Kayako

Overview

Kayako is a customer service platform that was acquired by ESW (e-commerce services) and continues to operate as a helpdesk and live chat solution. It serves support teams with ticket management, live chat, and self-service knowledge bases. Its embeddable Messenger widget appears on third-party websites, creating a real-time communication channel between site visitors and support agents. Kayako has a smaller market presence than competitors like Zendesk or Intercom but remains deployed on a number of enterprise and mid-market sites.

What This Script Does

Kayako's client-side script loads from Kayako's hosted infrastructure and bootstraps the Messenger widget in the host page DOM:

• Widget initialization: The embed script creates an iframe-based chat interface anchored to the page corner. It makes initial requests to the Kayako API to load the configured support team profile and available agents.
• Session cookies: Kayako sets cookies on the host domain to identify returning visitors and maintain conversation continuity. A visitor identifier cookie persists across sessions so returning users can see their conversation history.
• Visitor data collection: The script records the visitor's current page URL, referrer, and browser information at session start. If the site passes explicit user data (email, name) via Kayako's JavaScript API, this is transmitted to Kayako's servers and linked to the support contact record.
• Network requests: Ongoing connections to [subdomain].kayako.com are maintained for real-time message delivery via WebSocket or long-polling.
• Knowledge base integration: Self-service article suggestions may be loaded dynamically based on the visitor's current page context.

Consent & Compliance

GDPR and ePrivacy Directive: Kayako sets persistent visitor identification cookies and records behavioral context (current page, referrer) for all visitors, not only those who actively initiate chat. This passive collection of non-essential data requires prior consent under the ePrivacy Directive. Visitors who do engage in chat provide personal data (messages, potentially email) that is processed under GDPR, requiring a privacy notice disclosure and lawful basis.

CCPA/CPRA: Chat interaction data and visitor identifiers constitute personal information under CCPA. Kayako functions as a service provider; it does not sell this data to third parties. The deploying business must disclose Kayako's data collection in its privacy policy and maintain a data processing agreement with Kayako.

The consent category is functional. Live chat is a genuine support service, but the persistent visitor tracking component exceeds strict necessity.

Should You Block This Without Consent?

Conditional.

The core chat functionality can be loaded under legitimate interest for visitors who actively seek support, but the persistent visitor identification cookie should not be set without consent. Consider loading the widget shell while deferring the visitor tracking cookie until functional consent is granted, or block the entire script and show a consent-gated chat launch button.