Personyze stores a small number of cookies and localStorage entries to maintain visitor identity, track sessions, and enforce campaign frequency rules across visits. This article documents what each entry stores, how long it persists, and how to control retention for privacy/GDPR purposes.
Where data is stored
Personyze writes to two scopes:
- Your second-level domain (SLD) — most cookies sit here, set by the Personyze JavaScript loaded into your site. They’re first-party to you.
- The Personyze.com domain — only the personal-identifier cookies live here, used to maintain identity continuity across multiple Personyze customer sites a visitor might browse. These are third-party to your site.
Cookies and localStorage entries
| Name | Purpose | Lifetime |
|---|---|---|
stat_track_u_id |
Personyze user ID — primary visitor identifier across sessions | No expiration by default (can be capped) |
_stat_track_s_id |
Personyze session ID — bounds a single browsing session | Expires when the session ends (typically 30 min of inactivity) |
stat_track_actions |
Records action-level state — “don’t show this campaign again,” frequency caps, dismissal tracking | Up to 1,000 sessions, depending on per-campaign settings |
stat_track_sessions |
Stores start times of the visitor’s last N sessions, for recency-based targeting | Tied to the user ID retention window |
GDPR / privacy controls
Personyze provides several controls to help with GDPR, CCPA, and other privacy regimes:
- Maximum cookie lifetime cap. In your account settings, you can globally limit all Personyze cookies to a maximum of 365 days. EU privacy guidelines typically require this kind of cap for non-essential tracking. With the cap on, even the persistent
stat_track_u_idrolls over after 365 days. - Opt-out controls. Visitors can be opted out of tracking entirely via the JavaScript API — see GDPR Compliance & Opt-Out. When opted out, no cookies are written and existing ones are honored as read-only.
- Cookie consent integration. Most cookie consent platforms (OneTrust, Cookiebot, etc.) can be wired up to gate Personyze tracking behind explicit opt-in.
- Data deletion on request. Personyze’s admin includes tools to wipe a specific visitor’s profile and tracking history on request, supporting GDPR Article 17 (right to erasure).
Third-party cookie deprecation
The personal-identifier cookies on the Personyze.com domain are third-party to your site. As browsers continue to phase out third-party cookies, Personyze relies primarily on the first-party cookies on your SLD for core functionality — identity continuity within your domain remains intact regardless of third-party cookie status. Cross-site identity continuity (the same visitor browsing multiple Personyze customer sites) is what’s affected by third-party cookie restrictions, not your own personalization.
How to inspect what’s stored
In your browser’s dev tools:
- Application → Cookies: filter by your domain and look for
stat_track_*entries. - Application → Local Storage: same filter applies.
This is also a useful debugging step when investigating personalization issues — if cookies are missing or have unexpected values, the symptoms (visitor not recognized, campaigns not firing) become clear.