Consent policy - cookies, storage and privacy

Technical documentation about cookies and browser storage can be found here

Cookies and browser storage

The AB Tasty tag uses cookies and browser storage to retain data about visitors to your websites. The cookie stores the visitor’s ID (used to determine unique visitor counts), plus their campaign history, timestamp history for all sessions, and several other useful parameters.

  • In local storage, it records data to track each visitor’s navigation history: viewed pages, transactions, events, and the segments they belong to. 
  • In session storage, the AB Tasty tag keeps the temporary data it gets from our external services such as geolocation, weather information, and user agent.

Find more information about data storage in this technical guide.

How do AB Tasty cookies work?

AB Tasty uses first-party cookies that are defined by the URL of the website using AB Tasty. Cookies enable AB Tasty to work properly and guarantee campaign reliability by recognizing each time a unique visitor lands on the website (AB Tasty can remember if a visitor has been to the site before, without actually knowing the identity of each visitor). 

Cookies log the campaign variation that the visitor has been previously assigned to, so it’s able to direct them back to the same variation for future visits. This system avoids behavioral differences and misleading results. These cookies don’t store any information about the visitor’s identity.

AB Tasty relies on two different cookies to collect and store data about visitors: ABTasty and ABTastySession. AB Tasty also uses technical cookies to operate properly. Read more about this in the corresponding section below.

The "ABTasty" cookie

This is a first-party cookie that has a lifetime of 13 months. The ABTasty cookie has two parts: 

  • The first part includes data and details about the visitor:

image7.png

  • The second part includes information about the campaign the visitor has been allocated:

image2.png

The "ABTastySession" cookie

This is a first-party cookie. Its lifetime depends on the duration of the session (a session ends after 30 minutes of inactivity on the website). Its purpose is to collect information about each user’s session. 

A fourth parameter may be present: the referrer. This stores the URL the visitor came from before landing on the website. This data is only available when the “source” or “source type” criteria are being used in the targeting of an active campaign.

Storage method & lifespan

AB Tasty enables you to modify a cookie’s validity period. To do so, go to:
Settings > Implementation > Cookies & privacy > Cookie settings.

Switching from Cookie to Local Storage should not lead to any issues. It activates an automatic data migration from the Cookie to the Local Storage and vice-versa. However, the Local Storage method is not compatible with cross-domain tracking (article All about tags - section Specific implementation). When choosing Local Storage, data can’t be shared between subdomains. For more, please refer to the complete section about storage.

The ABTastyOptout cookie

When a visitor doesn’t want to be assigned to any campaigns, they can opt out by adding the #abtastyoptout=1 parameter to the end of the website URL. For example:
http://www.abtasty.com/#abtastyoptout=1

This creates a cookie in their browser that stores the opt-out information. For more information about this, refer to How can I avoid being assigned to the tests (opt-out)? 

Technical cookies

The tag is setting several cookies to validate that it will be operational on the website. Some cookies tracking third-party tools might also discover the regular ABTasty and ABTastySession cookies even without consent being granted. This is because of how it is technically working, as explained in the section below.

These technical cookies are not used to store visitor's data and don't even contain anything for most of them. Moreover, their lifetime never exceeds a few milliseconds.

Checking the ability to set cookies

AB Tasty can't work with cookies. To avoid crashing and sending unexpected error messages, the tag first checks if it can write cookies in the current session.

The ABTasty cookie is created with a dummy value and then immediately removed if it succeeded. 
If the operation is failing, the tag will stop its execution and logs the information if you are using the debug module.

Checking the domain validity

The tag then validates which domain it is executing on and if it matches its settings. This is done to avoid any tracking issues or unexpected further failures.

It creates the ABTastyDomainTest cookie with no value. If the operation is a success, it is immediately removed.

If the operation failed, the tag won't go further and will log the information if you are using the debug module.

Consent management specificities

If consent is lost during the visitor's journey, AB Tasty has to erase all data stored for this visitor. To avoid losing any time and not risk any failure in this process, the tag doesn't bother checking if there is already existing data.

All cookies are erased, whether or not they exist. This means that the tag is setting both ABTasty and ABTastySession cookies with an already-expired date. For the browser, this consists of creating a cookie that is immediately removed due to its expiration date.

This results in both cookies being declared even without consent and for a very short period of time (in microseconds).

