Compliance & consent
Control non-essential data scopes without blocking response collection.
- Last reviewed
Compliance & consent
Consent controls non-essential data scopes. The widget respects your consent settings and integrates with your existing cookie banner or CMP.
What consent does not block
Two things always work regardless of consent state:
- response collection
- surveys opened from code
This means you can keep the feedback channel working while tightening analytics or storage behavior for GDPR, CCPA, or other regulations.
Consent scopes
| Scope | What it controls |
|---|---|
analytics.measurement | Event tracking for targeting rules based on page context, timing, and session signals. |
analytics.storage | Persisted activity data used for cohort targeting and identity continuity across sessions. |
personalization.storage | Stored preferences for personalized survey experiences. |
ads.storage | Storage used for advertising-related signals. |
ads.user_data | User data shared with advertising surfaces. |
ads.personalization | Personalized advertising signals. |
Essential scopes (functionality.storage, security.storage) are always
granted and can't be denied — they're required for the widget to work.
Default behavior
By default, the widget starts with all scopes granted. If you need a stricter
default for compliance, set defaultConsent to "pending":
const client = createClient({apiKey: "YOUR_API_KEY",defaultConsent: "pending",});With pending, non-essential scopes are treated as denied until you update
them.
Updating consent at runtime
Sync with your cookie banner or CMP when the user makes a choice:
// User grants analytics:client.configure({consent: ["analytics.measurement", "analytics.storage"],});// User denies everything:client.configure({ consent: "denied" });// User grants all:client.configure({ consent: "granted" });You can also set "revoked" to explicitly revoke previously granted consent.
Impact on targeting
- Context targeting (page URL, device type, timing) requires
analytics.measurementonly. - Cohort targeting (past behavior, identity continuity, stored signals)
requires both
analytics.measurementandanalytics.storage. - Response collection and surveys opened from code are never affected.
Practical rollout
If your product already has a CMP or cookie banner, keep getuserfeedback.com in sync with that source of truth. Don't create a second consent state machine.
SDK setup
Each SDK page covers how to set defaultConsent and update consent at runtime:
- React SDK
- JavaScript SDK
- Google Tag Manager — follows GTM Consent Mode automatically