Skip to main content
The Permutive SDK provides consent mechanisms for data controllers to signal user consent status. This page covers how to implement consent handling in your web integration.

Consent Modes

consent() Method

Opt Out

Overview

Permutive operates as a data processor, processing personal data on behalf of publishers who act as data controllers. Publishers are responsible for obtaining user consent and signaling that consent to Permutive.
For complete information about Permutive’s consent mechanisms, see the Consent documentation.
Permutive provides two consent modes that publishers can configure for their deployment. By default, Permutive assumes the data controller has consent to track their users’ data. In this configuration mode, the collection of user data starts from the first time Permutive’s SDK loads without requiring a consent token. 
<script>
  !function(e,o,n,i){/* ... */}(window.permutive,"<WORKSPACE_API_KEY>","<WORKSPACE_ID>",{
    // consentRequired defaults to false
  });
</script>
<script async src="https://<ORGANIZATION_ID>.edge.permutive.app/<WORKSPACE_ID>-web.js"></script>

<script>
  // Tracking starts immediately
  permutive.addon('web', {
    page: { type: 'article' }
  });
</script>
As a data controller, you may need to receive consent from the user before tracking data against them. When consentRequired: true, no user data is collected until the data controller has received consent from the user and passed the user’s consent token to the Permutive SDK. Once the SDK has been granted consent, it will start collecting user data from this moment on. The user can revoke this consent at any point. 
<script>
  !function(e,o,n,i){/* ... */}(window.permutive,"<WORKSPACE_API_KEY>","<WORKSPACE_ID>",{
    consentRequired: true
  });
</script>
<script async src="https://<ORGANIZATION_ID>.edge.permutive.app/<WORKSPACE_ID>-web.js"></script>

<script>
  // SDK is loaded but NOT tracking
  // All events are ignored until consent is granted

  permutive.addon('web', {
    page: { type: 'article' }
  });
</script>
No user data will be tracked by the SDK until it receives a consent token for the user.
With consentRequired: true, events are discarded until consent is granted—they are not queued.
Once you have obtained consent for the user, pass it to Permutive by calling the SDK consent method: 
permutive.consent({ opt_in: true, token: "YOUR_CONSENT_TOKEN_HERE" });
From this point on, the SDK will track user event data—or until the user wishes to opt out.
ParameterTypeDescription
opt_inbooleanWhether user has consented
tokenstringConsent token (required when opt_in: true)
The consent token can have any value. Generally, this is used if an ID gets generated when the user gives consent via a Consent Management Platform to provide some transparency, but the actual value has no meaning to Permutive. As long as opt_in is true and the token is not null, Permutive considers consent to be given. 
// Example: Using a fixed token value
permutive.consent({ opt_in: true, token: "CONSENT_CAPTURED" });

// Example: Using a CMP-generated token
permutive.consent({ opt_in: true, token: cmp.getConsentId() });
Some customers use a fixed value like "CONSENT_CAPTURED" for simplicity. Choose whatever approach works best for your consent management workflow.

Opt Out

You may choose or be required to offer users the option to opt out of tracking. All future tracking is then disabled for the user until the point they opt back in. Whether the SDK is configured in consent-by-default or consent-by-token mode, a user can be opted out by setting the consent opt_in field to false: 
permutive.consent({ opt_in: false });

What Happens on Opt Out

  1. Tracking stops - No new events are sent
  2. State reset - User ID and session cleared
  3. localStorage cleared - Cohorts and identity data removed
  4. Cookies cleared - permutive-id cookie deleted

Opt Back In

Users can opt back in by calling consent() with opt_in: true: 
permutive.consent({ opt_in: true, token: "CONSENT_CAPTURED" });
After opting out and back in, the user receives a new user ID. Their previous behavioral history is not linked to the new profile.

CMP Integration Examples

Generic CMP Pattern

// Check CMP consent status
function handleConsent() {
  if (cmp.hasUserConsented()) {
    permutive.consent({
      opt_in: true,
      token: cmp.getConsentToken() || "CONSENT_CAPTURED"
    });
  } else {
    permutive.consent({ opt_in: false });
  }
}

// Listen for consent changes
cmp.onConsentChange(handleConsent);

OneTrust Example

function OptanonWrapper() {
  // Check if relevant category is consented
  if (OnetrustActiveGroups.includes('C0002')) {
    permutive.consent({
      opt_in: true,
      token: 'onetrust_consent'
    });
  } else {
    permutive.consent({ opt_in: false });
  }
}

Cookiebot Example

window.addEventListener('CookiebotOnAccept', function() {
  if (Cookiebot.consent.statistics) {
    permutive.consent({
      opt_in: true,
      token: 'cookiebot_consent'
    });
  }
});

window.addEventListener('CookiebotOnDecline', function() {
  permutive.consent({ opt_in: false });
});

TCF Registration

For customers who must use a consent management platform that relies on the Global Vendor List (GVL), Permutive is registered on the GVL for IAB Europe’s Transparency & Consent Framework (TCF).
DetailValue
GVL ID361
PurposePurpose 1 (store and/or access information on a device)
TCF Version2.3
As a data processor, Permutive primarily relies on consent obtained by the publisher through the consent mechanisms described above (consent-by-default or consent-by-token). The TCF registration is provided for customers with specific GVL requirements.
Consent status is stored in localStorage and persists across sessions. The SDK automatically respects the stored consent state on subsequent page loads. 
// Consent is stored in localStorage
var consentData = localStorage.getItem('permutive-consent');
if (consentData) {
  var consent = JSON.parse(consentData);
  console.log('Consent status:', consent.opt_in);
}

Troubleshooting

Problem: SDK loaded but no events appearing.Solutions:
  • Verify consent() is called with opt_in: true and a non-null token
  • Enable debug mode (?permutive_debug=true) to see consent status
  • Check localStorage for permutive-consent key

Consent

Platform consent mechanisms

Initialization

SDK initialization options