How does FunnelFlux handle cookies, privacy, and GDPR?

FunnelFlux uses tracking IDs and session data to connect visitor actions across a funnel. This can involve URL parameters, referrer data, cookies, and server-side session storage.

FunnelFlux Pro takes anonymous user privacy seriously, so we provide several features that help you manage privacy and cookie compliance.

This article is not legal advice, but it explains what FunnelFlux does technically.

Cookie usage

FunnelFlux does not rely only on cookies for tracking. Our tracking system uses a mix of URL parameters, referrer data, server-side session storage, JavaScript, and cookies.

However, we do use cookies in a few specific ways.

Session ID cookie

FunnelFlux may drop a session ID cookie.

This cookie contains the random ID of a generated visitor session. It does not contain private user data. It is used as a fallback for maintaining session continuity when other data is unavailable.

In practice, this is important for reliable click-through tracking. If FunnelFlux cannot identify the visitor session, click-through events can fail or lose context.

We consider this a functional cookie because it helps the redirect and click-tracking system work reliably. It is not used for hyper-personalisation or storing sensitive visitor data.

Session recovery cookie

FunnelFlux may also drop a session recovery cookie.

This allows basic session data to be rebuilt if transient session information at our edge becomes unavailable.

This cookie stores initial entrance data, such as the funnel ID, traffic source ID, and URL tracking field data provided on entrance. It does not store resolved user information such as IP-derived location data, browser data, or internal analytics data.

Tag cookies

FunnelFlux supports tagging visitors for routing logic.

Tags can be used for functional redirects inside funnels, including cross-funnel tag usage. Tag IDs may be stored in a cookie as a fallback mechanism so that tag-based routing can work across funnel journeys.

Cookie consent controls

Our cookies are focused on functional redirect reliability rather than long-term marketing profiling.

You can still control cookie behaviour if needed.

FunnelFlux JavaScript supports options that allow cookies to be disabled on the page. You can also pass a cookie-allowed flag into redirect links to prevent cookies being dropped.

Once cookies are marked as disallowed, that preference is persisted across later tracking for that visitor session.

In most cases, we find custom implementations are unnecessary because of the limited scope of what FunnelFlux cookies are used for. But the controls are there if your consent setup requires them.

Anonymous visitor data

FunnelFlux captures anonymous visitor data for tracking and reporting.

This includes data such as IP address and user agent. We use this to resolve information such as country, city, browser, operating system, and device type from commercial database providers.

This data is generally not personally identifiable in a practical sense, though some regulations may treat IP addresses as personal data.

To help with GDPR and similar requirements, FunnelFlux provides IP anonymisation settings.

IP anonymisation can be enabled globally, disabled, or applied only to IPs detected as European. It can also be controlled at the funnel level.

When enabled, IP addresses are truncated before being stored in the analytics database. Once truncated, this cannot be reversed.

FunnelFlux also provides reset-data tools that allow you to remove data for a specific IP address, visitor session ID, or user if you need to handle a deletion request.

PII data

FunnelFlux generally does not store personally identifiable information unless you specifically pass it into the system.

We cannot automatically police every value you put into tracking links or custom fields. If you pass sensitive data into tracking fields, such as email addresses in URL parameters, that is something you need to manage from a privacy and compliance perspective.

For integrations like Meta/Facebook, TikTok, and Google, you may want to pass PII such as email, phone, name, or similar values to improve attribution.

For this, FunnelFlux provides dedicated PII fields in conversion postbacks, JavaScript, and API uploads.

These fields allow you to pass PII in raw or pre-hashed form. FunnelFlux does not store this PII data in analytics. We pass it through to the relevant integrations as needed, hashing it where required if it was not already hashed.

This PII data is transparent to our conversion processing. It is passed through to subsequent integrations and traffic sources, but is not stored as normal reporting data. We may store flags indicating whether PII data was present.

Data residency

FunnelFlux uses distributed edge servers globally to handle live redirect and tracking ingest.

These edge servers process runtime tracking requests, but analytics data is ultimately stored in Belgium in the European Union, on Google Cloud infrastructure.

In this sense, our analytics data residency is Europe.

Raw analytics data is not exported outside Europe as a database export. However, FunnelFlux reporting services are available globally to customers through the user interface and reporting APIs.

Some reporting views can expose raw event details such as IP address and user agent, depending on your account settings and anonymisation configuration.

Customers cannot request or download a full raw database export. Access is limited to the reporting UI and the reporting APIs we provide.

Data is removed from our systems after a customer account is cancelled, following our data retention process.

For technical tracking details, see VID and Hit ID Reference.

Updated on: 20/05/2026