The Identity Bridge is how DATALYR captures the signals that tie a conversion back to the ad that drove it — email, Shopify cart attributes, click IDs — and it’s controlled entirely from the dashboard. You flip a toggle in Settings → Identity & Attribution; the change reaches the SDK on your site within about 5 minutes. No code, no re-deploy, no snippet edits. This matters most for server-side attribution: a purchase that fires from a Shopify webhook, a Stripe charge, or a mobile-app install has no ad cookie of its own. The Bridge captures a durable key (email or a cart-stamped visitor ID) on the web visit, so the later server-side conversion stitches back to the original click.Documentation Index
Fetch the complete documentation index at: https://docs.datalyr.com/llms.txt
Use this file to discover all available pages before exploring further.
Where to find it
In the dashboard: Settings → Identity & Attribution. Every control below lives there. Changes apply to whichever workspace you’re in and propagate to the live SDK in ~5 minutes (the config is cached at the edge for that long).You don’t need the latest snippet for any of this. The script tag stays the minimal
<script src="https://track.datalyr.com/dl.js" data-workspace-id="..."> — the Bridge config is delivered to the SDK at runtime.Controls
Auto Identify
Automatically captures the email a visitor enters (form submits, opt-ins, and — on Shopify — the logged-in customer) and links it to their visitor ID. That email is the deterministic match key: when a purchase or signup later arrives server-side with the same email, DATALYR attributes it to the original ad click.- Default: on for standard workspaces, off for sensitive/health verticals (see below).
- Captures from form submits by default. Same-origin XHR/fetch capture is a separate opt-in (
autoIdentifyAPI, off by default) because scanning response bodies can mis-identify on pages like admin views. - There is no client-side redaction — the captured email is stored in the browser. For health/regulated verticals, only enable it with consent.
Shopify cart attribution
Stamps the visitor ID and Meta click signals (_fbc, _fbp, _fbclid) into the Shopify cart’s note_attributes. When the order webhook fires server-side, those attributes ride along on the order — so a guest checkout with no email and no browser pixel still attributes to the ad.
- Default: off, but auto-enabled when the snippet is installed with
data-platform="shopify"(unless you explicitly turn it off). - This is the path that makes Shop Pay and ad-blocked checkouts attributable, because it doesn’t depend on a pixel firing on the locked checkout page.
- QA on a real store before relying on it.
The order webhook is the source of truth for the Shopify purchase and its revenue. The browser/Web Pixel side only needs to capture identity — see Shopify integration.
Privacy controls
These are explicit and merchant-owned — you decide the posture.- Honor Global Privacy Control — respects the browser’s GPC signal and suppresses tracking for visitors who opted out. On by default.
- Honor Do Not Track — respects the legacy DNT header. Off by default (most browsers deprecated it); enable for a stricter posture.
- Strict privacy mode — the most conservative collection: forces Auto Identify off regardless of other settings. Recommended for regulated verticals and EU-heavy traffic.
CheckoutChamp bridge
For funnels that span your storefront and a CheckoutChamp checkout on a different domain. List your CheckoutChamp domains (one per line) and the SDK forwards the visitor + click signals on outbound links to those domains, so the conversion attributes across the domain boundary.On the CheckoutChamp funnel pages themselves, install the snippet with
data-platform="checkoutchamp". That part is set at install time, not in the dashboard — the CheckoutChamp behaviors run before the dashboard config arrives. See CheckoutChamp integration.Sensitive & health verticals
If your workspace is flagged as a sensitive/health vertical (or has Sensitive Category Redaction enabled), Auto Identify and Shopify cart attribution default to off. You can still opt in — the dashboard shows a warning when you do, because there’s no client-side redaction of the captured identity. Enable only with consent. This is a deliberate “warn-but-allow” design: you’re allowed to collect identity for matching, but the platform won’t silently turn it on for a vertical where that could be a compliance problem.How settings win: precedence
The SDK resolves each setting in this order, lowest to highest priority:- Built-in default (e.g. Auto Identify off, Honor GPC on)
- Dashboard (what you set in Settings → Identity & Attribution)
- Explicit
init()code in the snippet
datalyr.init({ autoIdentify: false }) always wins over the dashboard toggle — useful as a per-environment override, and it means the dashboard can’t surprise a team that manages config in code.
How it works under the hood
The SDK fetches it
On load, the SDK already fetches
/container-scripts for your tags and pixels. That response now also carries a config envelope with your Identity & Attribution settings.Requirements
- The hosted script tag (
https://track.datalyr.com/dl.js) picks this up automatically. - If you install the npm package, use
@datalyr/web1.7.0+ for remote config support. - The mobile SDKs identify by email via
identify()— see App Campaigns for the web→app match.
Related
App Campaigns
Web→app install attribution — email capture is the deterministic match key.
Shopify
Cart attribution + the order webhook as source of truth.
Sensitive Category Redaction
Why identity capture defaults off for health verticals.
Web SDK
The explicit
init() options behind every toggle.