All Categories
Compliance Hub
How to Use Face2Face in a GDPR-Compliant Way

How to Use Face2Face in a GDPR-Compliant Way

Guidance for loading scripts, embedding Sparks, and meeting consent requirements.

Last updated: May 23, 2025

This guide explains how to use the Face2Face platform in a way that ensures your company remains GDPR-compliant. It is not a legal document, but an operational checklist for product, marketing, and engineering teams.

1. What Face2Face Does

Face2Face acts as two things:

  • Engagement Tool: Provides embeddable conversion widgets (called "Sparks") — these include custom forms, banners, prompts, dynamic CTAs, and other interactive modules designed to boost engagement and replace or enhance traditional static CTAs.
  • Tracking & Video SDK: Tracks visitor behavior and powers video calling features — these two components are inseparable.

2. Embedding Sparks via iFrames

Face2Face Sparks can be embedded as iFrames into your site to replace forms, CTAs, or demo widgets. These iFrames do not contain any trackers by default and can be embedded directly without cookie consent.

✅ Submitting through an iframe Spark collects user data and sends it to Face2Face — this must be disclosed in your privacy policy.

3. Using the F2F Tracker SDK

To activate video calling, session replay, and interaction tracking features, you must load the Face2Face SDK.

⚠️ SDK must only be loaded after cookie consent is given. Do not hard-code it into your HTML or tag manager without consent or you'll be in breach of GDPR.

How to Load the SDK Compliantly

  • Use your cookie banner solution (e.g. Cookiebot, OneTrust, etc.)
  • Load the F2F script only after consent has been given or at least not declined (opt-out model)

4. What Happens If Consent Is Not Given?

  • iFramed Sparks will still appear and form data will be collected.
  • However, tracking and video features will be disabled ("ghost submission").
  • Calls and co-browsing will not work.
  • F2F-issued Sparks will notify users if they attempt to initiate a call without having opted in via the cookie banner.
  • Custom-built Sparks may not include this UX and must be handled accordingly by the customer.

5. What You Need to Update

To remain GDPR compliant while using Face2Face:

✅ You Must:

  1. Load the Face2Face SDK through a Cookie Consent Manager
  1. Update your privacy policy to include:
      • That Face2Face is used to collect and process form submissions
      • That Face2Face may track user journeys & be used for video calls depending on user consent
  1. Update your internal compliance documentation (ROPA, DPA, retention policies) to reflect Face2Face’s data processing role and types of data collected

For support or further guidance, contact: support@face2face.io

Last updated on May 23, 2025

How to Start Call via URL Parameter (UTM) Adding Face2Face to Your Cookie Consent Banner