Web SDK
Web SDK - Privacy & Consent
GDPR / DMA consent for the FunnelMob Web SDK.
The Web SDK exposes a setConsent API for GDPR / DMA. It is opt-in — if you never call it, the SDK tracks normally.
GDPR / DMA consent
Pass a FunnelMobConsent to record the user's decision. The four fields map directly to Google Consent Mode v2 — the industry-standard signal set every major ad network (Google Ads, Meta CAPI, TikTok Events) consumes for EEA conversions:
import { FunnelMob, type FunnelMobConsent } from '@funnelmob/sdk';
const consent: FunnelMobConsent = {
isUserSubjectToGDPR: true,
hasConsentForDataUsage: true,
hasConsentForAdsPersonalization: false,
hasConsentForAdStorage: true,
};
FunnelMob.shared.setConsent(consent);| Field | Effect on the SDK |
|---|---|
isUserSubjectToGDPR | When false, the per-dimension flags are advisory and the SDK tracks normally. |
hasConsentForDataUsage | When false and isUserSubjectToGDPR === true, the SDK stops dispatching events/sessions/identify and purges its local queue. |
hasConsentForAdsPersonalization | Forwarded to ad networks (Google ad_personalization). Does not gate dispatch. |
hasConsentForAdStorage | Forwarded to ad networks (Google ad_storage). Does not gate dispatch. |
setConsent can be called any time — before or after init(). When called, the SDK schedules a session re-fire so the backend learns the new consent state without waiting for the next page load.
Consent revocation
When the user revokes consent (hasConsentForDataUsage: false with isUserSubjectToGDPR: true):
- New
trackEvent(...)calls are dropped. - Any pending events are purged from local storage.
- Requests already in flight will finish — recalling data already on the wire requires server-side erasure, which is handled by the deletion API.
Persistence is your CMP's job
The Web SDK does not persist consent state itself. Your consent management platform (CMP) / cookie banner should call setConsent on every page load.
This is the industry-standard pattern: the CMP is the single source of truth for what the user agreed to, and the SDK reads from that source on each load rather than caching its own copy that could drift out of sync.
"Wait for everything" pattern (cookie banner / strict consent)
If you need the SDK to do absolutely nothing until the user has accepted a banner, use autoStart: false:
const config = new FunnelMobConfiguration({
apiKey: 'fm_live_abc123',
autoStart: false,
});
FunnelMob.shared.initialize(config);
// after the user accepts your banner:
FunnelMob.shared.setConsent(consent);
FunnelMob.shared.start();With autoStart: false, the SDK wires up internal state but performs no network activity (no session POST, no event flushes, no _fbp cookie write) until you call start(). This is stricter than setConsent alone and is the recommended pattern for hosts that need a pre-init consent gate.
If you also want to manage the _fbp / _fbc Meta cookies yourself instead of letting the SDK auto-write them on start(), pair this with autoCollectBrowserIds: false and supply values via setBrowserIdentifiers(...).