Medallia

Medallia

Customer experience and feedback management platform (now part of Medallia). Medallia Digital Experience analytics scripts capture session data and trigger micro-surveys to collect real-time customer feedback.

Back to Vendor Library

Overview

Medallia is an enterprise customer experience (CX) and feedback management platform used by large organizations to capture, analyze, and act on customer sentiment across digital and physical touchpoints. Its Digital Experience product combines two capabilities on web properties: a behavioral session analytics engine that captures interaction data to identify friction and drop-off points, and a triggered feedback mechanism (digital intercepts or micro-surveys) that solicits real-time ratings and comments from visitors.

What This Script Does

The Medallia Digital Experience script is typically embedded as an async tag in the page head or footer, loaded from Medallia-hosted domains (cdn.medallia.com, nebula.medallia.com, or customer-specific subdomains like [customer].medallia.com).

Cookies Set by Medallia:

  • MDigitalID — persistent visitor identifier, first-party or third-party depending on deployment, typically 365 days; assigns a UUID to each browser for cross-session behavioral analytics and survey deduplication; this is the primary tracking identifier
  • MDigitalSession — session-scoped companion cookie; groups page events within a single visit for session analytics
  • MDigitalSurveyShown_[formid] — persistent cookie, 30–180 days; records that the current browser has been shown or completed a specific survey intercept; prevents re-displaying the same intercept excessively
  • MDigitalSampling — sampling decision cookie, session-scoped; records whether this session has been selected for session recording or survey triggering based on configured sampling rates

Session Analytics Data Collected:

  • Page views: URL, page title, time on page, entry/exit pages
  • Click events: element type, position, text content of clicked elements
  • Scroll depth per page section
  • Rage clicks (repeated rapid clicks indicating frustration)
  • Form interactions: field focus/blur, validation errors encountered, submission success/failure
  • JavaScript errors occurring on the page
  • Performance metrics: page load time, time-to-interactive

Feedback/Intercept Data Collected:

  • Triggered survey responses: numerical ratings (NPS, CSAT, CES), star ratings, and open-text comments
  • Survey metadata: which intercept was shown, when it appeared, whether the visitor dismissed or completed it
  • Optional identity fields if the survey includes an email or name question

Network Requests:

  • Behavioral events batched and sent via POST to nebula.medallia.com/a/[account]/ endpoints at regular intervals and on page unload
  • Survey delivery requests to [account].medallia.com/wpm/ for intercept configuration
  • Survey response submissions POSTed to Medallia's feedback ingestion API

Medallia, Inc. is a US company (acquired by Thoma Bravo, 2021). GDPR DPA available. EU data residency option available for enterprise contracts. Medallia participates in the EU-US Data Privacy Framework.

Consent & Compliance

Medallia spans analytics and functional categories. The session analytics component — persistent visitor identification, click/scroll tracking, form interaction monitoring — constitutes behavioral analytics requiring explicit consent under GDPR Article 6(1)(a) and Article 5(3) ePrivacy Directive. The survey/feedback component is functionally closer to a user-initiated interaction after the intercept is triggered, but the survey triggering logic and deduplication cookies still require consent because they depend on the persistent MDigitalID. Under CCPA/CPRA, the behavioral session data constitutes personal information and its collection and use for CX analytics must be disclosed.

Should You Block This Without Consent?

Yes. The Medallia session analytics component uses a persistent 365-day visitor identifier and tracks detailed behavioral patterns across sessions. Since the session analytics and survey scripts are typically bundled in a single tag, block the entire Medallia script until analytics consent is granted.

Visit website

Consent Categories

Analytics
Functional

Also Known As

Medallia DigitalMedallia Experience Cloudcustomer feedback surveysession feedback toolZingle Medallia

Industries

Computers Electronics and TechnologyProgramming and Developer SoftwareBusiness and Consumer ServicesMarketing and Advertising

Tracked Domains (1)

kampyle.comMarketing

Frequently Asked Questions

Must I get consent before loading Medallia?

Yes. Medallia's session analytics component assigns a persistent 365-day visitor identifier (MDigitalID) and tracks detailed behavioral patterns — clicks, scroll depth, form interactions, rage clicks — across sessions. This persistent tracking requires explicit consent under GDPR and ePrivacy.

What does the Medallia script collect?

Medallia records page views, click events, scroll depth, form field interactions, JavaScript errors, and page performance metrics. Survey deduplication cookies (MDigitalSurveyShown_[formid]) prevent repeat intercepts. All behavioral data is batched and sent to nebula.medallia.com endpoints.

How does ConsentStack handle Medallia?

ConsentStack blocks Medallia until analytics consent is granted. Because the session analytics and survey scripts load as a single tag, ConsentStack gates the entire integration — preventing the 365-day MDigitalID cookie from being set and stopping behavioral data collection until the visitor consents.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Analytics
Google Analytics
Google Analytics is the world's most widely deployed web analytics platform. Scripts track page views, sessions, user demographics, traffic sources, and conversion events. Drops cookies to identify returning visitors and attribute user journeys across sessions.
Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.

Manage consent for Medallia

ConsentStack automatically detects and manages Medallia trackers so your site stays compliant with global privacy regulations.

Get started free