If you’re using cookies on your website, you'll be responsible for requesting user consent in compliance with the CCPA and GDPR before setting any cookies other than those deemed strictly necessary for site operation.
The preferred method for personalization is to default to not require consent from visitors so that visitors can receive personalized experiences on their first page view, without seeing the page content visibly change or refresh, and to maximize the number of visitors seeing personalized experiences.
The default implementation of the Userled script will automatically grant consent to tracking. The Grant Consent method of implementation keeps this default in place, but allows the customer to revoke consent of tracking if they wish.
To enable visitors to opt out of tracking, you can configure your cookie/consent tool to invoke commands exposed by the Userled SDK.
To opt-out a visitor, you'll want to call the below method whenever a user chooses to opt out via a cookie consent tool.
window.Userled("revokeConsent")This will ensure that no cookies are set and no behavioural tracking occurs.
If you want visitors to explicitly consent to tracking you must add requireConsent: true in the userledSettings in your Userled SDK snippet. This ensures consent is granted by visitors before Userled starts tracking activity.
window.userledSettings={app_id:"YOUR_APP_ID",requireConsent: true}If you choose this option, no tracking will be enabled for your site visitors unless they explicitly opt-in to tracking.
From this point forward, you can trigger consent grant/revoke through our SDK functions:
a. window.Userled("grantConsent") will enable tracking.
b. window.Userled("revokeConsent") will disable all tracking.
requireConsent: true on a site that already has traffic, returning visitors who previously accepted cookies won't be tracked until consent is explicitly granted again. To handle this, configure your GTM (or equivalent) to call window.Userled("grantConsent") on page load for any visitor where consent is already recorded in your consent manager.You can reference Google's Tag Manager consent mode support for more details on how to configure Google Tag Manager to manage how tags behave in response to consent settings.
Our suggested approach is to always load the SDK and then call our consent functions upon consent preference submissions, ensuring that the visitor is tracked or untracked immediately upon submitting their preferences.
To achieve this, you can use multiple GTM tags:
The first tag triggers on each page load and loads the SDK with the requireConsent: true flag enabled. This ensures tracking is disabled by default.
The second tag triggers when a visitor actively grants consent via the cookie banner:<script>window.Userled("grantConsent")</script>
The third tag triggers on page load for returning visitors who have already accepted cookies in your consent manager: <script>window.Userled("grantConsent")</script>
The fourth tag triggers when a visitor revokes or has already revoked consent:<script>window.Userled("revokeConsent")</script>
This ensures on first visit, not tracking will occur until new visitors have granted consent. It will ensure that for returning visitors, tracking is enabled/disabled based on previously submitted consent preferences.
No. Outbound landing pages generated through Userled for accounts and contacts are statically created in advance. There is no real-time processing or dynamic personalisation based on live visitor data. This means:
While the page contains personal data (e.g., a first name), it’s not dynamically inserted or processed at the time of access.
When you configure the Userled SDK to require consent prior to tracking, there are no cookies or behavioural tracking until after the visitor has granted consent.
So, from a GDPR standpoint:
The presence of a first name on a static page does not, on its own, constitute further processing or profiling that would require consent.
Any tracking that would require consent is covered when opt-in is enabled.
When consent is granted, visitors will see personalised experiences when:
Outbound: Always, as outbound pages are served as static pages.
Inbound: When the visitor matches the audience conditions for the inbound experience.
When consent is required or revoked (i.e. not granted), visitors will see personalised experience when:
Outbound: Always, as outbound pages are served as static pages.
Inbound: Never, as matching visitors to inbound conditions requires visitor identification.