GDPR / DSGVO Guide for Tenants

Last updated: May 8, 2026

This page explains how tenants can configure the AnalyticsCLI SDK in a GDPR/DSGVO-aligned way. It is implementation guidance, not legal advice.

1. Recommended default

Use identityTrackingMode: 'consent_gated' as the default. This keeps persistent identity and user linking disabled until your product obtains full-tracking consent.

• Before consent: no persistent SDK identity and no identity linkage events
• After consent: enable persistence/linkage via SDK API

2. Consent-first web setup

For EU/EEA/UK website analytics, initialize with event collection disabled until the visitor opts in. This is the safest default when analytics uses local storage, cookies, SDK identifiers, or similar end-device access.

import { init } from '@analyticscli/sdk';

const analytics = init({
  apiKey: process.env.NEXT_PUBLIC_ANALYTICSCLI_PUBLISHABLE_API_KEY,
  identityTrackingMode: 'consent_gated', // default
  initialConsentGranted: false,
  initialFullTrackingConsentGranted: false,
});

When the visitor accepts optional analytics and the consent text covers persistent identity:

analytics.setConsent(true);
analytics.setFullTrackingConsent(true);

When the visitor declines optional analytics:

analytics.setConsent(false);
analytics.setFullTrackingConsent(false);

If your legal basis covers only aggregate event collection and not persistent identity, call setConsent(true) but keep setFullTrackingConsent(false).

Version your own consent text and categories. Re-prompt users when the optional analytics categories, storage behavior, identity behavior, or privacy notice materially changes.

3. identify() and user linking

identify(...) and setUser(...) are only active when full tracking is enabled (either by consent grant, or by explicit always-on configuration).

The managed AnalyticsCLI web collector currently enforces strict web anonymization for platform: 'web': it replaces incoming SDK identifiers with short-lived salted identifiers and drops incoming userId. Treat this as pseudonymous analytics, not as guaranteed anonymous data.

4. When to use always-on mode

Always-on mode is available, but should only be enabled after your legal review confirms it for your jurisdictions and use case.

const analytics = init({
  apiKey: process.env.NEXT_PUBLIC_ANALYTICSCLI_PUBLISHABLE_API_KEY,
  enableFullTrackingWithoutConsent: true, // same as identityTrackingMode: 'always_on'
});

5. Tenant compliance checklist

• Document your legal basis per tracking purpose
• Document whether end-device storage is used and when
• Implement a clear consent UX where required
• Record and respect user choice changes
• Update your privacy notice and DPA/AVV documentation
• Do not send direct personal data, secrets, payment data, or special category data in event properties
• Define retention and deletion handling for analytics events and raw exports

6. Additional references

• AnalyticsCLI Privacy Policy
• Vendor and subprocessors list
• GDPR (EU 2016/679)
• Section 25 TDDDG