Skip to main content
All guides
Serious KVKK m.5 · GDPR Art. 6 · ePrivacy Art. 5(3) · Chapter V · Chat widget

Chat widgets (Intercom, Crisp, Tawk) drop cookies before consent

Live-chat widgets like Intercom, Crisp and Tawk.to load a third-party script on page load, set cookies or local-storage identifiers and can begin tracking the visitor before any consent is given.

Why it matters

A chat widget is often argued to be functional, but the common implementations load on every page and set persistent identifiers used for analytics and visitor tracking — which goes beyond what a support tool strictly needs (ePrivacy Art. 5(3) / GDPR Art. 6). Several of these vendors also process data outside the EU (KVKK Art. 9 / GDPR Chapter V). Loading the full widget on page load, before a choice, is the risk.

How to fix it

Load the chat script only after consent, or replace the auto-loading widget with a lightweight "Chat with us" button that boots the vendor script on click. If you treat it as strictly functional, minimise it: disable analytics/visitor-tracking features and document why in your privacy notice.

<!-- Do NOT boot the widget on load. Load it on click (or after consent): -->
document.querySelector('#open-chat').addEventListener('click', () => {
  window.intercomSettings = { app_id: 'YOUR_APP_ID' };
  const s = document.createElement('script');
  s.async = true;
  s.src = 'https://widget.intercom.io/widget/YOUR_APP_ID';
  document.head.appendChild(s);
}, { once: true });

Does your site have this issue?

Run a free scan to find out in seconds.

Official sources

Links to primary legislation for reference. PrivaScan is not affiliated with these bodies; this is information, not legal advice.

Related guides

These guides cover automated checks for trackers, cookies and data flows. A full privacy review also needs legal input.