Site tracking and the GDPR

Disclaimer: The contents of this web page do not constitute legal advice. This page is for informational purposes only, and we strongly encourage you to seek independent legal counsel to understand how your organization needs to comply with the GDPR. 

If you’re using our site tracking feature to track visits made to your website by contacts in the EU, then you may want to make changes to how you’ve implemented site tracking in order to be GDPR compliant.

In this article, we’ll discuss:

Read more about GDPR here

What is site tracking?

Our site tracking feature tracks visits made to your website and associates those page visits with contact records. It also collects the IP address of your contacts. Site tracking allows you to see which web pages a contact visits so you can create segments and send targeted campaigns, display site messages to specific contacts, and is used with our attribution feature. These page visits and the IP address are considered personal data.

How the GDPR impacts site tracking

Before the GDPR, you were able to track a contact’s page visit without their consent. Under GDPR however, you may want to gain explicit consent from contacts before you collect and store their personal data. This can be done by creating a “Tracking Consent” notice on your site that states what information is being collected and how that information will be used. The information in this notice must use clear and plain language and contain a button that the contact must click in order to give their consent.

Who does the site tracking update for the GDPR apply to?

The site tracking update for the GDPR applies to:

  • Any ActiveCampaign customer in the European Union (EU) that is processing personal data and using our site tracking feature.
  • Any ActiveCampaign customer outside of the EU that is processing personal data of EU data subjects and using our site tracking feature.

How to update site tracking for the GDPR

1. Replace the site tracking code on your website.

We’ve made updates to our site tracking code in order to complement your GDPR compliance needs. You will need to replace the ActiveCampaign site tracking code you’re currently using with this new one. You can get this new code by going to Settings > Tracking in your account. The updated site tracking code will be located in the “Tracking Code” box.

2. Update the "Track by Default" setting in the site tracking code.

The "Track by Default" setting on our site tracking code automatically tracks page visits. Once you replace the site tracking code on your website, you will need to update that default setting. This update is done in the site tracking code that is pasted on your site. 

You can change this:


To this:


Simply replacing the site tracking code (see step 1 above) will not change how ActiveCampaign tracks data. Updating the "Track by Default" setting is a necessary step that may help you comply with GDPR.

3. Create a “Tracking Consent” notice.

The purpose of this notice is to explicitly ask contacts for their permission to be tracked. This notice can be in the form of a banner or a pop up box. The notice must state what information is being collected and how it will be used. In addition, the notice must use use clear and plain language and contain a button that the contact must click in order to give their consent.

You are responsible for creating this notice. If you don’t know how to create this notice, you must work with someone on your team or organization who can. Our support team will not be able to assist with creating a “Tracking Consent” notice.

4. Add a snippet of code to your “Yes/Agree” button on the “Tracking Consent” notice.

If a contact has allowed site tracking, you will need to call the Javascript function, pgo('process', 'allowTracking') which will place a 30-day tracking cookie on the contact.

In order to allow tracking for future visits, when cookies are accepted by the contact, you might set a temporary cookie (for example, for 30 days). Then on each page load, check for the temporary cookie you have set and run pgo('process', 'allowTracking').


// Insert tracking snippet here
if (document.cookie.indexOf('accept_cookies') !== -1) {
    pgo('process', 'allowTracking');

$('.btn').on('click', function() {
    var expiration = new Date(new Date().getTime() + 1000 * 60 * 60 * 24 * 30);
    pgo('process', 'allowTracking');
    document.cookie = 'accept_cookies=1; expires=' + expiration + '; path=/';

The GDPR compliance deadline is May 25, 2018. Parties who violate regulations and who do not gain explicit consent are subject to substantial penalties. See Article 83: General conditions for imposing administrative fines.

Have more questions? Submit a request