Our Approach
Made with Intent is designed to be privacy-first and fully compliant with major data protection laws, including GDPR and PECR.
We rely solely on first-party browser storage, never on third-party cookies or external identifiers. This mechanism builds short-term behavioural continuity within your own domain, allowing you to understand how a visitor’s intent evolves across pages and sessions without personal identification or cross-site tracking. By contrast, a fully cookie-less or storage-free solution can only capture isolated, single-event actions such as clicks or views. Without any local persistence, it’s technically impossible to connect those actions into meaningful behavioural patterns, which limits your ability to measure evolving intent, run accurate analytics, or optimise user experiences.
Our approach strikes the right balance between capability and compliance enabling you to gain deeper insight into user behaviour while maintaining full transparency and control over consent management.
We are also ISO 27001 certified, and our full Data Processing Agreement (DPA) is available to review here.
First-Party Tracking Only
All tracking and storage mechanisms used by Made with Intent are first-party. This means:
Data is stored within your own domain, not shared across sites.
We act as a data processor on your behalf - you remain the data controller.
We only process data from users who have provided the necessary consent.
Our customers typically configure MWI to load after consent has been given for performance or analytics cookies, in the same way they would for tools like Google Analytics or Hotjar.
This setup is familiar to most retailers and rarely presents friction. When consent is declined, our tracking is automatically disabled, as it would be for any analytical tracking system. As we serve experiences online, too, experiences are naturally disabled; personalisation (serving different experiences) is not able to exist without the acceptance of such tracking.
Flexibility
Our platform gives brands the flexibility to use it even before cookie consent is granted. If you choose to deploy our script outside of cookie acceptance, it will still function as designed because we don’t block data collection at the platform level. However, responsibility for that decision sits with your team, as storing even anonymous event data tied to a browser ID can still require user consent under GDPR when used for analytics, profiling, or personalisation purposes.
What Data Is Stored
MWI does not set any cookies. Instead, it uses localStorage and sessionStorage within the browser. These mechanisms allow MWI to deliver intent-based experiences while maintaining privacy compliance.
LocalStorage
Key | Purpose |
| Arbitrary user identifier for session stitching (could be considered personal data under GDPR) |
| Stores references to matched segments |
| Holds last analytical inference object |
SessionStorage
Key | Purpose |
| Temporarily stores references to active segments |
| Tracks which campaigns have already fired during the session |
While none of this data qualifies as Personally Identifiable Information (PII) on its own, intent.user.id is an arbitrary user identifier. Under GDPR, this may be considered personal data when combined with other data sources.
Despite operating only within consented traffic, we maintain strong model performance and statistically significant coverage. That’s because modern ecommerce brands are incentivised to encourage consent to deliver better on-site experiences. The data we do capture is high quality, and enables everything from real-time in-session activation to post-session analysis and segmentation.
Looking ahead, the 2025 Data Use and Access Act (DUAA) strengthens the position that data collected for legitimate commercial interest, without special category data or third-party identifiers, may not require explicit consent in future. Our approach aligns closely with this direction. We’ve also implemented appropriate safeguards and support legitimate interests as a lawful basis where applicable.