Analytics Privacy and Governance
Privacy and Governance
Customer-facing privacy controls and analytics governance patterns for compliant measurement.
Audience: Privacy, legal, and analytics leaders designing compliant data operations.
Critical: Public runtime endpoints enforce site verification, origin checks, and subscription validation via guard logic before serving sensitive analytics-related functionality.
Who This Page Is For
Use this page when defining how your organization collects analytics data under consent constraints while preserving operational reliability and auditability.
Quick Start (2-5 Minutes)
Audit consent posture
Review consent acceptance and impact using consent analytics endpoints.
GET /api/v1/analytics/consent/:siteId/stats
GET /api/v1/analytics/consent/:siteId/impactValidate runtime protection model
Ensure public endpoints are called from verified site origins only.
GET /api/v1/public/sites/:siteKey/config
GET /api/v1/public/sites/:siteKey/tracking-configReview identity/trait flows
Confirm identify and traits updates are intentional and policy-compliant.
POST /api/v1/public/sites/:siteKey/users/identify
POST /api/v1/public/sites/:siteKey/users/traitsReview consent write paths
Validate consent grant and withdrawal handling in runtime integration.
POST /api/v1/public/sites/:siteKey/consent
DELETE /api/v1/public/sites/:siteKey/consentDefine governance checklist
Set owner, review cadence, and escalation process for privacy changes.
Document policy, controls, and incident response ownership.Key privacy-related endpoints
POST /api/v1/public/sites/:siteKey/consent
DELETE /api/v1/public/sites/:siteKey/consent
POST /api/v1/public/sites/:siteKey/users/identify
POST /api/v1/public/sites/:siteKey/users/traits
GET /api/v1/analytics/consent/:siteId/stats
GET /api/v1/analytics/consent/:siteId/impact
GET /api/v1/analytics/consent/compareRequired Fields / Minimum Payload
| Field | Required | Type | Used by events | Description |
|---|---|---|---|---|
siteKey | Required | string | Public consent/user endpoints | Public site identifier validated by guard. |
origin / referer headers | Conditional | request headers | Public guarded endpoints | Must match configured site domain policy. |
consent payload | Conditional | object | Public consent write endpoint | Consent categories/state payload from CMP integration. |
startDate / endDate | Optional | ISO date | Consent analytics endpoints | Range for governance and audit reporting. |
Event or Endpoint Decision Matrix
| Scenario | Use This | Why |
|---|---|---|
| Need runtime consent write | /public/sites/:siteKey/consent | Captures consent state changes from storefront. |
| Need runtime consent removal | DELETE /public/sites/:siteKey/consent | Supports withdrawal and reset workflows. |
| Need consent impact reporting | /analytics/consent/:siteId/impact | Quantifies measurement effect of consent settings. |
| Need cross-site governance benchmark | /analytics/consent/compare | Portfolio-level policy monitoring. |
| Need infrastructure-level request safety model | Public guards and rate-limit reference | Documents site/origin/subscription protections. |
Common Errors and Fixes
Public consent endpoints return forbidden
Cause: Origin mismatch or site verification/subscription failure.
Fix: Validate site domain config and request origin headers.
Consent analytics not matching CMP dashboard
Cause: Different date windows or category mapping differences.
Fix: Align category taxonomy and reporting intervals.
Identify calls blocked unexpectedly
Cause: Origin validation failure in public users endpoint.
Fix: Ensure identify calls originate from approved storefront domain.
Privacy review lacks audit trail
Cause: No structured change log for consent and tracking config updates.
Fix: Introduce release-note level logging for privacy-impacting changes.
Production Checklist
- Consent collection and withdrawal flows are tested on production domain.Required
- Consent category taxonomy is documented and versioned.Required
- Public endpoint guard behavior is validated in security testing.Required
- Consent analytics is reviewed on a fixed governance cadence.Required
- Incident response plan exists for privacy-impacting regressions.Required