Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Triple Whale is a marketing attribution and analytics platform for direct to consumer brands that ingests pixel events and post purchase surveys to score paid media performance.
Triple Whale is a marketing attribution and analytics platform widely used by Shopify direct to consumer brands. It combines a JavaScript pixel that captures e commerce events with server side connectors to advertising platforms and a post purchase survey module. Output is a unified dashboard that scores paid media performance against incremental revenue.
Triple Whale sets a first party visitor cookie and a session cookie used to stitch sessions together. The pixel captures page views, add to cart events, checkout steps and purchase events, including order value, currency, items and a hashed customer identifier. Server side ingestion mirrors Shopify customer and order data into the Triple Whale data warehouse.
The cookies and pixel are non essential, so prior consent under article 5(3) of the ePrivacy Directive is required. The merchant is the controller, Triple Whale is a processor for analytics and a joint controller when its data is forwarded to advertising platforms via Conversion APIs. The privacy notice must list both the pixel and the survey, with retention and the destination platforms.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block the Triple Whale pixel in your CMP under analytics or marketing. After consent, load the script and pass hashed identifiers rather than plain emails to the server side ingestion. Show the post purchase survey only after consent is captured and avoid forced overlays. Configure the Conversion API connectors to respect the same consent state.
Triple Whale processes data on US infrastructure. Transfers rely on the EU-US Data Privacy Framework when Triple Whale is certified, otherwise on Standard Contractual Clauses with documented supplementary measures. Operators should request EU residency where available and review the list of sub processors annually.
Sign the Triple Whale data processing addendum, hash personal identifiers before transmission, configure short retention for raw events, gate the Conversion API push behind consent, and audit each connector quarterly to catch any field that has been added without privacy review.
Websites using Triple Whale must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is appropriate when Triple Whale is deployed across high traffic e commerce, when Shopify customer records are mirrored, when the survey results inform customer level segmentation, or when the platform feeds advertising audiences via Conversion APIs.
Sample consent text
We use Triple Whale to measure marketing performance across our website and ad platforms. By accepting, you allow Triple Whale to set cookies, capture your interactions and any post purchase survey response, and transfer this data to its servers in the United States.
Third-party domains contacted
triplewhale.comapp.triplewhale.compixel.triplewhale.comcdn.triplewhale.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| tw_visitor_id | Analytics | 13 months | First party Triple Whale visitor identifier used to stitch sessions and compute attribution. |
| tw_session | Functional | Session | Session cookie used by the Triple Whale pixel to track the current visit. |
| _tw_pixel_state | Analytics | 30 days | Stores the latest pixel state to deduplicate events between client and server side ingestion. |
Triple Whale collects user analytics data — you legally need a consent banner. Try FlowConsent free.
The Triple Whale pixel sets a first party visitor cookie used for cross session attribution and a session cookie. Lifetimes range from session to 13 months for the visitor identifier.
Yes. The pixel and session cookies are non essential and the platform processes hashed but identifiable customer data, so prior opt in consent is required under article 5(3) of the ePrivacy Directive and the GDPR.
Consent for the pixel, the post purchase survey and the Conversion API push to advertising platforms. Legitimate interest can apply to fraud detection or order verification when configured server side without exposing the visitor to third parties.
Yes. Triple Whale is US based and processes data on US infrastructure. Transfers rely on the EU-US Data Privacy Framework when Triple Whale is certified, otherwise on Standard Contractual Clauses with documented supplementary measures.
A DPIA is recommended for high traffic e commerce, when Shopify customer records are mirrored, when survey responses are linked to customer accounts or when the platform feeds advertising audiences via Conversion APIs.
Block the pixel in your CMP, sign the data processing addendum, hash personal identifiers before sending them, gate the Conversion API push behind consent, configure short retention for raw events and review the connector list each quarter.
Comparable marketing attribution and analytics platforms include North Beam, Polar Analytics, Lifesight, Recharm, Wicked Reports, Rockerbox and home grown solutions built on Snowplow plus a data warehouse.
List the visitor and session cookies with their lifetime and purpose, name Triple Whale as a processor, document the US transfer and the destinations of any Conversion API push, and link to the customer dashboard where the visitor can revoke consent.