Privacy & Compliance

How StickyCTAs handles visitor data, cookies, and consent.

StickyCTAsDOCSLog In

What StickyCTAs Tracks

StickyCTAs is designed with minimal data collection. The widget itself does not send any visitor data back to our servers. When a visitor interacts with your widget:

  • The widget configuration is fetched once from our API (widget ID, colors, buttons).
  • No visitor information (IP, browser, location) is collected or stored by StickyCTAs.
  • If you have GA4 configured, interaction events are sent directly to your Google Analytics property — not ours.

StickyCTAs does not build visitor profiles, does not sell data, and does not share visitor information with any third party.

EU Consent Flow (GDPR)

For visitors on stickyctas.com itself (not your website), we implement a full cookie consent flow:

Geo-detection

We use Vercel's x-vercel-ip-country header to detect whether a visitor is in the EU/EEA, UK, or Switzerland. This check happens at the edge — no third-party geo-IP service is used.

Cookie banner

EU visitors see a consent banner. Analytics cookies are denied by default until the visitor makes a choice.

Accept

Accepting upgrades Google Analytics consent live using gtag('consent', 'update'). No page reload is needed — GA begins collecting data immediately.

Decline

Declining dismisses the banner and keeps analytics storage denied for the session. GA4 still receives pings but without cookies, using Consent Mode v2.

Google Consent Mode v2

When analytics consent is denied, GA4 operates in Consent Mode v2. This means:

  • No _ga or _gid cookies are set.
  • Cookieless pings are still sent to Google so GA4 can use statistical modeling to estimate traffic.
  • This approach maintains compliance while giving you directional analytics data.

Opt-Out & Opt Back In

Any visitor (EU or not) can permanently opt out of analytics on stickyctas.com by visiting our Privacy Policy page and clicking the opt-out button. This sets an analytics-opted-out cookie that persists for one year.

When opted out, the GA script does not load at all — no pings, no cookies, no requests to Google.

To opt back in, return to the Privacy Policy page and click the opt-in button. The cookie is removed and GA loads normally on the next page view.

CCPA (California)

StickyCTAs does not sell personal data as defined by the California Consumer Privacy Act. We use Google Analytics solely for site measurement — not for advertising, remarketing, or behavioral targeting. The opt-out mechanism described above is available to all visitors, including California residents, as a voluntary control.

What Should Be on Your Site

If you embed a StickyCTAs widget on your website, we recommend including the following on your site:

Privacy Policy

Mention that you use a third-party widget (StickyCTAs) and link to our Privacy Policy if applicable.

Terms of Service

Note that visitors may interact with embedded third-party tools on your site.

Cookie / Analytics Opt-Out

If you use GA4 tracking with your widget, provide your visitors with a way to opt out of analytics on your own site.