Plugin Support
Owadud
(@owadud655)
Hi,
Thanks for your message.
By default, WowOptin only uses Required / Functional cookies, which are exempt under GDPR and do not require explicit user consent. Because of this, a separate “zero-cookie” mode is not required at this time, and WowOptin does not fall under marketing or tracking cookie categories by default.
There is no additional setting needed to run WowOptin in a GDPR-compliant way for functional use.
Hope that above info helps.
Hi,
Thanks for the reply. I would like to clarify the definition of “Functional” in this context, as there is often a misunderstanding regarding GDPR requirements.
Under EU law (ePrivacy Directive & GDPR), a cookie is only strictly “Necessary” if the service explicitly requested by the user cannot function without it. To illustrate my concern, here is a clear distinction:
1. Strictly Functional: A cookie that maintains a user’s login session or keeps items in a shopping cart.
2. Marketing/Tracking: A cookie that remembers a user has visited a pricing page three times and then triggers a specific discount pop-up based on that behavior.
In the second case, even if the plugin needs that data to work as intended, this is legally considered behavioral tracking/marketing because it profiles the user’s journey to optimize conversions. This requires an explicit Opt-in.
Because of this, it is essential to introduce a “Zero-Cookie” mode.
I understand that if this mode is active (and no consent is given), some advanced features of WowOptin—like frequency capping or behavior-based triggers—might not work. But that is exactly the point:
- Consent Granted: All tracking features and cookies are active.
- Zero-Cookie Mode or (Consent Denied): The plugin should only show generic pop-ups without any tracking, identifiers, or behavioral memory.
I understand that the plugin’s “intelligence” (like frequency capping or behavioral triggers) will not work in Zero-Cookie mode. However, as site owners, we need the ability to let the plugin run in a restricted, cookie-less way for users who do not opt-in.
Thanks
-
This reply was modified 2 months ago by
bendolo.
Plugin Support
Owadud
(@owadud655)
By default, WowOptin only uses non-tracking (functional) cookies. These are required for basic optin behavior. Tracking-related cookies are only used if the site owner explicitly enables tracking features, such as frequency capping, behavior-based triggers, or advanced visitor logic.
At the moment, native integration with consent management plugins (to automatically enable/disable tracking features based on user consent) would require product-level approval and is not yet available.
That said, there is a practical workaround available today:
WowOptin allows you to show or hide an optin based on a cookie value. This means you can configure your consent plugin to set a consent cookie, and then use that cookie condition in WowOptin to:
- Show full, tracking-enabled optins only when consent is granted
Using this approach, you can effectively run WowOptin in a restricted, non-tracking mode for users who have not given consent, while still enabling full functionality for users who have.
Here is the screenshot: https://prnt.sc/1gmlNvR5n4J5
We agree that a native, consent-aware / zero-cookie mode would be valuable, and your feedback has been shared with our product team for consideration.
I checked your documentation but could not find any details about the specific cookies listed below.
Why this is critical for me: In Europe, GDPR compliance is very strict. If I fail to declare a cookie or describe its data accurately, I risk facing heavy fines.
Currently, it creates a significant administrative burden just to use the basic functions of your plugin. Every time a cookie is set, I have to update my privacy policy. Many companies here rely on lawyers to draft these documents to be safe, so having to constantly adjust the policy for new cookies is not only time-consuming but also expensive.
Additionally, for users with less technical expertise, it is extremely difficult to use your plugin in a GDPR-compliant way. Most users do not know how to implement complex workarounds or analyze cookie behavior. Without a simple solution, they are legally exposed.
This is why I strongly believe that a native “Zero-Cookie Mode” would be a massive unique selling point for you. There is a huge market of users specifically looking for marketing tools that work out-of-the-box without triggering complex consent requirements or legal costs.
In the meantime, to avoid legal issues, please provide the technical details for the following cookies:
opnt_visitor_tracked_weeklyoptn_analytics_idoptn_visitor_typeoptn_user_info
For my privacy policy, I specifically need to know the following for EACH cookie:
- Purpose: What exactly does the cookie do?
- Data Stored: Does it store Personal Data (like IP addresses, IDs) or just functional states?
- Storage Duration (Expiration): How long does the cookie remain stored (e.g., Session, 24 hours, 1 year)?
Plugin Support
Owadud
(@owadud655)
Instead of a zero-cookie mode, we have plans to integrate with various consent plugin. The scripts/cookies will not load/set until a user gives consent.
Here you can find details about those cookies here: details
Thanks a ton for the clear breakdown of those cookies! This is super helpful for getting the privacy settings exactly where they need to be.
You should definitely toss this info into the official documentation or the plugin FAQs!
Thanks again for the great support and for being so transparent about how the plugin handles data!
@owadud655
The cookie optn_purchase_tracking seems to be missing from your overview. It should probably be added for those looking to identify all tracking cookies.
Could you also confirm if there are any other cookies that might have been missed, or is this now the complete list for a fully cookie-less setup?
@owadud655
The cookie optn_visitor_type is currently set to expire in 100 years. While I understand the intent is to remember “returning” visitors, this duration conflicts with several core principles of the GDPR:
- Storage Limitation (Art. 5 (1) (e) GDPR): Personal data (and even pseudonymized data like cookies) must be kept in a form which permits identification for no longer than is necessary for the purposes for which they are processed. A 100-year storage period for a simple visitor-type flag is legally unjustifiable and considered “excessive.”
- Data Minimization (Art. 5 (1) (c) GDPR): Processing must be limited to what is necessary. A duration of 1 year is standard for “returning visitor” logic; anything beyond that (especially a century) will be flagged in any professional privacy audit.
The Issue for Users: As a site operator, I have to list every cookie and its expiration in my privacy policy. Listing a “100-year” cookie makes my site look like it’s using intrusive tracking, even though the cookie’s content ("returning") is actually harmless. It’s a “red flag” for automated compliance scanners and legal regulators.
Suggested Fix: Please update the cookie TTL to something reasonable, like 365 days or 730 days (to match your optn_analytics_id). time() + (365 * 24 * 60 * 60)
This small change would make the plugin much more compliant in the EU.
Best regards
Plugin Support
Owadud
(@owadud655)
Hi there,
Thanks for the details. I’ve noted it down in our developer list. ( OPT-138)
Hopefully, our dev team will look into it.
Hello @bendolo ,
Thanks for bringing this to our attention. This issue has been fully resolved in our most recent update!
You can go ahead and update your plugin to the latest version now. Reach out if you have any other questions.
