Compliance & consent
Control non-essential data scopes without blocking response collection.
- Last reviewed
Compliance & consent
Consent controls non-essential data scopes. The widget respects your consent settings and integrates with your existing cookie banner or CMP.
What consent does not block
Two things always work regardless of consent state:
- response collection
- surveys opened from code
This means you can keep the feedback channel working while tightening analytics or storage behavior for GDPR, CCPA, or other regulations.
Consent scopes
| Scope | What it controls |
|---|---|
analytics.measurement | Event tracking for targeting rules based on page context, timing, and session signals. |
analytics.storage | Persisted activity data used for cohort targeting and identity continuity across sessions. |
personalization.storage | Stored preferences for personalized survey experiences. |
ads.storage | Storage used for advertising-related signals. |
ads.user_data | User data shared with advertising surfaces. |
ads.personalization | Personalized advertising signals. |
Essential scopes (functionality.storage, security.storage) are always
granted and can't be denied — they're required for the widget to work.
Default behavior
By default, the widget starts with all scopes granted. If you need a stricter
default for GDPR, ePrivacy, or another consent-first rollout, set
defaultConsent to "pending":
const client = createClient({apiKey: "YOUR_API_KEY",defaultConsent: "pending",});With pending, non-essential scopes are treated as denied until you update
them.
For EU traffic, this is usually the safest starting point: keep response collection available, then grant measurement or storage scopes only after your cookie banner or CMP has recorded the user's choice.
Updating consent at runtime
Sync with your cookie banner or CMP when the user makes a choice:
// User grants analytics:client.configure({consent: ["analytics.measurement", "analytics.storage"],});// User denies everything:client.configure({ consent: "denied" });// User grants all:client.configure({ consent: "granted" });You can also set "revoked" to explicitly revoke previously granted consent.
Impact on targeting
- Context targeting (page URL, device type, timing) requires
analytics.measurementonly. - Cohort targeting (past behavior, identity continuity, stored signals)
requires both
analytics.measurementandanalytics.storage. - Response collection and surveys opened from code are never affected.
Practical rollout
If your product already has a CMP or cookie banner, keep getuserfeedback.com in sync with that source of truth. Don't create a second consent state machine.
SDK setup
Each SDK page covers how to set defaultConsent and update consent at runtime:
- React SDK
- JavaScript SDK
- Google Tag Manager — follows GTM Consent Mode automatically
Privacy requests
If a customer or respondent needs access, deletion, correction, portability, or help with another privacy right, see Privacy rights and requests.