GDPR / DSGVO Guide for Tenants

Last updated: March 19, 2026

This page explains how tenants can configure the AnalyticsCLI SDK in a GDPR/DSGVO-aligned way. It is implementation guidance, not legal advice.

1. Recommended default

Use the SDK default identityTrackingMode: 'consent_gated'. This keeps analytics in a strict identity mode until your product obtains full-tracking consent.

• Before consent: no persistent SDK identity and no identity linkage events
• After consent: enable persistence/linkage via SDK API

2. Practical SDK setup

import { init } from '@analyticscli/sdk';

const analytics = init({
  apiKey: process.env.NEXT_PUBLIC_ANALYTICSCLI_PUBLISHABLE_API_KEY,
  identityTrackingMode: 'consent_gated', // default
});

When your user accepts full tracking:

analytics.setFullTrackingConsent(true);

When your user declines full tracking:

analytics.setFullTrackingConsent(false); // strict analytics can continue

3. identify() and user linking

identify(...) and setUser(...) are only active when full tracking is enabled (either by consent grant, or by explicit always-on configuration).

4. When to use always-on mode

Always-on mode is available, but should only be enabled after your legal review confirms it for your jurisdictions and use case.

const analytics = init({
  apiKey: process.env.NEXT_PUBLIC_ANALYTICSCLI_PUBLISHABLE_API_KEY,
  enableFullTrackingWithoutConsent: true, // same as identityTrackingMode: 'always_on'
});

5. Tenant compliance checklist

• Document your legal basis per tracking purpose
• Document whether end-device storage is used and when
• Implement a clear consent UX where required
• Record and respect user choice changes
• Update your privacy notice and DPA/AVV documentation

6. Additional references

• AnalyticsCLI Privacy Policy
• Vendor and subprocessors list
• GDPR (EU 2016/679)
• Section 25 TDDDG