Skip to content
Last updated: 2026-04-06
Reference

Privacy Features

Dxtra Tag Manager is built with privacy as a core principle. This page describes the privacy-preserving design of built-in analytics and how consent integration works.

Dxtra's built-in analytics works without cookies or persistent identifiers:

  • No cookies set by default
  • Session hashing with 24-hour rotating identifiers (not reversible)
  • IP addresses discarded after geographic lookup (not stored)
  • First-party data -- all analytics data stays on Dxtra infrastructure
  • No cross-site tracking -- visitors are unique only within your site

Privacy-Preserving Metrics

Metric How It Works
Page views Anonymized request logging
Unique visitors Session-based hash (resets daily, no persistent ID)
Geographic location Approximate region from IP (IP then discarded)
Device type Generalized user-agent parsing
Referrer Domain-level attribution

CMP Check Event

Use the built-in CMP Check event to gate third-party tags on consent status:

Text Only
Rule: "Marketing Pixel with Consent"
Event: CMP Check
Condition: CMP.marketing equals "true"
Action: Fire marketing pixel
Tag Type Consent Category Legal Basis
Dxtra analytics (first-party) None required Legitimate interest
Third-party analytics (GA4, etc.) analytics Consent
Marketing pixels (Facebook, etc.) marketing Consent
Personalization tools functional Consent
Essential functionality None required Legitimate interest

TCF v2.0 Support

Dxtra integrates with IAB TCF v2.0 compliant consent management platforms. Access TCF consent data in custom actions:

JavaScript
if (window.__tcfapi) {
  __tcfapi('getTCData', 2, function(tcData, success) {
    if (success && tcData.gdprApplies) {
      const analyticsConsent = tcData.purpose.consents[7]; // Measurement
      if (analyticsConsent) {
        // Fire analytics
      }
    }
  });
}

Global Privacy Control (GPC)

Dxtra detects the GPC browser signal (navigator.globalPrivacyControl). When GPC is enabled, third-party data sharing tags can be automatically suppressed through rule conditions.

GDPR Compliance

Dxtra Tag Manager supports GDPR compliance through:

  • Consent gating -- third-party tags only fire with explicit consent
  • Data minimization -- built-in analytics collects only non-personal data
  • Processing records -- tag configurations contribute to processing activity documentation
  • Data subject rights -- analytics data can be addressed through the Dxtra rights management workflow
  • Right to object -- visitors can opt out through the consent banner

CCPA Compliance

For California Consumer Privacy Act compliance:

  • Do Not Sell support via consent conditions
  • GPC signal detection -- automatically honor browser opt-out signals
  • USP API integration for checking opt-out status:
JavaScript
if (window.__uspapi) {
  __uspapi('getUSPData', 1, function(uspData, success) {
    if (success) {
      const optedOut = uspData.uspString.charAt(2) === 'Y';
      if (!optedOut) {
        // Proceed with data sharing
      }
    }
  });
}

Privacy Setup Checklist

  • Install Tag Manager script (cookie-free analytics enabled by default)
  • Configure consent categories in the Tag Manager dashboard
  • Add CMP Check conditions to all third-party tag rules
  • Configure data retention periods in Analytics Settings
  • Test consent flows in debug mode (#dxtra-debug)

Continue to Consent Integration for detailed consent management configuration.