ISMS Copilot
Security

GDPR-Compliant Affiliate Tracking

ISMS Copilot uses affiliate links to credit partners who refer new users. Our affiliate tracking is designed to comply with GDPR by requiring explicit consent before any tracking scripts or cookies are loaded.

The affiliate consent banner only appears when:

  • You visit a link containing the ?via= parameter (e.g., https://ismscopilot.com/?via=partner-slug)

  • You're signed in and navigating authenticated pages

  • You haven't previously accepted or declined consent for affiliate tracking

Standard visitors who arrive directly at the site or through non-affiliate links never see the banner.

The banner appears as a fixed notification at the bottom of the page, stating: "This affiliate link uses a tracking cookie (60 days)." You can choose "Accept" or "No thanks."

Privacy-First Tracking

Before you click "Accept" on the consent banner:

  • No scripts are loaded — The PromoteKit tracking library is not executed

  • No cookies are set — Your browser remains free of affiliate tracking cookies

  • No tracking occurs — The affiliate parameter is stored only in temporary session storage

Only after you explicitly accept does the platform load the PromoteKit script and set the promotekit_referral cookie with a 60-day expiration. If you decline, no tracking happens and your choice is saved locally to prevent the banner from reappearing.

Declining consent means the referring affiliate will not receive credit if you later upgrade to a paid plan. Your decision is final unless you clear your browser's local storage.

What Data Is Stored

When you accept affiliate tracking, three pieces of data are stored locally:

  • Cookie (promotekit_referral) — Contains only the affiliate's partner slug, expires after 60 days

  • Session storage (ismscopilot_promotekit_via) — Temporary storage of the via parameter, cleared when you close the tab

  • Local storage (ismscopilot_promotekit_consent) — Records your consent choice ('accepted' or 'declined'), persists across sessions

This data is used solely for affiliate attribution when you upgrade. It is not used to train AI models, shared with third parties beyond PromoteKit and Stripe for transaction processing, or combined with other personal data.

Alignment with Broader Privacy Commitments

Our affiliate tracking follows the same principles as all ISMS Copilot data handling:

  • Explicit consent required — No tracking without your permission

  • Minimal data collection — Only the affiliate slug is stored

  • Transparent purpose — Used exclusively for crediting referral partners

  • User control — You can decline or later clear cookies to remove tracking

For details on how ISMS Copilot protects your data, including EU hosting, encryption, and zero use of your content for AI training, see Data Privacy & GDPR Compliance.

If you want to support a referring partner, make sure to accept the consent banner when it appears. The 60-day cookie ensures credit is given even if you upgrade weeks later.

Was this helpful?