Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
iGoDigital is the predictive personalisation engine acquired by Salesforce in 2012 and now part of Salesforce Marketing Cloud Personalization (formerly Interaction Studio and Evergage). It tracks browsing behaviour, builds 1:1 profiles and powers product recommendations, content personalisation and journey orchestration. Tracking relies on a client side JavaScript beacon, first party cookies and local storage. Data is hosted on Salesforce US infrastructure with optional EU residency, so Schrems II considerations apply.
iGoDigital launched as an independent predictive personalisation startup and was acquired by Salesforce in 2012. Its technology was first rebranded as Salesforce Predictive Intelligence, then merged with the Evergage acquisition into Interaction Studio, and now ships as Salesforce Marketing Cloud Personalization within the Salesforce Customer 360 portfolio. The product captures real time behavioural events from websites and mobile apps, builds unified 1:1 customer profiles, runs Einstein machine learning models for recommendations and orchestrates personalised journeys across email, web and mobile channels.
The personalisation beacon collects pageviews, clicks, scroll depth, search queries, product views, cart adds, purchases, custom events and form submissions. It writes first party cookies such as evgUserUid, evgSessionToken and a persistent visitor identifier, and stores extended profile data in local storage. When a user logs in or fills a form, the beacon stitches the anonymous visit to a known customer record. Behavioural events are sent to Salesforce datasets and fed into Einstein models that generate recommendation scores, affinity tags and segment memberships.
Loading the iGoDigital beacon writes identifiers on the visitor device, triggering Art. 5(3) ePrivacy, and runs systematic behavioural monitoring that qualifies as profiling under Art. 4(4) GDPR. National regulators have repeatedly held that such cross site, cross session behavioural tracking always requires prior, freely given, specific, informed and unambiguous consent. Because profiles can be used to take decisions about individuals (offer eligibility, journey branching, content shown), Art. 22 GDPR safeguards may also apply, even where humans review the outputs.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
The only realistic lawful basis for iGoDigital tracking is Art. 6(1)(a) GDPR consent, paired with Art. 5(3) ePrivacy. Legitimate interest is generally not available because of the intrusive nature of behavioural profiling and the EDPB Guidelines 8/2020 on social media targeting. The consent must be granular (separate from analytics, ads and necessary cookies), revocable through a preference centre and signalled to the beacon so that it does not collect events before opt in. Operators must also map the special category data risk where profiles touch health, religion, sexuality or political content.
Salesforce Marketing Cloud Personalization runs on the Salesforce Hyperforce platform with regional pods. Default deployments terminate in the United States, but EU customers can request Frankfurt or Paris residency for the primary pod. Even with EU residency, certain global services (Einstein training, support tooling, telemetry) may still touch US infrastructure. Salesforce is certified under the EU US Data Privacy Framework and offers Standard Contractual Clauses (SCC Module Two) with supplementary technical and organisational measures. A documented Schrems II Transfer Impact Assessment is mandatory.
Gate the iGoDigital beacon behind a CMP and only fire it after opt in, using the Salesforce JavaScript SDK consent APIs. Choose the EU pod where supported, sign the Salesforce DPA and SCCs, run the Schrems II Transfer Impact Assessment and document supplementary measures (encryption in transit, pseudonymised visitor IDs, restricted Einstein training). Publish a clear cookie and privacy notice that names Salesforce as joint controller or processor as relevant, expose a Do Not Sell or Share equivalent control, and review the segment catalogue to avoid inferring Art. 9 special category data without explicit consent.
Websites using iGoDigital must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is required because iGoDigital, as Marketing Cloud Personalization, performs systematic monitoring of website behaviour and large scale profiling of customers, both Art. 35(3) GDPR triggers. The assessment should describe the events captured (pageviews, clicks, search, cart, purchase, custom), the identity stitching that links anonymous visits to known customers, retention of profile data, the Schrems II Transfer Impact Assessment for US Hyperforce, the choice between US and EU pods, and the lawful basis for Einstein machine learning models trained on customer data. Special attention is needed if profiles are enriched with consent driven categories such as wellness, finances or political content.
Sample consent text
With your consent, we use Salesforce Marketing Cloud Personalization (iGoDigital) to recognise your device, build a profile of your interests and personalise the content, recommendations and offers you see. Some processing takes place on Salesforce servers in the United States under the EU US Data Privacy Framework and Standard Contractual Clauses. You can accept, refuse or change your choices at any time from the cookie preferences page.
