Web SDK cookies & data privacy

Information about how the Xtremepush web SDK stores data

The Xtremepush web SDK needs to persist information between different page views and sessions to allow a single device to be identified consistently. This is done by creating a localStorage entry in the browser (named xtremepush.data) which stores information about the device.

During the first page load for a new website user (i.e. when the localStorage entry does not exist), an API request will be sent to the Xtremepush server to register the device.

In the following page loads (i.e. when the localStorage entry is present), an API request will only be sent if some of the website user's information is changed, such as browser language.

Xtremepush may also use some cookies, either in response to one of the above API requests or directly from the JavaScript SDK.

Data storage details

The details below describe how the various storage mechanisms are used by Xtremepush. When using this information to update a user-facing privacy notice, the storage purpose must be amended/supplemented to explain the reason for the usage in the context of the end-user.

For example:

The information collected by this process is used exclusively for the purposes of internal market research and for the optimisation and needs-based design of the website.

or:

Individual usage of the website is used to send optimised, event-based user messaging via email, push notifications, on-site content, social channels and SMS. This allows the most important and relevant information to be sent to users at appropriate times.

MechanismNamePurpose
Xtremepush SDKsdk.jsType: Targeting and analytics.
Duration: Managed by the data controller in relation to loading the Xtremepush SDK.

Primary script to track website usage in relation to a specific device, by using the storage mechanisms described below.
Send information to the Xtremepush application, including device details and unique identifier, user attributes and events to facilitate web push, on-site and inbox communication channels, as implemented by the website integration.
LocalStoragextremepush.dataType: Targeting and analytics.
Duration: Managed by the data controller in relation to loading the Xtremepush SDK.

Store information about the device to persist information between page views and allow a single device to be identified consistently.
Cookie_xpid_[project_number]Type: Targeting and analytics.
Duration: 180 days.

Required for the provision of web push in Safari devices.
Set from SDK API requests, to include the unique device identifier in web push requests. (HttpOnly)
Cookie_xpidType: Targeting and analytics.
Duration: 180 days.

Set and read directly from the JavaScript SDK, only if the SDK cross-domain option is enabled, to identify a device across multiple sub-domains.
Cookie_xpkeyType: Targeting and analytics.
Duration: 180 days.

Set and read directly from the JavaScript SDK, only if the SDK cross-domain option is enabled, to identify a device across multiple sub-domains.