Assumed Consent is one of two methods of managing the data privacy settings of your users using APIs. In general, this method assumes that users consent to data collection unless they opt out.
What happens when users opt out?
- We don't delete their data, but we do stop collecting data about their interactions from the moment of the opt-out.
- They are also opted out of our trigger engine and won't receive triggered emails or push notifications. The consent state is effective for all sites in your account except for mobile apps, which are handled using the iOS and Android APIs.
- For opted-out users you can only use targeting conditions based on session data, such as URL, traffic source, weather, device type, location, and so on. For example, if a campaign has two experiences targeting different countries, Dynamic Yield does recognize in which country an opted-out user is located during their session. However, this data is not retained on our servers.
- No interactions of opted-out users are collected or included in any experience reports from the moment of their opt-out.
- The campaign’s frequency and stickiness settings are still supported for opted-out users as this is necessary for proper site functionality. Otherwise, poor experiences such as users being served the same popup on every page might result. This data is only stored in the browser's local storage. It is not stored in cookies or on our servers.
- User Data might still be sent through your custom integrations. To prevent this, use an additional API in the custom integration code.
Even if a user opted out in the past, if they opt in again, data collection is allowed from that point onward.
Using the assumed consent APIs
You can use one of the following two methods, depending on whether you are sending the API calls directly from your site or via a third-party consent management tool.
Standard method
Use these API calls when directly reporting user consent to Dynamic Yield. This method is not supported for API-only sites.
JavaScript (Web)
DY.API('consent_optout');
DY.API('consent_optin');
Objective-C (iOS)
[[DYApi getInstance] consentOptout];
[[DYApi getInstance] consentOptin];
Swift (iOS)
DYApi.getInstance().consentOptout();
DYApi.getInstance().consentOptin();
Java (Android)
DYApi.getInstance().consentOptout();
DYApi.getInstance().consentOptin();
- Opting out prevents future data collection from the current device/browser from all sections of the account, across all domains. This method overrides any past opt-in methods.
- If the user had opted out in the past, opting in allows data collection from the time of the new consent and onward.
Consent management tool method
This method involves configuring a set of API calls as well as configuring a variable on the site instructing Dynamic Yield to wait for the management system to solicit user data collection preference before collecting and storing user data.
JavaScript API methods
DY.API('consent_status_update', { status: true });
DY.API('consent_status_update', { status: false });
Variable configuration
To tell Dynamic Yield to wait for the Advanced API methods, configure the variable DY.consentIntegrationActive to "true" before the Dynamic Yield scripts are loaded.
DY.consentIntegrationActive = true;
Verifying that data isn't being collected
If a user wants to verify that data is not being collected by Dynamic Yield, they can look for the strings px.dynamicyield.com and px-eu.dynamicyield.com in their network calls. These strings don't exist if data isn't being collected.