Omnisend

Overview

Omnisend is an email and SMS marketing automation platform built specifically for e-commerce brands. It integrates natively with Shopify, WooCommerce, and BigCommerce to access order and product data, and provides an onsite script for tracking browsing behavior, product views, and cart events. These signals power automated flows including abandoned cart sequences, browse abandonment emails, and product recommendation campaigns.

What This Script Does

Omnisend Tracking Script

The Omnisend onsite script is delivered as an inline snippet that loads the main library from Omnisend's CDN (omnisnippet1.com or cdn.omnisend.com). It runs on every page of the merchant's storefront and performs continuous behavioral monitoring.

Cookies Set

• omnisend_cid — First-party persistent cookie. Stores the Omnisend anonymous contact identifier. Duration: 1 year.
• omnisend_session_id — First-party session cookie. Stores the session identifier for grouping page events. Duration: session.
• omnisend_tr — First-party persistent cookie. Stores the traffic source attribution data (UTM parameters). Duration: 30 days.
• omnisend_push_subscriber — First-party persistent cookie. Records whether the visitor has subscribed to browser push notifications. Duration: 1 year.

Domains Contacted

• omnisnippet1.com — Legacy CDN domain for the tracking library.
• cdn.omnisend.com — Primary CDN for library files and configuration payloads.
• track.omnisend.com — Event ingestion endpoint. All page view, product view, cart, and purchase events are sent here.
• api.omnisend.com — REST API endpoint for contact identification and subscription status lookups.

Data Collected Per Interaction

• Page URL and page title for every page view
• Product ID, product name, category, and price on product detail pages
• Cart item list, quantities, and total value on cart page visits
• Order ID, items purchased, and total on checkout confirmation (if not handled server-side)
• UTM source, medium, campaign, and content values from URL parameters
• Email address when a signup form is submitted or an email link is clicked
• Browser push notification subscription status
• Browsing session timestamps and duration

Automated Workflows Triggered

Omnisend's server-side automation engine evaluates every incoming event in real time. Visiting a product page without purchasing can trigger a browse abandonment email after a configurable delay. Adding items to a cart without completing checkout triggers an abandoned cart series. These automations operate entirely server-side once the event is captured.

Consent & Compliance

GDPR / ePrivacy: Omnisend's onsite script sets persistent first-party cookies and transmits individual browsing behavior to Omnisend's servers for the purpose of marketing profiling and targeted email delivery. Under the ePrivacy Directive, cookie consent is required. Under GDPR, the lawful basis for building a behavioral profile tied to an email identity is consent (Article 6(1)(a)) — legitimate interest does not apply to direct marketing profiling at this level of detail. Omnisend's Terms of Service require merchants to obtain and document consent.

CCPA / CPRA: Omnisend collects personal information (email address linked to browsing and purchase history) for direct marketing purposes. Merchants using Omnisend must disclose this data collection and provide California residents with opt-out rights.

EU-US Data Privacy Framework: Omnisend is headquartered in the US with EU subsidiary operations. Merchants should rely on Omnisend's Standard Contractual Clauses for GDPR-compliant data transfers.

Consent Category: Marketing. IAB TCF purposes: Purpose 1 (Store and/or access information on a device), Purpose 3 (Create a personalised ads profile), Purpose 4 (Select personalised ads).

Should You Block This Without Consent?

Yes. Omnisend's tracking script captures detailed e-commerce behavior and ties it to email identities for the purpose of targeted marketing. It sets persistent first-party cookies and transmits data to Omnisend's US infrastructure. This is a marketing-purpose script requiring prior consent under both GDPR/ePrivacy and CCPA/CPRA.