Third-party domains contacted
cdn.evgnet.comevergage.comigodigital.compersonalization.salesforcecloud.commc.salesforce.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| evgUserUid | Persistent | 2 years | First party persistent visitor identifier used by Salesforce Marketing Cloud Personalization (iGoDigital) to recognise the device across sessions and pages and to build the unified personalisation profile. Requires prior consent. |
| evgSessionToken | Session | Session | First party session token used to attach behavioural events to the current visit before they are sent to the Salesforce backend. Requires consent because it is tied to behavioural profiling. |
| evergage_local | Local Storage | 2 years | Local storage entry that caches the visitor profile, campaign exposure and recommendation responses to support fast personalisation rendering. Triggers Art. 5(3) ePrivacy. |
| sfmc_id | Persistent | 13 months | Persistent identifier propagated between Marketing Cloud Personalization and other Salesforce Marketing Cloud channels (email, mobile push) for cross channel personalisation. Requires consent. |
iGoDigital uses cookies for user preferences — inform visitors with a consent banner.
The personalisation beacon collects pageviews, clicks, scroll depth, search queries, product views, cart actions, purchases, custom events and form submissions. It writes first party cookies (evgUserUid, evgSessionToken, a session id) and uses local storage to keep extended profile data. When a visitor authenticates or submits identifying information, the beacon stitches the anonymous device profile to a known customer record stored in the Salesforce Data Cloud. Einstein models then enrich the profile with affinity scores, segment memberships and recommendation rankings used to personalise content.
Yes. Loading the beacon stores identifiers on the device, which triggers Art. 5(3) ePrivacy, and the systematic behavioural monitoring qualifies as profiling under Art. 4(4) GDPR. EDPB Guidelines 8/2020 on targeting of social media users and consistent CNIL, AEPD and garante guidance require prior, freely given, specific, informed and unambiguous consent. The beacon must be loaded only after explicit opt in, with a reject all button as visible as accept all, and the Salesforce consent API used to suppress event capture before consent.
The lawful basis is consent under Art. 6(1)(a) GDPR combined with Art. 5(3) ePrivacy for the device storage. Legitimate interest is generally not available given the intrusive nature of cross site behavioural profiling. Where profiles infer Art. 9 special category data such as health condition, religion or political opinion, explicit consent under Art. 9(2)(a) is required. If iGoDigital outputs feed automated decisions with legal or similarly significant effects, Art. 22 GDPR safeguards (information, human review, contestation) must also be put in place.
Yes by default. Salesforce Marketing Cloud Personalization runs on the Salesforce Hyperforce platform with regional pods, but the default pod for many customers terminates in the United States. EU customers can request an EU Hyperforce pod (Frankfurt or Paris) at provisioning time, although certain global services such as Einstein training and support tooling may still touch US infrastructure. Salesforce is certified under the EU US Data Privacy Framework and offers Standard Contractual Clauses (Module Two), with technical and organisational supplementary measures. A Schrems II Transfer Impact Assessment is required.
Yes. The processing combines systematic monitoring, profiling and large scale processing of personal data, which together meet at least three of the EDPB DPIA criteria. The DPIA should describe the events captured, the identity stitching logic, retention of profile data, the Einstein training scope, the transfer mechanism and the Schrems II Transfer Impact Assessment, the lawful basis and Art. 22 risk, the option of EU Hyperforce, and the residual risks accepted. It should also document how DSAR, deletion and consent withdrawal propagate to all Salesforce datasets.
Choose an EU Hyperforce pod where possible. Implement the Salesforce SDK in consent gated mode so that no events fire before opt in. Use the CMP to control accept, reject and granular preferences, and synchronise consent state to Salesforce so opt outs propagate to email and journey channels. Sign the Salesforce DPA, SCC Module Two, run a Schrems II Transfer Impact Assessment and document supplementary measures (transport encryption, pseudonymous visitor IDs, restricted Einstein training). Surface a clear preference centre and respect Do Not Sell or Share signals where applicable.
EU residency alternatives include Dynamic Yield (Mastercard, EU pod), Algolia Personalization (Paris and Frankfurt regions), AB Tasty (France), Kameleoon (France), Optimizely Personalization (EU region) and Bloomreach (EU data centres). For privacy first personalisation, open source options like NextRoll OneTrust integration with self hosted recommenders on Matomo or n8n can keep data in the EEA. Each alternative still requires consent and a CMP, but they remove or reduce the US transfer exposure typical of a default Hyperforce US deployment.
Review the iGoDigital privacy notice, cookie inventory and segment catalogue at least every six months and whenever you add new event types, change Einstein training scope, switch pod region, modify retention settings or change sub processors. Re prompt visitors for consent when new categories of processing emerge, such as cross device stitching or new third party enrichment. Audit segment definitions to make sure they do not implicitly infer Art. 9 data, and check that DSAR responses cover both the Marketing Cloud Personalization profile and the linked Data Cloud unified record.