Consent model
The SDK ships with an opt-out model: tracking is on by default.
| State | pageView / addToCart | contact / checkout* |
|---|---|---|
UNKNOWN (default) | sent | sent |
GRANTED | sent | sent |
DENIED | blocked | blocked |
setConsentDenied() doesn't just toggle a flag. It:
- Clears the persisted anonymous user ID.
- Resets in-memory session state.
- Cancels every in-flight HTTP send that hasn't completed.
- Blocks every subsequent tracking call until
setConsentGranted()is called.
Consent status is written to disk on every state change (Android SharedPreferences, iOS NSUserDefaults) and survives process death and app restarts.
GDPR / EU opt-in jurisdictions
For markets that require opt-in consent:
// At the very top of your app startup, before init()
TriplePixel.setConsentDenied();
TriplePixel.init('your-shop', 'US', 'USD');
// ... show your consent banner
// Only after the user actively accepts
TriplePixel.setConsentGranted();This guarantees no events fire before consent is collected, even on the first cold launch.
Data collected
Each event includes:
- Shop identifier: the
shopNamepassed toinit(). - Anonymous user ID: generated locally, persisted across restarts, regenerated when consent is denied.
- Session ID: in-memory only, recycled on every app cold start.
- Event ID: generated client-side for deduplication.
- Event-specific fields: URL, product details, line items, order ID, etc., depending on the event type.
- Country code and currency from
init().
The SDK does not collect advertising identifiers (IDFA / GAID), precise location, or contact information beyond what your app explicitly passes via contact() or CheckoutOptions.
Network behavior
All HTTP traffic uses TLS. On transient network errors, events retry with exponential backoff, up to 5 attempts before the event is dropped. The SDK never blocks UI work and never throws an exception.