What data does Kameleoon retrieve and how?

Advanced Experiment Personalization Technical

Here is a list and description of the data collected by Kameleoon. This data differs depending on the type of experiment and the configuration of your website.

Local storage

Kameleoon saves the collected data on local storage.

Visitor data is always encoded.

You can find the updated list of variables in our developer documentation

Common data (A/B + Personalization)

  • kameleoonData: This contains a lot of data about the visitor and their visits (mostly browsing-related data). This data is encoded on local storage via a simple encoding scheme. You can see the full list of data present on this key here. Lifespan of 365 days. Find out more about the collected data
  • kameleoonLegalConsent: Legal consent (usually GDPR or similar regulations) obtained for the use of Kameleoon. For instance, the value can be {“AB_TESTING”: true, “PERSONALIZATION”: false} or {“PERSONALIZATION”: true}. Lifespan of 365 days.
  • kameleoonOpenTabs: This contains the ids of opened tabs on the same website. Lifespan of 365 days.
  • kameleoonSimulation: Data needed for simulation purposes. Lifespan of 1 hour.
  • kameleoonSimulationShortURL: Short URL of the simulation. Lifespan of 1 hour.
  • kameleoonSimulationVisitorData: This contains all the (virtual) data about the visitor and their visits for simulation. Lifespan of 1 hour.

Experiments data

  • kameleoonVariation-${variationId}: This saves the variation for preview or simulation. Stored for the duration of the session.
  • kameleoonExperiment-${experimentId}: This saves the experiment variation assigned, the ID of the variation (either “Reference” or the variation ID or “none” if traffic exclusion has been configured) and the date on which the variation was assigned. Stored for 30 days.

Personalizations data

  • kameleoonPersonalization-${personalizationId}: This saves the personalization variation assigned. Lifespan of 30 days.
  • kameleoonGlobalPersonalizationExposition: This represents the visitor’s global exposure status for all personalizations. If the value is “false”, this visitor won’t be exposed to any personalization (and if it is set to “true”, they will be exposed if they trigger the required targeting conditions). By default, 10% of the global traffic is excluded from any personalization. This value can be configured in Kameleoon’s back-office. Lifespan of 365 days.

Session storage

All this data is kept only for the duration of the session.

Common data (Experiment + Personalization)

  • kameleoonDisabledForVisit: This disables loading by Kameleoon for the current visit. It will depend on whether or not you’ve activated this option in your website settings in the Kameleoon back-office. By default, it will never be used.
  • kameleoonAnalyticsTrackingTimes: This is used to optimize (reduce) the number of third-party analytics tracking calls made by Kameleoon when using a web analytics integration.
  • kameleoonFullApplicationCode: This contains the entire Kameleoon codebase, which is needed for simulation purposes (as the production version of the application file is optimized for size and does not contain all the code).


  • kameleoonVisitorCode: This contains the visitor code (a unique identifier randomly assigned to a visitor). This cookie is automatically replicated by Kameleoon on local storage (inside the kameleoonData key), so, if it is deleted, Kameleoon will recreate it automatically from the data contained in kameleoonData. Stored for 365 days.
  • One additional cookie may be set by the default Kameleoon CDN (Content Delivery Network) when delivering the application file, if you don’t self-host this file. Note that Kameleoon doesn’t use this cookie at all. Deleting it has no impact on Kameleoon operations.
  • __cfduid: This cookie is set by the default Kameleoon CDN. Stored during 30 days.

Encoded data

Visitor data is always encoded.

In the case of KameleoonData (which contains all the data about the visitor and their visits; stored for 365 days), the following data is encoded:

  • custom data;
  • device type (mobile, tablet or desktop);
  • operating system;
  • name and version of the browser;
  • screen size;
  • window size;
  • time zone of the browser;
  • language of the browser;
  • original referrer (acquisition channel);
  • number of pages viewed;
  • title and URL of pages visited;
  • time spent on the website;
  • time of the beginning and end of the visit;
  • number of opened tabs;
  • adblocker activated;
  • list of conversions (clicks, transactions, etc);
  • list of personalizations and experiments seen by the visitor;
  • current weather conditions (if the corresponding targeting condition is activated): temperature, wind, rain…;
  • time of sunset (present if a weather targeting condition has been activated, as it is required for some weather targeting criteria);
  • weather forecast (if the corresponding targeting condition is activated): temperature, wind, rain…;
  • geolocation (if the corresponding targeting condition is activated or if a weather targeting condition has been activated, as it requires geolocation data);
  • IP (if the corresponding targeting condition is activated);
  • external segmentation data (obtained from a third party DMP or CRM);
  • internal search history (if activated);
  • products seen (if activated).

Most of this data is also sent to our servers for reporting purposes (to filter / break down the data afterwards). However, for previous visits, only the number of the visit is sent to our servers.

How long does Kameleoon keep the data stored on its servers?

  • Data for campaign analysis: 2 years.
  • Data for heat map visualization: 6 months.
  • Data for product recommendation: 6 months.
  • Data for cross-device visitor history reconciliation: 6 months.
  • Data for machine learning: 6 months.

After this period, they are deleted and you can no longer access them. This complies with the legal retention periods for personal data.

How does Kameleoon handle visitor consent?

GDPR compliance

Kameleoon complies with the General Data Protection Regulation (GDPR) and has already implemented a legal consent policy. No user data is stored without legal consent and our solution doesn’t use cookies. It works by using local storage, only after obtaining consent. The only data collected is anonymous browsing data that makes it impossible for anyone to identify a visitor.

However, you are able to inject existing personal data from your technology ecosystem (such as CRM or DMP solutions) into Kameleoon, to improve analysis and results. In this case, you have total control over the information you use and should only select authorized data. Kameleoon processes this personal data in total compliance with the GDPR and follows your written instructions and data-processing procedures.

Opt-out management

With Kameleoon, you can set up an opt-out mechanism if you wish to do so. Find out more about Opt-out management

Apple ITP

Kameleoon automatically and transparently handles all Apple ITP versions. This means that ITP will not impact the results of your experiments. Find out more about how Kameleoon handles Apple ITP