Customer.io

Customer.io

Multi-channel marketing automation platform focused on behavioral triggers for transactional and lifecycle emails. The Customer.io snippet tracks page views and custom events that trigger automated workflows. Sets a cookie to identify returning users and link on-site behavior to contact profiles.

Overview

Customer.io is a behavioral messaging platform that enables product and growth teams to send automated email, push notifications, SMS, and in-app messages triggered by real-time user behavior. Unlike traditional email service providers, Customer.io's core value is behavioral precision: messages fire within seconds of a triggering action, personalized using live attributes from the user's profile. The platform is particularly popular with SaaS companies, mobile apps, and consumer subscription products for onboarding flows, trial conversion sequences, lifecycle campaigns, and transactional notifications.

What This Script Does

CustomerIO JavaScript snippet loads the tracking SDK, typically via a small async loader hosted on the site or delivered through a tag manager. The SDK initializes with a site ID and begins tracking immediately.

Page tracking: On each page load, the SDK fires an automatic page view event to track.customer.io (or cdp.customer.io for the newer Journeys CDP product), capturing the current URL, referrer, page title, and timestamp. In SPAs with history API routing, subsequent navigations also trigger page events.

Event tracking: Custom _cio.track() calls instrument business events throughout the user journey — signed_up (user ID, plan, source), trial_started, feature_used (feature name, context), subscription_upgraded (plan, MRR), order_placed (order ID, items, revenue). These events arrive in Customer.io within seconds and can trigger automated message sequences configured in the Campaign or Journeys builder.

User identification: The _cio.identify() call links an anonymous session to a known contact. The call passes identifiers (email, user ID) and profile attributes (name, plan, trial expiry date, custom traits). Once identified, all subsequent events are attributed to the contact's profile, and prior anonymous events within the same session are merged. A _cioid cookie (1-year expiry, first-party) persists the resolved user ID across sessions.

Anonymous visitor tracking: For pre-identification sessions, Customer.io sets a _cio_auid cookie (6-month expiry, first-party) to maintain anonymous visitor continuity. This enables attribution of pre-signup behavior (pages visited, features explored) to the contact after they sign up.

Segment and audience building: Accumulated event and attribute data builds dynamic segments in Customer.io (e.g., "trial users who haven't activated core feature within 3 days"). These segments power targeted campaigns and are updated in real time as behavior changes.

Consent & Compliance

Customer.io is classified under marketing and analytics consent categories. The marketing classification is primary because the platform's purpose is to drive behavioral triggers for marketing campaigns — the analytics component (event tracking, segmentation) is instrumental to that marketing function rather than an end in itself.

Under GDPR, Customer.io processes behavioral data and builds contact profiles containing personally identifiable information (email, user ID, behavioral history) for the purpose of sending marketing communications. This requires explicit consent under Article 6(1)(a). The _cio_auid and _cioid persistent cookies require consent under the ePrivacy Directive before being set. The profiling of users based on behavioral sequences for automated decision-making in campaign targeting engages GDPR Article 22 considerations.

Under CCPA/CPRA, behavioral data collected for marketing automation constitutes personal information. Sharing this data with Customer.io as a third-party processor for commercial messaging purposes must be disclosed, and California residents have the right to opt out of sale or sharing. Customer.io's use as a marketing automation tool means it is typically treated as a service provider (not a third-party data seller) under CCPA if the data is used solely for the business's own marketing — but the disclosure obligation still applies.

Customer.io is headquartered in Portland, Oregon. EU/EEA data is stored in Customer.io's EU data center (hosted on AWS eu-west-1/eu-central-1) when the EU data residency option is selected. Customer.io participates in the EU-US Data Privacy Framework and offers Standard Contractual Clauses in its DPA.

Should You Block This Without Consent?

Yes. Customer.io's tracking snippet sets persistent identification cookies and collects behavioral data for marketing automation immediately on load. It links anonymous browsing to identifiable contact profiles and triggers marketing campaigns based on that behavioral data. Block until the visitor grants marketing consent.

Visit website

Consent Categories

Also Known As

Customer.ioCustomeriolifecycle email consentbehavioral email trackingmarketing automation cookiespush notification consent

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (2)

customerioforms.comMarketing
track.customer.ioMarketing

Frequently Asked Questions

Does Customer.io require consent?

Yes. Customer.io sets persistent identification cookies immediately on load and links anonymous browsing to contact profiles for marketing automation. The behavioral tracking and campaign triggering purposes are marketing-primary, requiring explicit consent before the snippet activates.

What cookies does Customer.io set?

Customer.io sets _cioid (1-year, links sessions to known contact profiles) and _cio_auid (6-month anonymous visitor UUID). Page view events and custom track() calls fire to track.customer.io, attributing behavioral history to contacts and triggering automated email, SMS, and push notification sequences.

How does ConsentStack manage Customer.io?

ConsentStack blocks the Customer.io snippet until marketing consent is granted. This prevents identification cookies from being set and stops behavioral data from flowing into campaign triggers. ConsentStack activates Customer.io automatically when the visitor consents, enabling lifecycle tracking from that point forward.

Related Vendors

WalkMe
WalkMe
WalkMe scripts inject guided walkthroughs, tooltips, and contextual help overlays into web applications to support digital adoption. The platform tracks user interactions, task completion rates, and step-by-step engagement to measure onboarding effectiveness.
WooCommerce
WooCommerce
WooCommerce scripts power cart functionality, checkout flows, and product pages on WordPress stores. The platform integrates analytics, marketing pixels, and payment processing, setting cookies for session management, cart persistence, and purchase tracking.
Adtelligent
Adtelligent
Adtelligent scripts manage client-side header bidding auctions on publisher websites, coordinating real-time bids from multiple demand partners. The platform serves programmatic display ads and collects impression, click, and audience data for ad targeting and reporting.
Moloco
Moloco
Moloco scripts deliver machine learning-optimized performance ads and collect attribution data on publisher and app inventory. The platform uses behavioral signals to target ads across mobile and connected TV environments, tracking impressions and conversion events.
Hootsuite
Hootsuite
Hootsuite embeds social stream widgets and social media feeds on websites. Scripts may load social content from connected accounts and set tracking cookies to measure widget engagement. Primarily a SaaS platform for social media scheduling and analytics.
Iterable
Iterable
Marketing automation platform for email and cross-channel campaign orchestration. Iterable's web script tracks behavioral events on websites to trigger automated campaigns and update user profiles. Primarily used by e-commerce and mobile app companies for lifecycle messaging.

Manage consent for Customer.io

ConsentStack automatically detects and manages Customer.io trackers so your site stays compliant with global privacy regulations.