Amplitude

Amplitude

Product analytics platform used by software companies to track user behavior within web applications. Tracks events, session flows, and user journeys using a client-side SDK that sends data to Amplitude's ingestion pipeline. Sets a persistent device ID cookie to stitch sessions across visits and identify returning users.

Back to Vendor Library

Overview

Amplitude is a product analytics platform used by software companies, mobile app developers, and digital product teams to understand how users engage with their products. Unlike web analytics tools focused on marketing attribution, Amplitude is designed for product instrumentation — tracking feature usage, measuring activation and retention, running funnel analyses, and powering A/B test measurement. It is widely deployed across SaaS, fintech, gaming, and consumer app products.

What This Script Does

The Amplitude JavaScript SDK (cdn.amplitude.com/libs/amplitude-*.min.js) instruments every page and interaction in the host application:

Event tracking

  • Tracks page views automatically on load and navigation
  • Captures click events, form submissions, and custom events defined by the product team via amplitude.track() calls
  • Each event includes a full property payload: page URL, referral source, UTM parameters, user properties, and any custom properties the developer attaches
  • Events are batched and sent to Amplitude's ingestion API (api2.amplitude.com/2/httpapi) at configurable intervals or on session end

User identification and session stitching

  • Sets the amplitude_id first-party cookie (persistent, typically 10 years by default) containing the device ID, the last event time, and the session ID
  • The device ID is a UUID generated on first visit and persisted across sessions to identify returning users
  • When a user logs in, the application calls amplitude.setUserId() to associate the device ID with a known user ID, enabling cross-device stitching in Amplitude's user profiles
  • Session IDs (millisecond timestamps) mark session boundaries; a new session ID is assigned after 30 minutes of inactivity

User properties and cohorts

  • Collects device metadata automatically: OS, browser, browser version, country, language, screen dimensions, carrier
  • Developers can attach custom user properties (subscription tier, feature flags, experiment variants) to enrich analysis
  • Amplitude's cohort engine groups users by behavioral criteria for retention and funnel analysis

Consent & Compliance

  • Category: Analytics
  • GDPR: Amplitude is a product analytics tool. Under GDPR, tracking user behavior for product improvement can rely on legitimate interests in some cases, but many DPAs and regulators treat persistent behavioral analytics as requiring consent — particularly when a device ID is stored in a long-lived cookie. The default 10-year cookie expiry is difficult to justify under the storage limitation principle. Amplitude offers a consent-aware initialization mode.
  • CCPA: Amplitude supports CCPA compliance through its data deletion API, allowing users' event histories and profiles to be purged on request.
  • Data transfers: Amplitude is a US company headquartered in San Francisco. Data is processed in the US by default. Amplitude offers EU data residency (data stored in Frankfurt via AWS eu-central-1) for customers requiring European data processing. EU-US Data Privacy Framework applies for US-processed data.
  • Cookies set: amplitude_id_[API_KEY] (1st party, up to 10 years by default — configurable), amplitude_unsent_[API_KEY] (1st party, session, for unsent event queue)

Should You Block This Without Consent?

Yes — with analytics consent. Amplitude sets a long-lived device ID cookie and tracks behavioral patterns across sessions. This requires analytics consent under GDPR. Amplitude should not initialize until analytics consent is granted. Consider configuring the cookie expiry to a shorter duration (e.g., 1 year) and enabling the consent-aware SDK initialization pattern to avoid collecting data before consent is given.

Visit website

Consent Categories

Analytics

Also Known As

amplitude analyticsamplitude SDKproduct analyticsevent trackingamplitude cookieuser behavior analytics

Industries

Computers Electronics and TechnologyProgramming and Developer SoftwareBusiness and Consumer ServicesMarketing and Advertising

Tracked Domains (3)

amplitude.comAnalytics
cdn.amplitude.comAnalytics
api2.amplitude.comAnalytics

Frequently Asked Questions

Is consent required before loading Amplitude?

Yes. Amplitude sets a long-lived device ID cookie (up to 10 years by default) and tracks behavioral patterns across sessions. Under GDPR, this constitutes analytics requiring consent. Amplitude should not initialize until a visitor has granted analytics consent.

What cookies and data does Amplitude collect?

Amplitude sets the amplitude_id cookie containing a persistent device ID, last event time, and session ID. It tracks page views, click events, and custom interactions, batching them to Amplitude's ingestion API. Browser, OS, country, and screen dimensions are collected automatically.

How does ConsentStack handle Amplitude?

ConsentStack blocks Amplitude from initializing until analytics consent is granted. When a visitor accepts analytics, Amplitude loads and begins tracking. Visitors who decline or accept only essential cookies will have no Amplitude data collected, keeping your deployment compliant.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Analytics
Google Analytics
Google Analytics is the world's most widely deployed web analytics platform. Scripts track page views, sessions, user demographics, traffic sources, and conversion events. Drops cookies to identify returning visitors and attribute user journeys across sessions.
Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.

Manage consent for Amplitude

ConsentStack automatically detects and manages Amplitude trackers so your site stays compliant with global privacy regulations.

Get started