Chameleon

Chameleon

Chameleon is a product adoption platform for building in-app guided tours, tooltips, launchers, and microsurveys. Scripts render UI overlays on the host application triggered by user events and segment rules. Interaction data from tours and surveys feeds into a dashboard for measuring feature adoption impact.

Back to Vendor Library

Overview

Chameleon is a product adoption platform that lets product teams build and deploy in-app guided tours, tooltips, modals, launchers, and microsurveys — without requiring engineering resources for each update. It is deployed on SaaS web applications to drive feature adoption, onboard new users, and collect in-context feedback. Chameleon integrates with Segment, Mixpanel, Amplitude, Salesforce, and HubSpot to trigger experiences based on user properties and behavioral events.

What This Script Does

The Chameleon script (fast.chameleon.io/mushi-loader.js or loaded via Segment as a destination) initializes the Chameleon SDK within the host application. Once initialized, it:

Experience rendering:

  • Renders guided tour overlays that highlight specific UI elements and walk users through feature flows step-by-step
  • Displays tooltip coach marks anchored to specific DOM elements, triggered when users hover or focus on them
  • Shows modal dialogs and slideout panels for announcements, release notes, or feature introductions
  • Renders launcher widgets (e.g., a persistent help icon) that users can click to access a menu of available tours and resources
  • Delivers microsurveys — typically NPS, CSAT, or custom rating questions — within the application UI

Targeting and segmentation:

  • Reads user identity and property data (passed via chmln.identify()) to determine which experiences to show
  • Evaluates segment rules (e.g., "show to users who have not visited the Settings page") using event history and user properties
  • Targets experiences to specific URL patterns, user roles, plan types, or company attributes

Data collection:

  • Sends tour interaction events (step viewed, step completed, tour dismissed, survey response submitted) to Chameleon's servers at api.chameleon.io
  • Sets a first-party cookie or uses localStorage to track which tours and surveys a user has seen, preventing repeat displays
  • Does not set third-party tracking cookies or perform cross-site behavioral profiling

Consent & Compliance

  • Category: Functional
  • GDPR: Chameleon processes authenticated user data (user ID, properties, in-app behavior) to deliver product experiences. This is core product functionality, not marketing tracking. Under legitimate interest, delivering onboarding and adoption experiences to users who signed up for the product is well-justified. No consent popup is typically required within an authenticated SaaS application. A data processing agreement with Chameleon is appropriate.
  • ePrivacy: The storage used (cookies or localStorage) maintains tour state for the authenticated user's session and subsequent visits — this is strictly necessary for delivering the requested guidance experience.
  • CCPA: Tour interaction data and user property data constitute personal information. Disclose Chameleon's use in your privacy policy. Chameleon is US-based (San Francisco); EU-US data transfers rely on Standard Contractual Clauses or the EU-US Data Privacy Framework.
  • Anonymous visitors: If Chameleon is deployed on public-facing (pre-login) pages for anonymous visitors rather than authenticated users, the calculus changes — anonymous visitor tracking without a clear functional purpose would require consent.

Should You Block This Without Consent?

Conditional. Within an authenticated SaaS application where Chameleon delivers onboarding tours and product guidance to signed-in users, blocking is generally not required — this is functional product infrastructure. If deployed on public-facing pages for anonymous visitor tracking or lead generation purposes, block until functional consent is granted.

Visit website

Consent Categories

Functional

Also Known As

product adoptionin-app toursguided onboardinguser onboarding toolchameleon.iomicrosurveystooltips SDK

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (1)

fast.chameleon.ioAnalytics

Frequently Asked Questions

Does Chameleon require consent within a SaaS application?

Generally no. Chameleon delivers onboarding tours and guidance to authenticated users who signed up for the product. The storage it uses maintains tour state for that user's experience — justified as strictly necessary within an authenticated application.

What data does Chameleon collect during in-app tours?

Chameleon sends tour interaction events — step viewed, step completed, tour dismissed, survey response — to its servers. It also reads user identity and property data passed via chmln.identify() to determine which experiences each user should see.

How does ConsentStack classify Chameleon?

ConsentStack classifies Chameleon as functional. Within authenticated SaaS applications, ConsentStack does not gate Chameleon behind a consent prompt. If you deploy Chameleon on public pre-login pages, ConsentStack can be configured to require functional consent before it loads.

Related Vendors

Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.
Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.

Manage consent for Chameleon

ConsentStack automatically detects and manages Chameleon trackers so your site stays compliant with global privacy regulations.

Get started