Privacy & Compliance

Integrate uxspire into your CMP

The essential information for data-protection review, consent banner setup and technical release: conservative default recommendation, copyable vendor data and short test steps.

Legal context

uxspire delivers embedded surveys as well as NPS, CSAT and UEQ surveys and can evaluate pseudonymous usage events. Depending on the feature, the browser SDK uses LocalStorage, SessionStorage or a best-effort cookie and processes technical context data. On German websites, uxspire should therefore generally be loaded or released only after consent.

Set up uxspire in your Consent Management Platform as a custom vendor, custom service or custom script. Recommended category: Statistics & feedback. This page is not legal advice; the final assessment depends on your concrete setup and the uxspire features you enable.

Free-text survey responses and optional comments may contain personal data if your questions request such information or users enter it voluntarily. You, as the customer, define the content and purpose of the collection.

Details on privacy, sub-processors, third-country transfers and retention are available in the Privacy Policy. For enterprise contracts, the DPA is part of the contractual agreement.

Prepare CMP approval

These fields are sufficient for most CMPs when creating a custom vendor or service. Details can be copied with the copy buttons.

Consent banner

Service: uxspire

Provider: uxspire GmbH

Category: Statistics & feedback

Legal basis: Consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

Withdrawal: Connect CMP withdrawal with window.uxspire?.setConsent({ tracking: false }) or keep the script blocked.

CMP text template

Adapt the text to your concrete setup if you only use individual uxspire features.

With uxspire, we collect voluntary feedback and pseudonymous UX data so that we can improve our website.

Quickstart after consent

The conservative default: your CMP loads the uxspire script only after the user has consented to the Statistics & feedback category.

1. Load the script after consent

Add this function to your CMP callback or tag manager. Replace the API key ID with your project key.

function loadUxspire() {
  return new Promise((resolve, reject) => {
    if (window.uxspire) {
      resolve(window.uxspire);
      return;
    }

    const existing = document.querySelector('script[src*="/embed/v1/uxspire.js"]');
    if (existing) {
      existing.addEventListener('load', () => resolve(window.uxspire), { once: true });
      existing.addEventListener('error', reject, { once: true });
      return;
    }

    const script = document.createElement('script');
    script.src = 'https://app.uxspire.com/embed/v1/uxspire.js';
    script.async = true;
    script.dataset.apiKey = 'uxs_00000000-0000-4000-8000-000000000000';
    script.onload = () => resolve(window.uxspire);
    script.onerror = reject;
    document.head.appendChild(script);
  });
}

2. Grant or withdraw consent

Call these methods when the user consents or later withdraws their selection.

async function grantUxspireConsent() {
  await loadUxspire();
  window.uxspire?.setConsent({ tracking: true });
}

function revokeUxspireConsent() {
  window.uxspire?.setConsent({ tracking: false });
}

Vendor data

Use these fields for the custom vendor, custom service or custom script in your CMP.

Field Content
Provider uxspire GmbH, Stixchesstr. 107, 51377 Leverkusen, Germany
Service name uxspire
Category Statistics & feedback
Purpose Delivery of embedded surveys, NPS, CSAT and UEQ surveys, pseudonymous event capture and analysis of the user experience.
Data types Browser, device and page context, event names and event properties, UTM/campaign parameters, survey responses, NPS/CSAT/UEQ responses including optional comments, project and survey references, session ID and pseudonymous distinct ID. Free-text responses may contain personal data depending on the customer's question.
Script and API domains By default https://app.uxspire.com for /embed/v1/uxspire.js, /embed/v1/bootstrap, /embed/v1/config, /api/v1/e and /api/v1/batch. If you use the API directly, /api/v1/identify and /api/v1/privacy/forget may be added. Survey assets are delivered via the configured asset domain, in production usually https://assets.uxspire.com.
Storage location / sub-processors Details on hosting, sub-processors, third-country transfers and retention are available in the Privacy Policy and, for enterprise contracts, in the DPA.
Data protection contact

Cookies and storage

The browser SDK does not use third-party cookies. Depending on the feature, the following LocalStorage, SessionStorage or cookie names are used.

Name Type Duration Purpose
uxspire.distinct_id LocalStorage until browser/user deletion or reset Pseudonymous user ID for UX analytics and recognition.
uxspire.session_id SessionStorage session Pseudonymous session ID for events within a browser session.
uxspire.consent LocalStorage up to 180 days Stores the consent status passed to uxspire.
uxspire.embed.config.*, uxspire.embed.etag.*, uxspire.embed.fetchedAt.* LocalStorage until update or browser/user deletion Cache for embed and survey configurations.
uxspire.widget.seen.* LocalStorage effective according to survey configuration, technically until deletion Stores whether a widget or survey has already been shown.
uxspire.survey.link_submitted.* LocalStorage / Cookie cookie up to 365 days, LocalStorage technically until deletion Best-effort deduplication for hosted public-link surveys.

Test checklist

After CMP setup, check these four points in the browser and the network tab.

01

Before consent

The uxspire script is blocked or does not send events to uxspire endpoints.

02

After consent

The script is loaded and setConsent({ tracking: true }) is executed.

03

On withdrawal

setConsent({ tracking: false }) is executed and further collection stops.

04

Storage

The storage names listed above appear only according to your consent and survey setup.

Frequently asked questions

Why not classify uxspire as necessary?

uxspire is used for feedback, UX metrics and analytics. These purposes are generally not technically necessary for providing the customer website. Consent is therefore the conservative default recommendation.

Can uxspire be loaded before consent?

The conservative default is to load the script only after consent. If your project uses its own consent gate, the script can technically be loaded earlier as long as tracking and embed remain blocked until consent is granted. Assess such setups with your data-protection team.

Does uxspire support Google Consent Mode or IAB TCF?

uxspire currently does not evaluate these frameworks directly as its own consent source. If your CMP uses Google Consent Mode or IAB TCF, your CMP or tag-manager logic should derive an explicit uxspire decision from it and call setConsent({ tracking: true|false }).

What about GPC or Do Not Track?

uxspire can respect privacy signals such as Global Privacy Control and Do Not Track. Details on privacy, privacy signals and data-subject rights are available in the Privacy Policy.