written by
Yves Delongie

Feature Friday: The GDPR-Compliant Tracking URL

Feature Highlights 3 min read

The primary goal of using journy.io is to connect websites, to gather customer data and events, [next to also eventually connecting web platforms and mobile apps]. To connect a website, the basic principle is that a snippet (a small JavaScript code) would be installed on each webpage where monitoring is required. That snippet will basically place a cookie for the website domain, upon GDPR-consent!

But what about the pages you do not control? What if you send an email with a link to a YouTube video, and you want to monitor specific interaction to that video? You can’t simply place a snippet, nor a cookie, since you do not own YouTube!
(If you do, please call us, and we’ll happily show you how to place your own snippet 😏)

Another important aspect, is the GDPR/CCPA/Privacy-compliance. If you send that email, and someone clicks that YouTube video link, would you be entitled to store that action associated to that specific email?

P.S. Above only applies to connecting a website. It does not apply to connecting your web- and mobile platforms through our SDKs/APIs (see API reference guide)

Connecting a website to journy.io

When you connect a website (www.example.com) you will be asked to create a specific tracking URL by adding a CNAME record to your DNS. This could look like:
go.example.com CNAME analyze.journy.io TTL=600
This tracking URL will primarily serve to construct the snippet to be placed on your web pages, by which every access to those web pages would reference that tracking URL to send tracking info and events to journy.io.

Adding a website in journy.io

Yet, there’s a secondary use to the tracking URL (go.example.com): just as you would do with a URL shortener (such as bitly, tinyURL, rebrandly,...) you can now use it to reroute web navigation to certain destination, while having journy.io record the link interaction for analytics purposes. In our example, you could have:
https://go.example.com/watch?v=mT-S5WLUA4c&jtm_domain=www.youtube.com
to link to our teaser video https://www.youtube.com/watch?v=mT-S5WLUA4c while tracking page view access in journy.io.

Here’s actually a real demo, based on journy.io’s own tracking URL:
https://jtm.journy.io/watch?v=mT-S5WLUA4c&jtm_domain=www.youtube.com

Tracking URL query (utm/jtm) parameters

The last example highlighted the use of the URL query parameter jtm_domain. Here’s a list of different parameters that can be used:

jtm_domain: the domain which will replace the tracking URI (go.example.com) when rerouting. If no jtm_domain is provided, rerouting will happen towards the www domain (www.example.com). Example:
https://go.example.com/watch?v=mT-S5WLUA4c&jtm_domain=www.youtube.com

jtm_event: the event that needs to be registered in journy.io, while rerouting navigation. Example:
https://go.example.com/confirmation-page/?jtm_event=form_submitted

utm_source, utm_medium, utm_campaign, utm_content, utm_term: These are the normal Urchin Tracking Module (UTM) parameters, as introduced by google in 2005: see https://en.wikipedia.org/wiki/UTM_parameters. Example:
https://go.example.com/confirmation-page/?utm_campaign=teaser-video

<variable identification parameter>: When connecting a website, we also allow users to define an own-chosen named (for-security-reasons) parameter by which you can identify a visitor. Example (from above screenshot, with parameter email_id):
https://go.example.com/confirmation-page/?email_id=john.doe@mail.com

The GDPR/CCPA fine-prints

So what about the privacy of users clicking on journy.io’s tracking URL to an external source? The way we look at privacy, in accordance of what our legal support believes GDPR/CCPA to state, our point of view is that if a user with certain email did not previously explicitly consent, we believe you are not entitled to store any action, associated to that email.

And so, journy.io does not store the action, nor does it internally create any new user with URL-provided email address!

To be fully transparent:

  • If a user comes to a website and approves the privacy settings, thus allowing journy.io to place a cookie and record interactions, to then later click on a tracking URL, the clicking action and context will be recorded.
  • If a user does not agree, or simply never interacted with your brand before, and thus, his/her first interaction is through the tracking URL, the actions will not be recorded and no new user will be created. In fact, in that case, journy.io never stores any email address, nor any other PII, ... nothing gets recorded!