all the heavy lifting of ensuring remains compliant with evolving browser privacy standards. Identities created by PrivacyID can then be shared with other services to enhance their visitor recognition process and ensure they function optimally to meet the goals of your business.

Without PrivacyID, each service would likely require that you implement additional integration steps on your web server in order to achieve a similar effect, which would increase stress on your business and IT.

Will PrivacyID slow down my website?

PrivacyID has been designed from the ground up with performance in mind and will not slow down the loading of your website.

A small amount of JavaScript is loaded into the browser through your proxy subdomain which enables PrivacyID to run in the browser. This JavaScript is served from a global network of over 215+ edge locations to ensure it is instantly accessible wherever your users reside.

The Endpoint API request made from the browser to your servers to identify users is only performed when necessary after users have confirmed their consent categories. In addition, the results of the request are cached across multiple page views to avoid the need to request it on each page view.

Other Questions

How should the cookie generated by PrivacyID be classified?

PrivacyID generates a random string for each visitor and stores it in a persistent secure first-party cookie. It does not track any personally identifiable information and it uses this primary anonymous identity to create unique derived identities which are provided to each script that uses PrivacyID.

From the perspective of GDPR, CCPA and other privacy regulations, the PrivacyID cookie could be classified as “Strictly Necessary” or “Required” as it provides an essential role in the operation of your business and in itself may not need consent from users. However, this classification may depend on your specific website and how you use PrivacyID.

Can I use PrivacyID without Consent Management integration?

Yes. The consent category feature of PrivacyID is primarily available to address the needs of European websites that are subject to GDPR or other privacy regulations such as CCPA. If your website is not subject to cookie consent requirements then PrivacyID can be used without this feature.