To learn which data Kameleoon stores on its backend servers—primarily for analytics and reporting—read the data collection back-end article.
Introduction
Like any web analytics solution, Kameleoon collects data such as URLs visited, browser version, and time spent on your website. As an experimentation and personalization platform, Kameleoon also requires real-time, persistent access to this data to trigger experiments and personalization campaigns with minimal latency.
Because the JavaScript runtime environment resets on each page change, storing this data in memory alone is not possible. Instead, Kameleoon reads and writes data across different web pages (URLs).
Fetching data from a backend server at the start of each page load is one alternative, but this approach has two drawbacks:
- Performance cost: Each page load incurs an extra server call.
- Scalability cost: Frequent server requests degrade performance at scale.
Local storage is a more efficient approach. It lets Kameleoon store data directly in the browser.
Local storage as a data storage mechanism
Kameleoon does not use cookies to store data for two reasons:
- Cookies are not designed to store large amounts of data.
- The browser sends cookies with every HTTP request, including requests for static resources such as images, which increases bandwidth usage and reduces performance.
Instead, Kameleoon uses Local Storage, a standard web technology that most browsers support. It works similarly to cookies but supports much larger storage capacity (typically a few MBs, depending on the browser).
Compared to cookies, Local Storage has the following properties:
- Only JavaScript can write to Local Storage—servers cannot.
- Only JavaScript can read data from Local Storage.
- The browser never sends Local Storage data to remote HTTP servers, which makes it more secure.
However, Local Storage has one key limitation: it is scoped to a single exact subdomain.
Local storage limitations for unified session data
Unlike cookies—where a script on http://www.example.com can create a cookie accessible from buy.example.com—Local Storage is partitioned by subdomain and protocol.
For example, if your e-commerce website is hosted on https://www.randomshop.com but your conversion funnel runs on https://transaction.randomshop.com, Local Storage cannot share data between these two subdomains. This can produce inconsistent experiment variations across the customer journey, affecting both user experience and experiment validity.
Kameleoon provides a mechanism to unify session data across subdomains. For details, see Unify session data across subdomains.
List of collected data
This page covers two categories of data:
- Data collected and stored for all visitors (excluding visitors who opted out).
- Data collected for internal use when Kameleoon users build experiments on the platform.
For data privacy purposes, focus on the first category. The second category applies only to a small number of internal employees.
Kameleoon always stores data in a first-party context, associated with your domain. Kameleoon never stores third-party data on Kameleoon-owned domains.
Data stored for all visitors
Data stored in Local Storage
Local Storage does not have a built-in expiration mechanism. To work around this, Kameleoon emulates lifespan expiration by storing data with two fields:
"value": The stored information."expirationDate": A timestamp that defines when Kameleoon stops using the data.
Example:kameleoonLegalConsent: {"value": {"AB_TESTING": true, "PERSONALIZATION": true},"expirationDate":1545297630228}
| Key | Description | Lifespan |
|---|
kameleoonVisitorCode | Unique Kameleoon visitorCode identifier. | 365 days |
kameleoonData | Visitor and session data (for example, browsing history and session info). Kameleoon stores this data in Local Storage using a simple encoding scheme. The full list of data this key contains appears below. | 365 days |
kameleoonExperiment-${experimentId} | Experiment variation allocation and assigned variation ID (either “Reference”, the variation ID, or “none” if traffic exclusion is configured), and the date Kameleoon assigned the variation. | 30 days (renews on revisit) |
kameleoonPersonalization-${personalizationId} | The personalization variation allocation for this visitor. | 30 days (renews on revisit) |
kameleoonGlobalPersonalizationExposition | The visitor’s global exposition status for all personalizations. A value of "false" prevents this visitor from seeing any personalization. A value of "true" allows exposure when the visitor meets the required targeting conditions. By default, no global traffic exclusion applies. You can configure this value in the project configuration settings. | 365 days |
kameleoonLegalConsent | Legal consent for the use of Kameleoon. The value format is, for example, {"AB_TESTING": true, "PERSONALIZATION": false} or {"PERSONALIZATION": true}. | 365 days |
kameleoonOpenTabs | IDs of open tabs on the same website. | 365 days |
KameleoonProducts_device_id | A unique device ID for the visitor. Kameleoon only stores this key if you have the Product Recommendation add-on. | 365 days |
kameleoonRequestEvents | Failed requests that Kameleoon cannot send when the page reloads immediately. This behavior is specific to Safari. | Deleted once the page reloads. |
The kameleoonData key stores the following data for each visit (on this device only, or all visits if you use cross-device history reconciliation):
- Custom data
- Device type (mobile, tablet, or desktop)
- Operating system
- Browser name and version
- Screen size
- Window size
- Browser time zone
- Browser language
- Original referrer (acquisition channel)
- Number of pages viewed
- Title and URL of pages visited
- Time spent on the website
- Visit start and end time
- Number of open tabs
- Whether an ad blocker is active
