Skip to main content
Zenovaydocs
8 min read

Consent & Privacy Metrics

The Consent tab shows how your own cookie-consent banner is performing and how the visitor data behind your analytics was collected. It has three parts:

  1. Consent rate over time — accept / reject / dismiss, by day.
  2. Identified vs. anonymized split — how many consenting visits could be tied to a known person versus stayed anonymous.
  3. Data-provenance / collection audit — a chronological list of consent decisions with the legal basis Zenovay inferred for each.

You'll find it under the Consent tab in any per-domain dashboard.

Consent & Privacy Metrics is a Pro, Scale, and Enterprise feature. On the Free plan the tab is visible but shows an upgrade prompt instead of data.

The honest framing (read this first)

This is the most important section on the page.

Zenovay itself is cookieless and does not run your consent banner. These metrics describe your banner, and Zenovay can only measure what you explicitly tell it.

Concretely:

  • Zenovay's tracker sets no cookies and writes nothing to localStorage. That does not change. Adding this feature does not make Zenovay set a consent cookie.
  • Zenovay does not auto-detect that a visitor accepted or rejected your banner. There is no magic. You must call one line of code from your banner when it resolves (below).
  • If you don't instrument your banner, the Consent tab will be empty. That's expected — it measures only what you instrument, nothing more.
  • The provenance audit reflects the consent events you sent plus the request signals Zenovay already sees (such as Global Privacy Control). It is not a guarantee that every data point in your account has a perfectly reconstructed legal basis — treat it as a best-effort, directional audit aid, not a compliance certificate.

This page documents a measurement surface for a banner you own and operate. Your cookie banner, your consent records, and your privacy policy remain your responsibility.

Instrumenting your banner

When your own cookie-consent banner resolves (the visitor clicks Accept, Reject, or dismisses it), call the existing Zenovay tracking function:

<script>
  // Call this when your own cookie-consent banner resolves:
  window.zenovay && window.zenovay('track', 'consent', {
    action: 'accept'        // 'accept' | 'reject' | 'dismiss'
    // categories: ['analytics','marketing']  // optional
  });
</script>

That's the whole integration. Notes:

  • action is required and must be one of accept, reject, or dismiss. Use dismiss when the visitor closed the banner without making a choice (e.g. the "X" button or an outside click).
  • categories is optional — pass the consent categories the visitor agreed to (for example ['analytics','marketing']) if your banner is category-based. Omit it for a simple accept/reject banner.
  • This uses the same window.zenovay('track', name, props) convention you already use for custom events. There is no new script, no new endpoint, and no tracker change. If the Zenovay tracker is loaded, the call is recorded; if it isn't, the window.zenovay && guard makes the line a safe no-op.
  • Call it once per decision. Calling it again when the visitor later changes their preference records a new, separate decision (which is correct — preference changes are part of the timeline).

Because this rides the normal tracking pipeline, Global Privacy Control is still honoured: a visitor sending Sec-GPC: 1 is excluded from behavioural processing exactly as everywhere else in Zenovay.

Prerequisite

The Zenovay tracking script must already be installed and loading on the site. Without it these calls are a safe no-op and the Consent tab stays empty.

Vanilla banner: map every outcome to the correct action

The snippet above hard-codes action: 'accept'. Copy-pasted literally it records accept for every outcome, including rejections. Wire a tiny helper and call it with the matching action from each button instead:

<script>
  function zvConsent(action) {
    window.zenovay && window.zenovay('track', 'consent', { action: action });
  }
  // Wire each outcome to the matching action:
  acceptBtn.addEventListener('click', () => zvConsent('accept'));
  rejectBtn.addEventListener('click', () => zvConsent('reject'));
  closeBtn .addEventListener('click', () => zvConsent('dismiss')); // X / outside-click / Esc
</script>

Replace acceptBtn / rejectBtn / closeBtn with your banner's actual elements. The point is that each path sends its own action — never a single hard-coded value.

