GDPR Do Not Track Option

Contents

• How does a site visitor set 'Do Not Track'?

• How does Sailthru's 'Do Not Track' designation work?

• 'Do Not Track' and Suppression Lists

The GDPR (General Data Protection Regulation) provides individual users, or data subjects, certain rights, including the right to object to processing. Sailthru offers our customers Do Not Track capabilities that allow users to opt out from online tracking across devices whenever a user identifies him/herself.

 

How does a site visitor set 'Do Not Track'?

Sailthru offers a JavaScript function gdprDoNotTrack that allows customers to turn off tracking of user data on both the browser and server. The JavaScript function does not require the user be identified to Sailthru, but for persistence of Do Not Track across devices the user should be known and have a sailthru_hid cookie set so the Do Not Track designation will be retained indefinitely on their Sailthru profile.

How does Sailthru's 'Do Not Track' designation work?

The 'gdprDoNotTrack' JS function requires that Sailthru.init() be called on the page and takes no parameters. The function will look for the sailthru_hid cookie automatically in order to identify the user and store their Do Not Track designation on to their profile.

Additionally, all cookies used for tracking purposes are purged and will not be created for Do Not Track users:

• sailthru_visitor - pageviews
• sailthru_content - content viewed
• sailthru_pc - personalized content clicked on
• sailthru_bid - source email, used for purchase attribution
• sailthru_sid - Sailthru identifier
• sailthru_cid - content viewed
• sailthru_rid - Concierge and Scout clicked personalized content
• sailthru_recommendation_hidden - Concierge close designation

These cookies are converted to session cookies for Do Not Track users:

• sailthru_pageviews - converted to sailthru_pageviews_session cookie

• sailthru_overlays - converted to session cookie sailthru_overlays_session cookie

Only Overlays with frequency capping once per visit and every-pageview will work when the trigger event is Pageviews for do-not-track users.

In addition to that, we will drop sailthru_pageviews_session and sailthru_overlays_session cookies in case of do-not-track cases. These are session cookies with no expiration and will be deleted when session ends.

The sailthru_pageviews and sailthru_overlays cookies have an expiration of 30 mins. When the gdprDoNotTrack or cookiesDoNotTrack function is called, these cookies will be converted into session cookies with values reset and all other cookies are deleted as usual.

Sailthru does retain and record data after a user has chosen to opt out of tracking, however that data contains no identifiable information about the user. Data exchanged after the Do Not Track designation has been set includes general engagement metrics (like the number of page views) and anonymous personalization calls.

'Do Not Track' and Suppression Lists

Users opted out of online tracking have no engagement activity (opens, clicks, or pageviews) attributed to them. If you are using an engagement-based suppression list, they will eventually cease to receive your messaging as their activity is not being tracked.

For example, with a suppression list of users who haven't opened or clicked in the last 180 days, any user opted out of online tracking will be suppressed after this timeframe, regardless if they've continued to engage with your email.