Appearance
Privacy and consent
The widget is GDPR-friendly by design. You choose how aggressively it stores data on the visitor's device, when it activates, and what page context it captures.
Privacy modes
Set privacyMode in window.InviaroSettings. The default is 'balanced'.
| Mode | Storage | When it activates | Use when |
|---|---|---|---|
'strict' | localStorage, deferred | After visitor sends first message or identifies | EU compliance, no-cookie banners required |
'balanced' | localStorage, immediate | On page load | Default for most sites |
'fast' | localStorage, immediate | On page load | Same as balanced, alias kept for clarity |
'none' | Memory only | Never persists | Visitor opted out |
In 'strict' mode, the widget creates no localStorage entries until the visitor takes a deliberate action. Pre-action reads return null. Writes buffer in memory and flush only after activation.
Consent gate
When consent: false is passed in settings, the widget runs in memory-only mode and suppresses page-context capture. Use it as the safe default before consent is recorded:
html
<script>
window.InviaroSettings = {
key: 'wt_...',
origin: 'https://yourdomain.com',
consent: false
};
</script>When the visitor accepts, flip the flag at runtime:
js
Inviaro('consent', true);When they withdraw consent:
js
Inviaro('consent', false);This purges stored session and profile data, then demotes to memory-only mode for the rest of the session.
What gets collected
Every inbound message carries a context block. The block is suppressed when consent: false.
| Field | Purpose | Source |
|---|---|---|
url, path, title | Where the visitor opened chat | location and document.title |
referrer | Where they came from | document.referrer |
utm | Marketing attribution | URL utm_* parameters |
locale | Browser language | navigator.language |
timezone | Visitor's timezone | Intl.DateTimeFormat().resolvedOptions().timeZone |
viewport, screen | Device dimensions | window.inner*, screen.* |
connection | Network class | navigator.connection.effectiveType (where supported) |
Operators see this in the conversation sidebar to help triage. The data lives in your Inviaro workspace and is deleted when the conversation is deleted.
Privacy footer link
Surface your privacy policy in the widget chrome:
html
<script>
window.InviaroSettings = {
key: 'wt_...',
origin: 'https://yourdomain.com',
brand: {
privacyUrl: 'https://yourdomain.com/privacy'
}
};
</script>A "Privacy" link appears next to the footer credit.
Consent management integration
Wire your consent management platform to flip the widget's consent flag when the visitor accepts or declines.
js
// On consent granted:
Inviaro('consent', true);
// On consent withdrawn:
Inviaro('consent', false);Most consent platforms expose an event or callback when the visitor makes a choice. Hook into that event and call the matching method above.
Right to erasure
When a visitor asks to delete their data, your operator can delete the contact record from the Inviaro inbox. The associated conversations and messages are deleted with it. The visitor can also clear their local session at any time:
js
Inviaro('logout');This clears the stored session token and any cached profile.