The Big Guideline

If you're going to track non-anonymous user information and behavior, make sure you solicit their informed consent.

Glossary of Tracking Technologies used on Gameflow Sites

A glossary of third-party technologies and how they are used on our sites. This guide helps clients understand the privacy implications of all the third party tools we recommend, with links to external sources and a clear summary of how we set things up by default.

On most of our sites

  • Google Analytics: After May 24 2018, GA on our sites are set up to be completely anonymous. This includes IP Anonymization.
  • Google Analytics e-commerce tracking is set up in sites that use PatronManager (we now anonymize order numbers to protect private information and avoid issues with pseudonymous identifiers).
  • Google Ads / Adsense has an overview of required content that should be included in your privacy policy to be compliant with their platform.
  • WordPress has some anonymous cookies used when a user logs in, which is uncommon for most of our clients (this  affects for instance sites with members that can log in to your site). This data can now be monitored and administered under Settings >> Privacy.
    You can review the new GDPR features for WordPress in the notes for the 4.9.6 release.
  • Facebook Ads are often set up for cultural organizations.  You should add information to your privacy policy and consider your responsibilities under GDPR (Facebook guidance) that reflect how Facebook collects data about your customers (see details for your privacy policy)

Form Tools

Most sites will have one of the following form tools installed.  Each form will need to be manually altered to include opt-in consent for any data that you track, because forms typically collect non-anonymous user data:

Optional Features

  • Google Tag Manager may be set up on your site, which allows you to install many different varieties of tracking codes which should be audited.  Find your GTM account info under Settings >> General (if you don't see a setting here, chances are GTM is not installed)
  • Google Analytics Remarketing tracking is typically disabled for our client sites unless you've specifically requested this feature to support your marketing efforts.  (See how this affects your GDPR Compliance

Third party cookies

These cookies often appear on our sites and may track customer data:

  • Youtube does some viewing history tracking when a video is embedded.
  • Typekit sets an anonymous cookie to track font usage.

Other common marketing tools

These are tools that we don't typically support beyond set up, but many of our clients use them so it's important that you review each tools' privacy features:

Frequently Asked Questions

Do I need a cookie consent popup?

For organizations serving European residents covered under GDPR, and in some cases California residents, potentially, and otherwise changing privacy policy laws may make this required in the next 3-5 years.

We recommend an approach that informs users and gets their consent at the moment in their experience when they want something that a cookie provides.  A better design is say, a request to enable only youtube embedding when a user tries to view an embedded youtube video. Then it's clear to the user what you are asking and why it is beneficial to them.

If you need to collect actual customer data on the website (and not in, say, a CRM), we can help you implement a tool like the GDPR Cookie Compliance plugin or a Youtube Embed Consent plugin. 


The complete GDPR Compliance checklist can be found here.   This is a great resource to develop a fully compliant privacy policy.

We recommend you perform a cookie audit on your site using the free service.