- List of conversions (clicks, transactions, and other events)
- List of personalizations and A/B experiments the visitor saw
- Current weather conditions (if the targeting condition is active): temperature, wind, rain, and other conditions
- Sunset time (if a weather targeting condition is active, because some weather criteria require it)
- Weather forecast (if the targeting condition is active): temperature, wind, rain, and other conditions
- Geolocation (if a geolocation or weather targeting condition is active)
- IP address (if the targeting condition is active)
- External segmentation data from a third-party DMP or CRM
- Products seen (if the Product Targeting add-on is enabled)
| Key | Description | Lifespan |
|---|
kameleoonClientData | A local copy of the remote configuration file the SDK fetches. It contains configuration details for live feature flags. | Until removed manually or by browser settings. |
kameleoonConsentData | Legal consent for Feature Experiments obtained from the visitor. | targetingDataCleanupInterval |
kameleoonDataInfo | Technical information for data cleanup and linked visitor sessions. Required for cross-device experimentation. | Until a tracking request succeeds. |
kameleoonForcedExperimentVariation | A specific experiment variation required for custom evaluation of a given feature flag. | targetingDataCleanupInterval |
kameleoonForcedFeatureVariation | Specific feature variations used for simulation of a given feature flag. | Session |
kameleoonTargetingData | Visitor and session data, including browsing history and session details, required for targeting purposes. | targetingDataCleanupInterval |
kameleoonTrackingData | All visitor codes on this browser for tracking requests. | Until a tracking request succeeds. |
kameleoonVariationData | Assigned variations for each feature flag, used to maintain visitor consistency across sessions. | targetingDataCleanupInterval |
The kameleoonTargetingData key stores the following data associated with the visitor:
- Custom data
- Conversion
- Page view
- Unique identifier
- Geolocation data
- User agent
- Browser
- Device
- Cookie
- Kameleoon conversion score (AI Predictive Targeting)
- Operating system
- Application version
- Visits data
- Personalization
Data stored in Session Storage
| Key | Description | Lifespan |
|---|
kameleoonDisabledForVisit | Disables Kameleoon for the current visit. Kameleoon sets this key when you enable the Disable Kameleoon for the entire visit timeout option. | Session duration |
kameleoonAnalyticsTrackingTimes | Optimizes the number of third-party analytics tracking calls Kameleoon makes when you use a web analytics integration. | Session duration |
kameleoonTabId | A unique 8-digit identifier that distinguishes a browser tab and prevents redundant tracking of the same page URL across multiple triggered events. | Session duration |
kameleoonActiveScript | Kameleoon sets this value when the script confirms it is installed on the page. | Session storage value |
Data stored in cookies
Kameleoon uses only one cookie to store a randomly generated visitor identifier. The Kameleoon CDN may also set an optional cookie when it delivers the application file, unless you self-host the application file.If you use the Kameleoon Product Recommendation add-on, Kameleoon stores two additional cookies. You can contact your Customer Success Manager to enable a cookieless option that stores these data points in Local Storage instead.| Key | Description | Lifespan |
|---|
KameleoonProducts_session_code | A unique session identifier. | Session duration |
KameleoonProducts_session_last_act | The timestamp of the last activity. | 1 hour |
| Key | Description | Lifespan |
|---|
_detectRootDomain | Temporary test cookie (value=testRootDomain) that Kameleoon uses to detect the main domain of the site. | Deleted immediately after use. |
kameleoonVisitorCode | The unique Kameleoon visitorCode identifier. | 365 days |
kameleoonReferrer | Temporary cookie for redirect URL experiments. Kameleoon stores the document.referrer value before the redirect occurs. | Deleted immediately after use. |
kameleoonSimulationFFData | Data required to simulate a specific variation of a feature flag. | Session |
Temporary data stored only for Kameleoon internal use
Data stored in cookies
| Key | Description | Lifespan |
|---|
kameleoonSimulationParameters | Kameleoon Simulation Mode uses this cookie to enable simulation across subdomains. Without it, simulation does not work correctly if your site has subdomains. All simulation query parameters must be included in URL-encoded JSON format using JSON.stringify. For example: | |
KEY - kameleoonSimulationParameters, VALUE - {"kameleoon-experiment-id":"266118","kameleoon-simulation":"true","kameleoon-language":"en"} | 1 hour, but deleted immediately when the simulation is closed. | |
Data stored in Local Storage
| Key | Description | Lifespan |
|---|
kameleoonSimulation | Data required for simulation purposes. | 1 hour |
kameleoonSimulationShortURL | The short URL of the simulation. | 1 hour |
kameleoonSimulationVisitorData | All virtual data about the visitor and their visits, used for simulation purposes. | 1 hour |
Data stored in Session Storage
| Key | Description | Lifespan |
|---|
kameleoonFullApplicationCode | The entire Kameleoon codebase, required for simulation. The production application file is size-optimized and does not include all code, so Kameleoon stores the full version here. | 1 hour |
kameleoonVariation-${variationId} | Variation code and data for preview or simulation purposes. | 1 hour |
kameleoonRedirectionURL | The absolute URL of the page when Kameleoon triggers a redirect experiment. Kameleoon stores this to prevent infinite redirect loops. | Removed when the visitor navigates to a different page. |
