Is AB Split Test CAN-SPAM/CASL/GDPR compliant?
We are not lawyers, this is not legal advice.
Please consult with a lawyer in your local area to confirm compliance in your region.
Short answer: Yes, we designed AB Split Test with privacy at the centre. All data stays on your own server, nothing is sent to external services, and the plugin works automatically with all major cookie consent platforms.
What data AB Split Test collects
AB Split Test does not collect personally identifiable information. We do not collect or store IP addresses, MAC addresses, user agent strings, or any data that could be used to identify an individual visitor.
For core split testing, we use first party statistical cookies only. These are set and managed entirely on your own domain. They are not used for profiling, advertising, or cross-site tracking.
Under GDPR, these fall into the statistics cookie category. As defined by the EU on gdpr.eu:
"Statistics cookies — Also known as performance cookies, these cookies collect information about how you use a website, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and therefore anonymized. Their sole purpose is to improve website functions."
Source: GDPR.eu — Cookies, the GDPR, and the ePrivacy Directive
Similar language exists in CCPA, CASL, and CAN-SPAM frameworks. For this reason, AB Split Test can generally be used without requiring cookie consent for the core split testing functionality.
Heatmaps and session replays
If you use heatmaps or session replays, these features record additional behavioral data including click positions, scroll depth, cursor movement, and page navigation. All of this data is stored entirely on your own WordPress server. Nothing is sent to any external service.
Cookie consent platforms generally classify session replay data under a higher category than statistical cookies. We recommend reviewing your cookie consent configuration if you use these features, particularly for EU visitors.
You can control data retention under Settings > Data Management. The default retention period is 30 days and can be adjusted to suit your compliance requirements.
Cookie consent platform integrations
AB Split Test automatically integrates with all major cookie consent platforms. When a visitor has not yet accepted cookies, AB Split Test waits before tracking begins.
To configure this, go to Settings > Data Management > Wait for Consent Approval.
Supported platforms:
Advanced tracking and WooCommerce
If you enable Advanced Tracking (UUID logging) for WooCommerce server side conversion tracking, a non-identifiable UUID is used to link a visit to an order. This UUID does not contain personally identifiable information and is not shared with any third party service.
Fingerprint pixel (cross-domain tracking)
The fingerprint pixel is an optional feature for tracking conversions on external domains such as ThriveCart or Shopify. It uses a statistical fingerprinting method rather than a tracking cookie. No personally identifiable data is stored.
Data deletion
If you uninstall AB Split Test, you can configure the plugin to delete all collected data automatically. Go to Settings > Data Management > Delete data on uninstall to enable this.
| Feature | Data location | PII collected |
|---|---|---|
| Core split testing | Your server | No |
| Heatmaps | Your server | No |
| Session replays | Your server | No |
| WooCommerce UUID tracking | Your server | No |
| Fingerprint pixel | Your server | No |