Klaviyo

Klaviyo

Email marketing and automation platform for e-commerce brands. Klaviyo scripts track page views, product interactions, and cart events to trigger automated email and SMS flows. Sets cookies to identify visitors and link on-site behavior to email campaign engagement.

Back to Vendor Library

Overview

Klaviyo is an email and SMS marketing automation platform widely used by e-commerce brands. Its on-site scripts track visitor behavior, product interactions, and cart activity to trigger automated email and SMS flows. Klaviyo connects on-site browsing data to email subscriber profiles, enabling personalized marketing campaigns based on real-time behavior.

What This Script Does

Klaviyo's JavaScript snippet (klaviyo.js) loads on every page and performs several operations:

  • Visitor identification: Sets a first-party cookie (__kla_id) containing an encoded visitor identifier. If the visitor is a known email subscriber, the cookie links browsing activity to their Klaviyo profile.
  • Page and product tracking: Sends Viewed Product, Added to Cart, and Started Checkout events to Klaviyo's servers in real-time. These events include product names, prices, URLs, and image paths.
  • On-site forms: Renders email/SMS signup forms, popups, and flyouts configured in Klaviyo's dashboard. Form submissions create or update subscriber profiles.
  • Back-in-stock and browse abandonment: Monitors product page visits and cart state to trigger automated flows when a visitor leaves without purchasing.
  • Active on Site tracking: Sends periodic heartbeat requests to track session duration and active browsing.

The script makes requests to a.]klaviyo.com and static.klaviyo.com. It reads and writes to localStorage for form display state and suppression logic. It may also fire identify calls when a visitor clicks through from a Klaviyo email (via URL parameters like _kx).

Consent & Compliance

Consent Category: Marketing / Analytics

Klaviyo's tracking serves dual purposes: behavioral analytics for campaign optimization and direct marketing automation (email/SMS triggers). The visitor identification cookie and behavioral event tracking constitute personal data processing under GDPR. Key considerations:

  • GDPR/ePrivacy: The __kla_id cookie and behavioral tracking require opt-in consent. Klaviyo's forms that collect email addresses are separate consent touchpoints requiring explicit marketing consent.
  • CCPA: Behavioral data linked to email profiles constitutes personal information. Disclosure is required, and consumers must be able to opt out of sale/sharing.
  • Email identification via URL parameters: When a subscriber clicks a Klaviyo email link, the _kx parameter automatically identifies them on-site. This cross-context identification requires consent under GDPR.

Klaviyo provides a consent API that can delay tracking until consent is granted. Use klaviyo.push(["consent", "email"]) to gate identification.

Should You Block This Without Consent?

Yes. Klaviyo's on-site script sets identification cookies, tracks individual browsing behavior, and links activity to marketing profiles. This constitutes personal data processing for direct marketing purposes. Block the script until the user grants marketing consent. If you need Klaviyo signup forms to function, configure them to load independently of the tracking script, or use Klaviyo's consent API to defer behavioral tracking until consent is obtained.

Visit website

Products (1)

Klaviyo SMS
Klaviyo SMS
Klaviyo SMS is the SMS marketing channel within the Klaviyo platform for e-commerce businesses. Scripts embed phone number capture forms and pop-ups on websites to collect SMS opt-ins. Cookies and identifiers associate website visitors with SMS subscriber profiles for attribution.

Consent Categories

Marketing
Analytics

Also Known As

klaviyo GDPRklaviyo cookiesklaviyo tracking pixelemail marketing consentklaviyo SMS consentklaviyo privacy

Industries

Business and Consumer ServicesMarketing and Advertising

Tracked Domains (1)

klaviyo.comMarketing

Frequently Asked Questions

Does Klaviyo require visitor consent before loading on my site?

Yes. Klaviyo sets the __kla_id identification cookie, tracks individual browsing behavior including product views and cart events, and links on-site activity to marketing email profiles. This requires explicit marketing consent under GDPR and ePrivacy before the script loads.

What does the Klaviyo script track and store?

Klaviyo sets __kla_id (2-year persistent visitor ID linking browsing to subscriber profiles) and tracks Viewed Product, Added to Cart, and Started Checkout events sent to a.klaviyo.com. When visitors click Klaviyo email links, the _kx URL parameter identifies them on-site, connecting their session to their email profile.

How does ConsentStack manage Klaviyo on e-commerce sites?

ConsentStack blocks the Klaviyo script until marketing consent is granted. Once granted, Klaviyo loads and begins behavioral tracking. ConsentStack also suppresses _kx identification for visitors arriving via Klaviyo email links until consent is confirmed, preventing unauthorized profile linking on landing pages.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Ads
Google Ads
Google Ads is Google's advertising platform for search, display, and remarketing campaigns. Conversion tracking scripts fire on advertiser landing pages to measure actions taken after ad clicks. The remarketing tag builds audience lists for retargeting users across Google's ad network.
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag
Microsoft Advertising UET Tag is the Universal Event Tracking pixel for Microsoft's ad platform, formerly Bing Ads. The JavaScript tag fires on advertiser websites to track page views, conversions, and custom events for campaign optimization. Sets cookies to identify visitors across sessions and attribute conversions to Microsoft Search and Audience Network ad clicks.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.

Manage consent for Klaviyo

ConsentStack automatically detects and manages Klaviyo trackers so your site stays compliant with global privacy regulations.

Get started free