Privacy controls change what Datalyr collects or sends. Configure them before production traffic, then test the opted-in and opted-out paths separately.
Browser controls
Open Settings → Identity & Attribution to review:
- Honor Global Privacy Control — enabled by default and suppresses tracking when the browser sends GPC.
- Honor Do Not Track — disabled by default because browser support is legacy; enable it for a stricter posture.
- Strict privacy mode — disables Auto Identify and applies conservative collection.
- Auto Identify — captures email only in supported flows and should be disabled where your policy does not allow it.
Sensitive or health-related workspaces use safer effective defaults. The settings page marks defaults separately from explicit choices.
Conversion redaction
Under Settings → Privacy & redaction, a workspace can enable the health-vertical filter. The resulting redaction policy applies across supported conversion destinations: Meta, TikTok, Google, and OpenAI. The control is unavailable until a supported destination is connected.
Redaction can remove or limit sensitive URL and keyword context before delivery. It is not permission to collect sensitive data in the first place.
See Health and wellness redaction for the exact behavior and verification flow.
Test your posture
- Test normal consent and confirm only expected fields appear in Events.
- Enable GPC in a test browser and confirm tracking is suppressed as intended.
- Test your consent denial path before any optional script loads.
- Log out or switch accounts and confirm identity resets.
- Send a test conversion and inspect the destination payload diagnostics for redaction.
Never send passwords, access tokens, complete payment details, medical details, or other regulated data in URLs, event names, or arbitrary properties. Datalyr settings do not replace legal review or your consent interface.