Cookies

This page outlines how GUURU uses cookies and local storage in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the ePrivacy Directive. It is intended to support accurate classification of cookies and to clarify when end-user consent is legally required.

Loading the Script and Displaying the Widget: No Consent Required

The GUURU script and chat button can be loaded and displayed on a website without triggering any cookies or local storage, and without processing personal data. At this stage:

  • No information is stored on or accessed from the user’s device
  • No data is collected, and no communication is initiated with GUURU services
  • The widget remains entirely passive until the user interacts

According to Article 5(3) of the ePrivacy Directive, storing or accessing information on a user’s terminal device requires prior consent, except where the operation is strictly necessary for the provision of a service explicitly requested by the user. As no such operation occurs during initial script load and display, user consent is not required.

This interpretation is confirmed by the European Data Protection Board (EDPB) in its Guidelines 2/2023, which state:

“Scripts or other code that do not result in storing or accessing information on the terminal equipment of the end-user do not fall within the scope of Article 5(3).”

As a result, the GUURU script and button may be safely loaded on all pages, regardless of the user’s cookie consent choices.

Optional Features and Cookie Consent

Under the General Data Protection Regulation (GDPR), cookie consent is required when cookies or similar technologies are used to collect, process, or share personal data, except where the storage is strictly necessary to provide a service explicitly requested by the user.

The GUURU Widget includes a set of optional features that may rely on cookies or local storage. These include:

  • Analytics
  • Chat Conversions
  • Chat Leads
  • Proactive Chat

By default, all optional features are enabled when the Widget is initialized. However, if end users do not consent to non-essential cookies, these features should be disabled to ensure compliance with GDPR Article 6(1)(a) and Article 5(3) of the ePrivacy Directive.

To control which features are active, the widget provides a configuration option called loadFeatures, allowing each feature to be selectively enabled or disabled at runtime.
For a full list of configurable features and usage instructions, see the official documentation here.

Chat Activation and Interaction: Use of Essential Cookies Only

When a user clicks the GUURU chat button, the chat interface is loaded within an iframe. At this point:

  • No cookies or local storage are set
  • No personal data is stored or transmitted

The interface includes a clear message:

“To use this service, you must agree to GUURU’s Terms of Service and Privacy Policy.”

Only when the user submits a message is any storage initiated. This submission is considered a clear affirmative action and signifies the user's acceptance of the terms.

At that point, GUURU sets one essential storage item:

  • chatId – used to preserve the context of the conversation

This identifier is strictly necessary to fulfill the user’s request, specifically, to provide a continuous and functional chat experience. Without it, the system would not be able to associate follow-up responses with the original question.

No tracking, profiling, or non-essential cookies are set at this stage. The use of this essential identifier is compliant with:

  • ePrivacy Directive Article 5(3) – storage that is strictly necessary for a service explicitly requested by the user
  • GDPR Article 6(1)(b) – processing necessary for the performance of a service contract initiated by the data subject

Classification of the Core Chat Functionality

The basic chat function allows users to ask questions and receive advice. To provide this service in a coherent and continuous manner, it is necessary to retain minimal session-related data.

As the service is triggered by the user and relies on minimal technical storage necessary to fulfill the request, it falls under the exemption from consent under Article 5(3) of the ePrivacy Directive.

Accordingly, the core GUURU chat functionality should be classified as an essential service and does not require consent.

What Local Storage or Cookies Are Used and Under What Conditions?

The GUURU Widget supports a set of optional features such as Analytics, Chat Conversions, Leads, and Proactive Chat, which may rely on cookies or local storage to function. These features are not essential to provide the core chat service and are enabled by default, unless explicitly disabled via the loadFeatures configuration option.

Storage associated with these features is only created if the corresponding feature is enabled during widget initialization. If a feature is disabled or not permitted due to the user's consent preferences, no related cookies or local storage items are set.

All values stored in local storage by the GUURU Widget are kept under a single key, guuru-state. This key may hold internal state required to support optional functionality, such as:

  • Maintaining the chat open across multiple pages
  • Preventing repeated display of proactive messages
  • Storing interaction history with auto messages
  • Keeping the current session context during the conversation

The data within guuru-state is used exclusively for functionality requested by the user, is not shared with third parties, and does not involve tracking or profiling.

NameFeature / PurposeStorage TypeDuration
guuruGa_gidAnalytics: Google Analytics trackingFirst-party persistent cookie24 hours
guuruGaAnalytics: Google Analytics trackingFirst-party persistent cookie1 year
guuruGa_ga_<container-id>Analytics: Google Analytics trackingFirst-party persistent cookie1 year
guuru-stateStores internal state for optional features such as proactive chat and session continuity. Includes chat ID, UI preferences, and auto message data.LocalStorage KeyPersistent data

Legal Basis:

  • GDPR Article 6(1)(a) – for consent-based optional features
  • GDPR Article 6(1)(b) – for user-initiated chat
  • ePrivacy Directive Article 5(3) – where applicable
  • Retention: persistent until cleared or expired manually

For implementation details on how to enable or disable these features via configuration, refer to the developer documentation.

Additional Information

For a detailed breakdown of which features rely on which cookies or storage mechanisms, please contact support@guuru.com .

ConversionExamples