Consent modes
Under the GDPR and the ePrivacy Directive, collecting and processing visitor data often requires explicit consent.
Different organizations may have different legal obligations depending on how they use data, which is why we provide multiple consent modes.
It is your responsibility to choose the consent mode that best aligns with your compliance requirements.
We strongly recommend consulting with your legal counsel to determine the most appropriate setup for your use case.
If you use Google Consent Mode v2 or Onetrust Lyftio will pick up consent for Analytics automatically. However, if you do not use any of those, you need to implement a callback to inform the script when the visitor has given consent. Read more.
Default Mode
In default mode, the script immediately runs experiments and begins tracking visitors.
It does not wait for any visitor consent before execution.
The script uses localStorage to store visitor and experiment data.
What data is stored in the visitors browser?
Tracking Consent Mode
In tracking consent mode, the script runs experiments and tracks visitors locally, but it does not send any data to our database until explicit consent is given.
Consent must be provided by calling the optIn callback (this should be triggered once the visitor grants consent).
Before consent:
The script uses localStorage to store visitor and experiment data.
After consent:
- Visitor and experiment data are pushed to our database.
Full Consent Mode
In full consent mode, the script loads in the background but does not execute until consent is given.
This means:
- No experiments are run.
- No visitors are tracked.
- No data is stored in
localStorage.
Execution begins only after explicit consent is provided by calling the optIn callback (triggered when the visitor grants consent).
Privacy Modes Comparison
| Mode | When Experiments Run | Visitor Tracking | localStorage Data Before Consent | localStorage Data After Consent | Data Sent to Database |
|---|---|---|---|---|---|
| Default | Immediately | Yes | Visitor + experiment data | Same as before | Immediately |
| Tracking Consent | Immediately | Yes (local only) | Visitor + experiment data | Same as before | After consent |
| Full Consent | After consent | After consent | None | Visitor + experiment data | After consent |
Regardless of which consent mode is used, the implementation script should be loaded as early as possible to ensure optimal performance.
Google Consent Mode v2
The Lyftio script monitors the dataLayer and detects when analytics_storage is granted
Example dataLayer event;
[{
"0": "consent",
"1": "update",
"2": {
"ad_storage": "granted",
"ad_user_data": "granted",
"ad_personalization": "granted",
"analytics_storage": "granted",
"functionality_storage": "granted",
"personalization_storage": "granted",
"security_storage": "granted"
}
}]
Onetrust
In OneTrust, the C0001–C0005 categories are consent groups defined in your cookie banner configuration. The Lyftio script checks the OnetrustActiveGroups variable for the presence of C0002, which represents Performance / Analytics cookies. If this value is present, the script opts in immediately. If not, it sets up an event listener for OneTrustGroupsUpdated and monitors for changes.