Intercom

Overview

Intercom is a live chat and customer messaging platform widely used by SaaS companies and e-commerce sites. It embeds a chat widget that identifies users, tracks behavioral events, and enables automated in-app messaging and support workflows.

What This Script Does

• Loads the Intercom Messenger widget (chat bubble) by injecting a script from widget.intercom.io and related assets from js.intercomcdn.com
• Sets persistent first-party cookies (notably intercom-id-* and intercom-session-*) to identify returning visitors and maintain chat session continuity. The identity cookie can persist for up to 9 months.
• For logged-in users, transmits user identity data (name, email, user ID, signup date) to Intercom's servers via the Intercom('boot', {...}) call, linking website activity to the Intercom user profile
• Tracks page views and URL changes in single-page applications, sending navigation events to Intercom for conversation context and behavioral targeting
• Supports custom event tracking via Intercom('trackEvent', ...) calls, which feed into Intercom's segmentation engine for automated message targeting
• Collects user attributes (company, plan, custom properties) for audience segmentation and message personalization
• Loads conversation history and unread message counts, making requests to Intercom's API on each page load
• Supports proactive messages (auto-messages, product tours, banners) triggered by user behavior, page rules, or segment membership
• May load additional resources including images, GIFs, and video content within the messenger iframe
• Connects to Intercom's real-time messaging infrastructure via WebSocket connections for live chat functionality
• Stores conversation state and user preferences in browser local storage
• When used with Intercom's marketing features (Series, Outbound), tracks email opens and click-throughs correlated with web activity for cross-channel campaign attribution

Consent & Compliance

• Consent category: Functional / Marketing (dual-purpose)
• Applicable regulations: GDPR, ePrivacy Directive, CCPA, LGPD
• Opt-in required: Depends on usage context. This is a nuanced case.
• Functional use (live chat support): When Intercom is used purely as a customer support chat tool, it may qualify as a "strictly necessary" or "functional" service if the user initiates the chat. However, the persistent identity cookies (intercom-id-* with 9-month expiry) go beyond what is strictly necessary for a chat session.
• Marketing use (proactive messaging, behavioral targeting): When Intercom is configured to send automated messages based on user behavior, segment users for campaigns, or track events for marketing automation, it functions as a marketing tool and unambiguously requires consent.
• Under GDPR, Intercom's transmission of user identity data (email, name) to a third-party processor requires a lawful basis. For support, this may be legitimate interest; for marketing automation, consent is the appropriate basis.
• Under CCPA, Intercom's behavioral tracking and profiling may constitute "sharing" of personal information for cross-context behavioral advertising if marketing features are active.
• The persistent cookies set by Intercom are not strictly necessary for basic page functionality, which triggers ePrivacy consent requirements regardless of the use case.

Should You Block This Without Consent?

Conditional. The answer depends on how you use Intercom:

• Support-only configuration: If Intercom is used exclusively for reactive customer support (user-initiated chat) with no proactive messaging, behavioral targeting, or marketing automation, you may argue functional necessity. However, the persistent identity cookies still technically require ePrivacy consent. A common pragmatic approach is to load Intercom under "functional" consent, separate from marketing consent.
• Marketing/automation configuration: If you use Intercom's proactive messaging, product tours, behavioral event tracking for segmentation, or cross-channel campaign features, treat it as a marketing tool and block until marketing consent is granted.
• Recommended approach: Categorize Intercom under "functional" consent at minimum. If marketing features are active, require marketing consent. Never load Intercom with zero consent, as its persistent cookies and user data transmission to a third party cannot be justified as strictly necessary.