Tracking, cookies & privacy
A plain-English guide to how website tracking works, what cookies do, what privacy laws require, and how Chykalophia sets up tracking in a compliant way.
Website tracking and privacy are topics that affect every website owner. Regulations like GDPR in Europe and similar laws elsewhere mean that how you collect data from visitors has legal implications. This guide explains the essentials in plain English.
Quick summary
Tracking tools like Google Analytics use cookies to collect anonymous data about website visits. Privacy laws (GDPR, CCPA, etc.) require you to inform visitors about this and, in many regions, get their consent before tracking begins. Chykalophia handles the technical setup, but you are the legal owner of your website's data practices.
What is a cookie?
A cookie is a tiny text file that a website saves in your visitor's browser. Cookies are used for many purposes — keeping people logged in, remembering shopping cart contents, and tracking visits for analytics.
For analytics purposes, cookies typically store an anonymous random ID. When the same visitor returns, the cookie lets GA4 recognise that this is the same browser that visited before — without knowing who that person actually is.
Types of tracking
Not all tracking is the same:
| Type | What it does | Consent required? |
|---|---|---|
| Strictly necessary | Keeps the site functioning (logins, shopping carts) | No |
| Analytics | Tracks visits and behaviour anonymously | Usually yes (EU/UK) |
| Marketing | Tracks for advertising and retargeting | Yes |
| Preferences | Remembers settings like language | Usually yes (EU/UK) |
What privacy laws apply?
The laws vary by region, but the most important ones to know:
GDPR (EU & UK) — The General Data Protection Regulation requires websites to get "informed consent" from EU and UK visitors before placing non-essential cookies. You must tell them what you collect and why.
CCPA (California) — The California Consumer Privacy Act gives California residents the right to know what data is collected and to opt out of its "sale."
ePrivacy Directive — Often called the "Cookie Law." This EU regulation underpins GDPR's cookie consent requirements.
Even if your business is outside the EU, if any of your visitors could be in the EU, the rules apply to you.
This is not legal advice
This article explains the concepts. Your legal obligations depend on your specific business and where your visitors are located. For formal compliance advice, consult a legal professional.
What is "consent" for cookies?
Consent means a visitor knowingly and actively agreed to have non-essential cookies placed on their device. This must be:
- Freely given — they should be able to use the site without accepting
- Informed — they must understand what they are agreeing to
- Specific — they should be able to accept analytics cookies without also accepting marketing cookies
- Easy to withdraw — they should be able to change their mind
A pre-ticked checkbox does not count as valid consent under GDPR.
How we handle this on your site
Chykalophia typically installs a cookie consent banner — a pop-up or bar that appears the first time someone visits your site. It explains what cookies are used, lets visitors accept or decline, and respects their choice.
We configure Google Tag Manager to only fire analytics and marketing tags after a visitor has consented. This means GA4 does not run for visitors who decline cookies.
Read more about the banner itself in our cookie consent guide.
What about privacy-friendly analytics?
Some businesses prefer analytics tools that do not use cookies at all — these collect aggregate data without storing anything in the visitor's browser. We can discuss alternatives if privacy compliance is a priority for your business.
Common questions
Related guides
- Cookie consent & banners explained
- What is Google Analytics (GA4)?
- What is Google Tag Manager?
- Data privacy basics for your business
Need a hand?
Learn more
What is Google Tag Manager?
A plain-English explanation of Google Tag Manager — what it does, why we use it, and how it works behind the scenes to control tracking on your website without touching code.
Cookie consent & banners explained
A plain-English explanation of cookie consent banners — why your website has one, what it does, and what visitors see when they interact with it.