GDPR Requirements
Last updated
Was this helpful?
Last updated
Was this helpful?
Companies implementing GDPR requirements are required to ask for permission to use cookies on their websites. Cookies are typically used to track user activities. Arcade’s tracker uses cookies to store unique user information and identify users. While the Arcade tracker cookie doesn’t store PII data, it is enough to be deemed personal information since it tracks the user's behavior on the website.
Websites that ask for permission to use cookies will present a small UI element that is typically unobtrusive but will notify the user that the website uses cookies. In the simplest case, a user can approve or deny consent to use cookies. In more complicated scenarios, the website may ask for permission to use different types of cookies (analytics, marketing, other types of tracking., etc).
Arcade tracks events like hotspots, and CTA clicks on the published Arcade. Those are used to generate data for the Arcade Analytics dashboard.
Since Arcades are embedded as an iframe on a website, they cannot automatically inherit or honor the consent provided to the host’s website. Ideally, Arcades should not have to ask for permission on their own—that would provide an odd user experience, especially if there are multiple Arcades on the same page.
Arcade tracks user events (e.g., clicks within the Arcade, etc.) by default. These events are used to provide our customers analytics on their Arcades. We recognize that there may be times when the author of the Arcade might want to limit tracking information by anonymizing the IP or disable tracking completely. In many situations, the author may want to disable tracking until the user consents to cookie-based tracking on the host website. For this reason, we provide a few settings to limit or disable tracking:
Once you turn on Do Not Track, Arcade will no longer collect user clicks and page views within an Arcade. Analytics data will no longer be visible inside Arcade’s Analytics dashboard.
If your website asks for cookie consent from the user, Arcade can honor that consent, but it will require a little bit of code on your website.
If the user allows your website to use cookies for tracking purposes, you can let the Arcade know by sending each Arcade on your page a message to turn on tracking. Arcade will keep track of events that happen inside the Arcade even if Do Not Track is turned on, but it withholds sending those events to Arcade’s tracking server unless it receives consent from the host website.
Here’s a sequence diagram of how this works:
In order to send the message to the Arcade iframe(s) that the user has consented to the use of cookies, you need to send the following Javascript after the consent has been made:
Once the Arcade iframe(s) receive this message, all events that the Arcade has recorded up to that moment will be sent to the Arcade tracking server, and new events will be sent as well.
Some consent managers will reload any 3rd party iframes on the page after the user gives consent. In these cases, you may need to listen to the Arcade iframes load event to pass on the cookie-consent event. Here's some sample code on how to do that:
This will allow tracking to work across page reloads as well.
Arcade uses the vast array of available fonts from . For customers concerned , font selection is disabled in the Arcade editor and theme settings if either tracking (listed as Do Not Track) or IP tracking is disabled. Arcade defaults to using the , which Arcade serves directly without any dependence on a 3rd party that may be tracking IPs.