Some cookies tracking third-party tools might detect these "ghost" cookies without consent. We advise setting a lifetime threshold to filter them out.

For full technical information about AB Tasty cookies and storage, read the complete article on our developer portal.

The cookie deposit method

The cookie deposit method enables you to manage the way information about your visitors is collected on your website.

You can manage cookies and AB Tasty’s tag through the following three sections:

  • Secure cookies
  • Restrict cookie deposit
  • Storage method

For details about the best implementation method regarding your needs, please refer to this specific article: How to choose your cookie deposit method.

Heads up ⚡

Changing the cookie privacy settings while one or several campaigns are live may revoke the consent collection of your tested visitors at their next session on your website. It may also permanently erase all stored data (e.g. cookies, campaign history, events history, etc.).We recommend you configure your preferences once and do not modify them afterward.

To access the cookie deposit method, follow these steps:

  • Go to the dashboard and click image8.jpg , then click Settings
  • Click Cookies > Cookie deposit method

Secure cookies option

This option enables you to manage cookies on the pages of your website. Secure cookies can only be transmitted via the HTTPS protocol. HTTPS is a secure encrypted protocol aimed at increasing the security of data transfer.

By default, this option is disabled (the button is toggled to NO). This means that cookies are deposited on both the HTTPS and HTTP pages. When you enable this option (toggle the button to YES), cookies are deposited and usable on HTTPS pages only.

Generally speaking, many websites use HTTPS on all pages. In this case, we recommend enabling the secure cookie option. However, some websites still use HTTP pages, which is less secure. In this case, we recommend leaving the option disabled.

Heads up ⚡

Some websites use HTTPS on most pages but still have some HTTP pages. In this case, if you choose to enable secure cookies (toggle the button to YES), HTTP pages won’t use the same cookie as HTTPS pages. This may become an issue for data collection and is not recommended. 

Storage method

This section enables you to choose how your visitor information is stored. By default, AB Tasty uses cookies to store all the information that will be displayed in your campaign reports. However, you can choose to use Local Storage to store your visitor data.

Cookie

This is the default option. Data related to visitors is stored in cookies placed on their browsers. When a visitor lands on a website that uses our platform, AB Tasty automatically places an ABTasty cookie on their browser to collect information such as the visitor’s ID, the campaign ID, the variation ID, etc. For each of the visitor’s sessions, an ABTasty.sessioncookie is also placed on the browser.

Local Storage

This option enables you to store data in your visitor’s localStorage browser instead of cookies. This can be useful for websites where cookies have weight restrictions, as it makes your cookies lighter. If you select this option, AB Tasty renounces the use of cookies, although the option remains available in the interface.

Good to know💡

If your visitor changes the domain or subdomain while browsing your website, the collected data will be lost. A visitor visiting your website from three different domains will be counted as three different visitors.

Restrict cookie deposit option

The restrict cookie deposit option enables you to manage the AB Tasty tag’s behavior to comply with regulations and adapt the configuration to user specificities. Since the implementation of the Guidelines on consent under Regulation 2016/679 (GDPR) by the European Data Protection Board on May 4, 2020, you have a legal obligation to ask your visitors for their explicit consent before tracking them and collecting their personal information through the acceptance of a cookie banner (either fully or partially).

Moreover, you must provide proof of this consent and AB Tasty must help you do so.

As soon as consent is given, proof of this consent is automatically sent to AB Tasty’s servers and stored for 13 months

Stored consent information includes the date and time, the condition and mode used, the visitor ID, and the perimeter.

It remains your full responsibility to implement the cookie banner on your website and make its content compliant with local data protection regulations. 

In the page Privacy in the settings, you must select one of these three options:

  • Not restricting cookie deposits. This means no consent is requested from the visitors and the campaign is automatically displayed and data tracked. Select this option only if your country / geographical area does not require you to ask for consent before collecting data.
  • Managing the consent proper to AB Tasty within a third-party tool, such as a TMS. In this case, the TMS automatically checks the visitor’s consent before triggering the tags it contains. Proof of consent will still be collected; however, the consent will specify that it was collected by an uncited third-party source.
  • Delegating the consent to the AB Tasty. In this case, the tag will try to determine whether the visitor gave their consent on the website before tracking them and collecting their data.

For more information about how to choose the right configuration for your cookies deposit choice, please refer to the following article

Was this article helpful?

/