--- title: Tracking Modes description: Choose between privacy-first cookie-less tracking or cookie-based persistent visitor tracking. url: https://www.supalytics.co/docs/tracking-modes --- Supalytics offers two tracking modes. Configure per website in **Settings → Tracking Mode**. ## Privacy Mode (Default) Cookie-less tracking that's fully GDPR compliant without requiring a consent banner. **How it works:** * Visitor IDs are generated server-side from a hash of IP + User Agent + domain * The hash rotates daily, so visitor IDs change every 24 hours * No cookies, no localStorage (except for user opt-out preference) * IP addresses are never stored—only used momentarily for hashing **Trade-offs:** * ✅ No consent banner needed anywhere * ✅ Fully GDPR/ePrivacy compliant * ❌ Cannot track returning visitors across days * ❌ First-touch attribution resets daily ## Cookie Mode Persistent visitor tracking using a first-party cookie for more accurate returning visitor data. **How it works:** * A first-party cookie (`supalytics_vid`) stores a persistent visitor ID * **Non-EU visitors**: Cookies set automatically, no consent needed * **EU visitors**: We detect their location and fall back to privacy mode by default **Trade-offs:** * ✅ Accurate returning visitor tracking * ✅ Persistent first-touch attribution * ✅ Non-EU visitors work without any setup * ❌ EU visitors need consent for cookie tracking (or fall back to privacy mode) ### What happens to EU visitors? When you enable cookie mode, EU visitors are **not blocked**—they still get tracked using privacy mode (daily-rotating IDs). You don't lose any analytics data. The only difference is their visitor ID rotates daily instead of persisting. If you want persistent tracking for EU visitors, you need to: 1. Show a consent banner 2. Call `supalytics.setConsent(true)` when they accept **If you don't show a consent banner**, EU visitors simply stay in privacy mode. This is a valid approach—you get cookies for non-EU visitors and privacy-mode tracking for EU visitors, with zero consent banners. ## Consent Integration (Optional) Only needed if you want persistent cookies for EU visitors. Integrate with your consent banner: ```javascript // When user accepts cookies supalytics.setConsent(true); // When user declines cookies supalytics.setConsent(false); // Check current consent status supalytics.getConsent(); // returns: true | false | null ``` ### Integration Examples **With CookieYes:** ```javascript document.addEventListener('cookieyes_consent_update', function(e) { if (e.detail.accepted.includes('analytics')) { supalytics.setConsent(true); } else { supalytics.setConsent(false); } }); ``` **With Osano:** ```javascript Osano.cm.addEventListener('osano-cm-consent-changed', function(change) { if (change.ANALYTICS === 'ACCEPT') { supalytics.setConsent(true); } else { supalytics.setConsent(false); } }); ``` **Custom consent banner:** ```javascript document.getElementById('accept-cookies').onclick = () => supalytics.setConsent(true); document.getElementById('decline-cookies').onclick = () => supalytics.setConsent(false); ``` ## JavaScript API The tracking script exposes useful properties: ```javascript // Tracking mode configured for this site supalytics.trackingMode // 'privacy' | 'cookies' // Is visitor detected as EU? supalytics.isEu // true | false // Current visitor ID (set after first pageview) supalytics.visitorId // string // Consent management (cookie mode only) supalytics.setConsent(true) // Grant consent supalytics.setConsent(false) // Withdraw consent (deletes cookie) supalytics.getConsent() // Check status: true | false | null ``` ## Cookie Details When cookies are active (non-EU, or EU with consent): | Property | Value | | -------- | --------------------------- | | Name | `supalytics_vid` | | Value | 16-character hex visitor ID | | Expiry | 365 days | | SameSite | `Lax` | | Secure | Yes (on HTTPS) | The cookie only contains a random visitor ID—it cannot identify individuals or track across websites. --- ## Other Documentation - [Autocapture](https://www.supalytics.co/llms/docs/autocapture) - [Backfill Existing Subscriptions](https://www.supalytics.co/llms/docs/backfill-existing-subscriptions) - [Block Your Own Traffic](https://www.supalytics.co/llms/docs/block-your-traffic) - [CLI](https://www.supalytics.co/llms/docs/cli) - [Custom Events](https://www.supalytics.co/llms/docs/custom-events) - [Features](https://www.supalytics.co/llms/docs/features) - [Conversion Funnels](https://www.supalytics.co/llms/docs/funnels) - [Introduction](https://www.supalytics.co/llms/docs) - [Install Script](https://www.supalytics.co/llms/docs/install-script) - [MRR Tracking](https://www.supalytics.co/llms/docs/mrr-tracking) - [Revenue Attribution](https://www.supalytics.co/llms/docs/revenue-attribution) - [Agent Skills](https://www.supalytics.co/llms/docs/skills) - [Visitor Journey](https://www.supalytics.co/llms/docs/visitor-journey) - [Annotations](https://www.supalytics.co/llms/docs/api/annotations) - [Error Codes](https://www.supalytics.co/llms/docs/api/errors) - [Events (Read)](https://www.supalytics.co/llms/docs/api/events) - [API Reference](https://www.supalytics.co/llms/docs/api) - [Journeys](https://www.supalytics.co/llms/docs/api/journeys) - [Query API](https://www.supalytics.co/llms/docs/api/query) - [Realtime API](https://www.supalytics.co/llms/docs/api/realtime) - [Revenue Attribution API](https://www.supalytics.co/llms/docs/api/revenue-attribution) - [Events (Write)](https://www.supalytics.co/llms/docs/api/server-side-events)