Data Privacy & Consent
ClickMint Experiment Tracking
The Short Version
ClickMint's experiment tracking:
- Collects zero Personally Identifiable Information (PII) directly
- Does not inject cart, checkout, billing, location, or behavioral click tracking
- Cannot send any analytics data when your consent setup is properly configured to block analytics — with one nuance noted below
- Reads aggregate experiment performance data (revenue, conversions, etc.) from your existing GA4 property — it does not generate that data itself
What ClickMint Actually Does
When a user visits a page with an active A/B experiment, ClickMint's delivery system — running at the CDN edge before the request reaches your server — sends a small JavaScript snippet to the browser. That script does exactly two things:
- Assigns the user to a variant — either shows them the original page (control) or a modified version (variant), based on configured probability weights.
- Fires a single event into your existing GA4 property to record which variant the user saw.
That is the complete scope of what ClickMint injects.
What Is Tracked (Full Inventory)
The Tracking Identifier
The only user-level identifier ClickMint creates is a random token generated entirely inside the user's browser — no ClickMint server is involved in creating it. It is a short alphanumeric string with no meaningful content: no timestamp, no device info, no user reference.
It is stored locally in the browser with a 30-day expiry, and falls back to a cookie if local storage is unavailable. It is never sent to ClickMint's servers — it travels only to your GA4 property, the same analytics system your site already uses.
For GDPR purposes: this is a pseudonymous persistent identifier. It is not PII in isolation, but because it persists across sessions, it is appropriate to treat it as consent-gated — and when consent is denied, it will not be sent.
The Experiment Event
Every user on an experiment page produces one event in GA4. That event records only:
- Which experiment and variant the user was assigned to
- Whether the assignment was a redirect, a visual change, or the unchanged control
- The page path (e.g.,
/products/my-product) — not the full URL, and no query strings
Nothing in this event contains names, emails, device fingerprints, IP addresses, purchase data, product details, or any other PII.
The User Property
Alongside the event, ClickMint sets a GA4 user property containing the random tracking identifier. This is what enables cross-page conversion attribution: if a user sees a variant on a product page and purchases on the checkout page, GA4 can correlate those events. This is standard GA4 behavior — ClickMint does not operate any separate identity layer.
ClickMint does not own or operate your GA4 property. It belongs to you. ClickMint reads from it via the GA4 Reporting API to populate the dashboard.
What Is NOT Tracked by ClickMint's Script
The injected JavaScript contains no logic to track:
| Data Type | Status |
|---|---|
| Name, email, phone | ❌ Not collected |
| Cart contents | ❌ Not collected |
| Order value / revenue | ❌ Not collected — sourced from your existing GA4 ecommerce tagging |
| Billing or payment info | ❌ Not collected |
| Physical or IP location | ❌ Not collected — GA4 derives this independently from IP |
| Click or scroll behavior | ❌ Not collected |
| Form inputs | ❌ Not collected |
| User identity / login status | ❌ Not collected |
How the ClickMint Dashboard Shows Revenue and Conversions
ClickMint's analytics dashboard reads purchase revenue, add-to-carts, checkouts, and conversion rates from your GA4 property via the GA4 Reporting API. It does not inject or produce those signals.
Your existing GA4 ecommerce tagging — managed through GTM or directly on your site — is what generates purchase events. ClickMint correlates those events against the experiment identifier it set, to attribute conversions to the correct variant.
If your GA4 ecommerce tracking does not fire purchase events, ClickMint's dashboard will show zero conversions. ClickMint has no independent purchase tracking.
Consent and Tracking Compatibility
When a CMP Blocks Analytics Entirely
If a Consent Management Platform (CMP — OneTrust, Cookiebot, CookieYes, etc.) is configured to prevent the GA4 tag from loading when a user declines analytics consent:
- ClickMint's script waits for GA4 to become available, and after a brief timeout, gives up
- No experiment event is fired. No data reaches GA4.
- The experiment variant is still shown to the user — delivery happens at the CDN level, before any browser code runs. Only the measurement is affected.
In this scenario, consent is fully respected and no tracking data leaves the browser.
When Google Consent Mode v2 Is Active
Many GTM setups use Google Consent Mode v2, where the GA4 tag loads but operates in a restricted state when analytics consent is denied. In this mode:
- GA4 does not store identifying cookies
- GA4 may record non-identifiable aggregate signals for modeling purposes
- ClickMint's event will reach GA4, but what GA4 does with it is governed entirely by the active consent state
This is identical behavior to any other GA4 event on your site — ClickMint does not bypass or override consent mode signals. The outcome depends on your GA4 and CMP configuration, not on ClickMint's behavior.
If your compliance posture requires certainty that no events reach GA4 before consent is granted, the most reliable approach is configuring your CMP to block the GA4 tag entirely until after the user makes a consent decision, rather than relying solely on Consent Mode v2 signals.
Summary for Legal and Compliance Review
| Question | Answer |
|---|---|
| Does ClickMint collect PII? | No. The only identifier is a locally-generated random token with no connection to user identity. |
| Does ClickMint track purchases or cart data? | No. It reads those metrics from your existing GA4 property. |
| Does ClickMint share user data with third parties? | No. Events go to your GA4 property. ClickMint reads from your GA4 via the Reporting API. |
| Is tracking blocked when consent is denied? | Yes, when your CMP blocks the GA4 tag from loading. With Consent Mode v2, behavior follows your GA4 and CMP configuration. |
| Does the experiment still run without consent? | Yes. Variant delivery happens at the CDN edge before any browser code runs. Only measurement is consent-gated. |
| Is the tracking identifier linked to a real identity? | No. It is a random string with no connection to names, accounts, or devices beyond what GA4 itself associates. |
| Does ClickMint inject click, scroll, or form tracking? | No. That is the responsibility of your GTM and GA4 configuration. |
Updated 24 days ago