Salesforce.com

Overview

Salesforce.com provides an enterprise CRM platform with a broad ecosystem of marketing and analytics tools including Marketing Cloud, Pardot (Account Engagement), Sales Cloud Web-to-Lead, Einstein Analytics, and Interaction Studio (Personalization). On-site scripts handle behavioral tracking, lead attribution, form capture, personalization delivery, and live chat. The specific consent implications depend heavily on which Salesforce products are deployed.

What This Script Does

Pardot / Account Engagement Tracking Pardot's tracking code loads from pi.pardot.com (or a custom domain on advanced plans) and fires on every page of sites connected to a Pardot instance. It:

• Sets the visitor_id cookie (first-party or third-party depending on domain configuration, 2 years) to identify visitors across sessions
• Sets pi_opt_in (first-party, 2 years) — consent flag for Pardot tracking
• Records page views, form interactions, and file downloads against prospect records in the Pardot CRM
• Triggers lead scoring rule updates in real time based on page visit activity
• Fires marketing automation workflows when a known prospect visits key pages (e.g., pricing page, case study)
• Contacts pi.pardot.com for event logging and pd.pardot.com for data synchronization

Salesforce Marketing Cloud (ExactTarget) Marketing Cloud deploys tracking pixels and behavioral analytics through the Marketing Cloud Personalization (Interaction Studio) product. Scripts load from cdn.evgnet.com or {client}.evergage.com (legacy) and collect:

• Visitor identity resolution — matching anonymous web visitors to known CRM contacts via email hash or first-party cookie
• Behavioral segment membership — pages visited, products viewed, content consumed
• Real-time personalization decisions — which content blocks, banners, or recommendations to show
• A/B test assignments for campaign experiments

Web-to-Lead Forms Standard Salesforce Web-to-Lead forms submit directly to webto.salesforce.com. These forms collect contact information (name, email, company, phone) and create Lead records in Salesforce CRM. No tracking cookies are set by the form submission itself, but the referrer and UTM parameters captured at submission time are recorded for attribution.

Einstein Analytics / Tableau CRM JavaScript embeds for Einstein Analytics dashboards load from {instance}.salesforce.com or analytics.salesforce.com. These are typically internal business intelligence tools embedded in authenticated portals rather than public web pages.

Salesforce Live Agent / Chat The Live Agent chat widget loads from {instance}.salesforceliveagent.com. It:

• Sets session cookies to persist the chat conversation across page navigations
• Collects visitor name and email when provided through the pre-chat form
• Sends chat transcripts and visitor data to the Salesforce Service Cloud instance

Cookies set:

• visitor_id{account} (first-party, 2 years) — Pardot visitor identifier
• pi_opt_in (first-party, 2 years) — Pardot consent flag
• Interaction Studio: first-party session and visitor cookies, duration varies by client configuration
• Live Agent: liveagent_sid (session), liveagent_vc (session)

Domains contacted: pi.pardot.com, pd.pardot.com, cdn.evgnet.com, {client}.evergage.com, webto.salesforce.com, {instance}.salesforceliveagent.com

Consent & Compliance

GDPR/ePrivacy: Pardot's behavioral tracking and lead scoring constitute personal data processing for marketing automation purposes, requiring explicit opt-in consent under GDPR Article 7. The visitor_id cookie is non-essential and requires consent before placement under ePrivacy. Marketing Cloud Interaction Studio's visitor profiling and personalization require consent. Live Agent session cookies used to maintain an in-progress conversation requested by the user may qualify as functional. Web-to-Lead form submissions are based on the user's explicit action (consent by conduct).

CCPA/CPRA: Pardot behavioral tracking and Marketing Cloud personalization data collection constitute personal information collection. Salesforce acts as a service provider under CCPA when processing data under a data processing agreement. Sites must disclose Pardot and Marketing Cloud tracking in their privacy policy.

EU-US Data Transfers: Salesforce Inc. participates in the EU-US Data Privacy Framework (DPF) and offers Standard Contractual Clauses and Binding Corporate Rules.

IAB TCF: Pardot and Marketing Cloud marketing tools map to IAB TCF Purposes 1, 2, 3, 4, and 5.

Consent category: Marketing (Pardot, Marketing Cloud tracking), Analytics (behavioral analytics), Functional (Live Agent chat, Web-to-Lead forms).

Should You Block This Without Consent?

Conditional. Pardot tracking codes and Marketing Cloud personalization scripts must be blocked until marketing consent is granted. Einstein Analytics embeds in authenticated portals generally do not require public-facing consent. Live Agent chat widgets serving visitor support needs may load under a functional consent basis, provided the chat session data is not fed into marketing automation workflows. Web-to-Lead form submissions are user-initiated and do not require pre-consent.