Using a consent platform (CMP)

If you use a consent management platform instead of hand-rolled buttons, fire the call from its "consent ready / changed" callback. Cookiebot is the most common, so fire on the first consent and on every later change:

<script>
  // Cookiebot — fire on first consent and on every change
  window.addEventListener('CookiebotOnConsentReady', function () {
    var c = window.Cookiebot && window.Cookiebot.consent;
    var action = (c && (c.marketing || c.statistics)) ? 'accept' : 'reject';
    window.zenovay && window.zenovay('track', 'consent', { action: action });
  });
</script>

For OneTrust, Osano, Termly and similar platforms, make the same window.zenovay('track', 'consent', { action }) call inside that platform's "consent given/changed" callback.

Verify it works

After wiring, open your browser's DevTools → Network, trigger the banner, and confirm a request to the Zenovay endpoint fires on Accept, Reject, and Dismiss. The Consent tab fills within a minute.

What each section shows

Consent rate over time

A time-series of consent decisions for the selected period, broken down by action:

  • Accept — visitors who agreed.
  • Reject — visitors who explicitly declined.
  • Dismiss — visitors who closed the banner without choosing.

Shown as counts and as a rate (accept rate, reject rate, dismiss rate). Use it to spot the effect of a banner copy change, a layout change, or a new regulation rollout.

Identified vs. anonymized

Of the visitors who interacted with your banner, this splits how many were identified (you had previously called the visitor-identification API for them, so the decision is tied to a known person) versus anonymized (no stable identity — the cookieless default). This helps you understand the makeup of your consenting audience without exposing any individual.

The split is aggregate. The dashboard never shows a single visitor's identity on this tab.

Data-provenance / collection audit

A reverse-chronological list of consent decisions. Each row shows:

  • Time of the decision
  • Action (accept / reject / dismiss)
  • Visitor type — identified or anonymized
  • Collection basis — the legal basis Zenovay inferred for that interaction:
    • with_consent — the visitor accepted
    • without_consent — the visitor rejected or dismissed
    • anonymized — no stable identity; treated as anonymous collection
    • gpc_opt_out — the request carried Global Privacy Control, so behavioural processing was suppressed
  • Country — a coarse country derived from the request (country-level only)

The audit never shows or returns a raw IP address. IPs used for the daily-rotating, hashed visitor identifier are hashed with a per-day salt and are never stored or surfaced in plaintext — this is unchanged from the rest of Zenovay.

The collection basis is inferred from the event you sent and the request signals Zenovay already sees. It's a best-effort reconstruction to help you audit your own banner, not a legal determination. Your DPA, privacy policy, and consent records remain authoritative.

Privacy & compliance

  • No new cookies, no new storage. This feature adds nothing to the visitor's device. Zenovay's cookieless guarantee is unchanged.
  • GPC is honoured. A visitor sending Sec-GPC: 1 is excluded from behavioural processing; their interaction is recorded with the gpc_opt_out basis so you can audit your own honoring behaviour.
  • IPs are never stored in plaintext. The provenance audit shows country only; any IP used internally is hashed with a daily-rotating salt.
  • Aggregate by design. The rate and split views are counts and percentages only.
  • You instrument it. Zenovay measures the consent events you send. It does not infer consent on its own, and the audit is a directional aid, not a certification.

Zenovay is designed for GDPR readiness and runs on SOC 2-certified infrastructure providers, but operating a lawful consent banner for your site — wording, granularity, storing your own consent records, honouring withdrawals — remains your responsibility. See the related reading below.

Limitations

  • If you don't call zenovay('track', 'consent', …) from your banner, there is no data — the tab shows an empty state with this snippet.
  • A visitor who never sees or interacts with your banner produces no consent row (this is correct, but it means consent counts are typically lower than total visit counts).
  • The identified/anonymized split depends on you having called the visitor-identification API; without it, everyone is "anonymized".
  • GPC-protected visitors are intentionally excluded from behavioural processing, so totals here can be lower than session totals elsewhere in the dashboard.
  • Collection basis is inferred, not declared by the visitor — treat it as directional.

See also

Was this page helpful?