Builder complies with General Data Protection Regulation (GDPR) and with current US data protection laws, such as California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), and others.
When using the Builder SDK or HTML on your website, Builder sets cookies and localStorage items in order to provide content analytics and A/B testing functionality.
| Cookie or local storage name | Purpose |
|---|---|
| Content analytics (such as impressions and clicks) |
| Content analytics (such as impressions and clicks) |
| AB testing functionality |
| AB testing functionality |
Builder tracks standard information sent with all HTTP requests such as IP addresses, User Agents, URLs and query params, Date & Time of the event and cookies, which can include session ID and visitor ID.
When Builder tracking is enabled — it is on by default — Builder automatically tracks impressions and clicks for content entries. Customers can call the Builder track() function from their code to track conversions and other arbitrary events. When track() is called, we send information to Builder's backend that includes:
- content ID of the Builder content entry
- A/B test variation ID (if any)
- type of event (such as a click or impression)
- date and time
- Space ID (Public API Key)
- URL path
- device type
- click location for heatmaps
- session ID
- visitor ID
- any metadata that the user provides to the
Builder.track()call, which can be anything depending on what customers want to send; however, for automatic events it consists of the Builder SDK version and full URL (path and query string). - In the case of
track(), the only additional data that is sent is any POST data and event data or metadata included as part of the event.
Setting builder.canTrack to false or enabling window.builderNoTrack prevents Builder from setting cookies that could potentially identify individual users, such as session IDs or visitor IDs. When tracking is disabled, these identifying cookies are not set and therefore not included with any requests to Builder servers, enhancing user privacy.
If you give your customers a UI to opt-in to cookies and tracking, you can listen for their response and change tracking preferences. This toggles Builder cookies and tracking on or off accordingly.
Depending on your implementation, use one of the following methods:
- With the HTML API, set a window variable to
window.builderNoTrack = true. In this way, Builder does not make any tracking requests to our backend, meaning we do not record visitor ids or any information about the site visitor. - If you are using a Builder Gen 1 SDK, you can set
builder.canTrack = falseto disable any tracking and setting of cookies or local storage items. - For Gen 2 SDKs, use
canTrack={false}in theContentcomponent, for example,<Content canTrack={false} />. For more information oncanTrack, visit its entry in Using the Content Component.
Note that you can use either window.builderNoTrack or builder.canTrack to toggle tracking, cookies, and local storage.
For details on the differences between the SDKs, visit SDK Comparison.
The tracking pixel is a tiny (1x1) hidden image that is rendered when someone visits a site or app that contains Builder content from a Page or Section model. This pixel records what are called "Visual Views", also known as Pageviews.
For details on how the tracking pixel works, see How Visual Views are tracked in Visual Views.
While user IP addresses are transmitted to Builder servers as part of the pixel API request (as with any web request), they are anonymized before storage. The anonymization process works by removing the last parts of the IP address. For example:
- IP addresses are anonymized by masking identifiable segments.
- This applies to both IPv4 and IPv6 formats.
This makes it impossible to identify individual users from the stored data while still providing enough information for general usage analytics and billing purposes.
Builder's tracking pixel implementation is fully compliant with GDPR and other privacy regulations (including CCPA, VCDPA, and other U.S. state privacy laws) because:
- IP addresses are anonymized before storage
- No Personal Identifiable Information (PII) is collected
- Only data necessary for the legitimate business purpose of billing is collected
For more information, see the following: