🍇 Concord

The Skinny

🍇Concord manages your trackers (think Google Analytics, Facebook SDK, etc.) and waits until after the user consents to be tracked before inserting your trackers onto your site. Why does this matter?

The European Court of Justice recently ruled that initializing trackers before obtaining user consent violates the GDPR and can incur penalties.

Companies that embed Facebook’s "Like" button on their websites must seek users’ consent to transfer their personal data to the U.S. social network. “The European court is imposing an enormous responsibility on thousands of website operators – from the small travel blog to the online megastore, as well as the portals of major publishers,” said Bitkom head Bernhard Rohleder. He said the ruling would not only affect websites with an embedded Facebook “Like” button, but all social media plugins, forcing their operators to reach data agreements or face liability for collecting the data of users.

Concord manages your GDPR compliance workflow by by seperating your trackers from your source code. Getting started is easy. In Diagnostic Mode, copy your existing trackers into a Concord configuration to learn what Concord would do.

Concord operates in two phases. Before a user consents, Concord isolates your trackers from your site and adds a Consent Banner to the page.

graph LR; A[Browser] --> |request| B{Concord} style B fill:#BD90B4,stroke:#333,stroke-width:3px B --> |response| A B --> DD(GET yoursite.com) style DD fill:#FFF,stroke:#333,stroke-width:1px DD --> | Show
Consent Banner| B

After a user consents, Concord inserts your trackers onto your site.

graph LR; A[Browser] --> |request| B{Concord} style B fill:#BD90B4,stroke:#333,stroke-width:3px B --> |response| A B --> DD(GET yoursite.com) style DD fill:#FFF,stroke:#333,stroke-width:1px DD --> |Add
Trackers| B

Migrate your trackers to Concord to respect user privacy while achieving compliance peace of mind.

You can install it for free and unlock additional features with the Pro plan.

How to Install

Powered by Cloudflare

Concord is powered by Cloudflare. If you're already using Cloudflare, click here to install Concord.

Cloudflare offers DDoS protection, a global CDN, SSL certificates, and a lot more cool stuff for free. You should probably use it.

Tutorials

Check out this tutorial to see Concord in action.

Configuration

Concord is the most comprehensive GDPR compliance solution available that also happens to be easy to use. You can get the gist of it from the installation page but we'll dig into the full configuration details below below.

Legal Fineprint

We recommend conducting your own research about consent requirements and talking to a lawyer about what's best for your organization. Bear in mind that laws and guidance relating to the online collection of information and use of cookies vary by region and continue to evolve.

Configuration Options

Built-in Banner

The following Built-in Banner options are available:

The Built-in Banner will be used unless you provide a Custom Banner.

The consent message that will be displayed to your users.

Primary Theme Color

The primary theme color controls the borders and button colors.

Secondary Theme Color

The secondary theme color controls the background color.

Opt-in Button Text

Text to display on the opt-in button.

Opt-out Button Text

Text to display on the opt-out button. Leave this blank to hide the button entirely, or set it to X to display an ⓧ-style close button in the top right corner of the banner.

Privacy Policy URL
OPTIONAL

A URL that contains more information about your privacy policy. If not defined, the Learn More link will be hidden.

A URL that contains more information about your cookie policy.

Custom Banner
OPTIONAL

The Custom Banner Theme overrides the Built-in Banner.

The following Custom Banner options are available:

Template

Template to display for your consent banner. This should be a valid HTML template and must contain an HTML element with a concord-agree attribute. Concord uses the concord-agree attribute to add a click handler that activates Concord when the user consents.

Here's a simple example:

<style>
  .consent-link {
    position: absolute;
    bottom: 0;
    color: blanchedalmond;
  }
</style>
<a concord-agree class="consent-link"> Ok, let's go </a>

Advanced Options

The following Advanced Options are available:

Disable Concord
OPTIONAL

Temporarily disable Concord without uninstalling it.

Disable Automatic Tracker Removal
OPTIONAL

Concord attempts to automatically remove any Trackers on Consent Routes before user consent is obtained. Select this to disable it.

Automatic Tracker Removal helps Concord makes your site GDPR compliant. Disabling this will make your site non-compliant unless you have manually removed any user-identifying scripts from your source code.

By default, your Cookie Policy Overview is available on any page by adding a ?cookie-policy-overview query parameter to the URL. Select this to disable your Cookie Policy Overview.

Duration in minutes after a user consents until a user is re-prompted for consent. By default, users are re-prompted to consent once per year.

Include Subdomains
OPTIONAL

When a user consents by default, they are only consenting on the current subdomain. They will be re-prompted if they visit another subdomain on your site. Enable this to include all subdomains when a user consents.

Agreement History
OPTIONAL

Concord uses the last value in the list to set the current user agreement cookie. If your policies change and you require users to consent again, add a unique value to this comma-separated list.

Example

Let's say you need users to re-prompt after Privacy Policy updates, and your Privacy Policy was updated twice. In this case, your Agreement History might look like:

Agreement History: bgfa, qq12

Concord uses a default hash (Zk7QW9DVwAgGXoL0) to assign a user agreement cookie. Your Agreement History updated the hash to bgfa after the first Privacy Policy change and qq12 after the second. Just add a new unique value to your list when it changes again!

Don't delete your old Agreement History values! Keep them in your Agreement History to ensure you are always using unique values for new entries.

The following Consent Configuration options are available:

Before consent, your Consent Banner will appear at this wildcard-compatible URL. After consent, your Trackers will be inserted.

A Consent Route must include your hostname and may include wildcards designated by an asterisk (*) which match any number of characters before or after the required hostname.

Route URL Matches
*yoursite.com* all routes on yoursite.com
*yoursite.com/blog* subdomains and subroutes of yoursite.com/blog including /blog
*yoursite.com/blog/* subdomains and subroutes of yoursite.com/blog excluding /blog

Use wildcard routes to apply a single Consent Configuration to more than one page.

Diagnostic Mode
OPTIONAL

Show what Concord would do if it was running normally on a route by adding diagnostic headers to the response. Use it to safely migrate your trackers to Concord without affecting your site.

Diagnostic Mode is very helpful for setting up Consent Configurations without affecting your site.

Enabling this disables Concord from its normal operation and attaches the following headers to page responses:

  • Concord-Agreed [boolean]: Whether or not the user has consented

  • Concord-Agreement-Version [string]: The active version of your terms of service (see Agreement history)

  • Concord-Matching-Route [string]: the Consent route matching the request

  • Concord-Route-Trackers-Found [number]: the number of scripts that would be inserted

  • Concord-Route-Trackers-Removed [number]: the number of scripts that would be removed before user consent

  • Concord-Agreement-Expiry-Seconds [number]: the number of seconds until a user must re-consent (defaults to 0 meaning never)

Trackers

Trackers are inserted into pages matching your Consent Route after a user consents to being tracked.

Tracker Options
Option Description
Tracker Category Category that best describes your tracker. If defined, Tracker will appear in the corresponding section of your Cookie Policy Overview if its defined. Select None to exclude it from your policy.
Tracker Name Display name of your tracker in your Cookie Policy Overview if Tracker Type is selected.
Tracker Policy Display link to the Tracker's privacy policy in your Cookie Policy Overview if Tracker Type is selected.
Tracker Location Decide between applying the Tracking Code to the head or body of the web page.
Tracker Code Well-formed HTML tracking code to insert after user consent is obtained.

Concord automatically generates a Cookie Policy Overview page for your site based on your Consent Configuration to help users understand more about how you use cookies.

Tracker Categories

Trackers can be optionally tagged with a Tracker Category. If a category is tagged, it will be added to your Cookie Policy Overview page, and the associated tracker will be listed under the category.

Tracking Category Description
Advertising This type of service allows User Data to be utilized for advertising communication purposes displayed in the form of banners and other advertisements on this Application, possibly based on User interests. This does not mean that all Personal Data are used for this purpose. Some of the services listed below may use Cookies to identify Users or they may use the behavioral retargeting technique, i.e. displaying ads tailored to the User’s interests and behavior, including those detected outside this Application. For more information, please check the privacy policies of the relevant services.
Analytics The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior
Commercial affiliation This type of service allows this Application to display advertisements for third-party products or services. Ads can be displayed either as advertising links or as banners using various kinds of graphics. Clicks on the icon or banner posted on the Application are tracked by the third-party services listed below, and are shared with this Application.
Content performance and features testing The services contained in this section allow the Owner to track and analyze the User response concerning web traffic or behavior regarding changes to the structure, text or any other component of this Application.
Displaying content from external platforms This type of services allows you to view content hosted on external platforms directly from the pages of this Application and interact with them. This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Hosting and backend infrastructure This type of service has the purpose of hosting Data and files that enable this Application to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Application. Some of these services work through geographically distributed servers, making it difficult to determine the actual location where the Personal Data are stored.
Infrastructure monitoring This type of service allows this Application to monitor the use and behavior of its components so its performance, operation, maintenance and troubleshooting can be improved. Which Personal Data are processed depends on the characteristics and mode of implementation of these services, whose function is to filter the activities of this Application.
Interaction with external social networks and platforms This type of service allows interaction with social networks or other external platforms directly from the pages of this Application. The interaction and information obtained through this Application are always subject to the User’s privacy settings for each social network. This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it. It is recommended to log out from the respective services in order to make sure that the processed data on this Application isn’t being connected back to the User’s profile.
Interaction with live chat platforms This type of service allows Users to interact with third-party live chat platforms directly from the pages of this Application, for contacting and being contacted by this Application support service. If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service. Moreover, live chat conversations may be logged.
Remarketing and behavioral targeting This type of service allows this Application and its partners to inform, optimize and serve advertising based on past use of this Application by the User. This activity is performed by tracking Usage Data and by using Cookies, information that is transferred to the partners that manage the remarketing and behavioral targeting activity.