Why Certain Trackers Create Litigation Exposure
Not all website analytics are created equal under the law. A simple page-view counter is not the same as a tool that records every keystroke a visitor types into a search bar or a chat widget that transmits private conversations to a third-party vendor's servers. The legal theory that applies—and the severity of the exposure it creates—depends entirely on what the tracker captures.
California's Invasion of Privacy Act (CIPA) draws three critical distinctions that map directly to the categories of tracking technology deployed on modern websites:
- Content interception (Section 631 — Wiretapping): Tools that capture the substance of what a user communicates—keystrokes, form inputs, mouse movements over page content, and full-page recordings. This is the most legally dangerous category because it captures the actual contents of the communication between the user and the website.
- Confidential communication recording (Section 632 — Eavesdropping): Tools that record conversations where the user has a reasonable expectation of privacy. Chat widgets and AI chatbots fall here because users share personal, medical, financial, and legal information in a conversational context that feels private.
- Addressing information collection (Section 638.51 — Pen Register): Tools that collect metadata about communications without capturing their content—who visited, when, from where, what pages they viewed, what actions they took. Tracking pixels and analytics platforms operate at this level, collecting and transmitting user identity and behavior data to third parties.
The distinction matters because each theory carries different elements, different defenses, and different standing considerations in post-Popa litigation. Session replay tools that capture form inputs present the clearest content-interception claims. Chat widgets recording conversations about medical conditions present the strongest confidentiality arguments. Tracking pixels transmitting browsing behavior to advertising networks present the broadest class action potential because of their near-universal deployment.
The consent factor: Across all categories, the strength of a claim depends heavily on whether the website obtained meaningful consent before the tracker activated. A tracker that fires on page load—before any user interaction with a consent banner—creates stronger exposure than one that activates only after affirmative opt-in. Deliberize's two-pass consent verification tests this for every scan.
Below is every tracker signature Deliberize detects, organized by category. Each entry includes what the tracker captures, its severity rating in our viability scoring system, and a brief explanation of why it creates litigation exposure under the applicable CIPA section.
Session Replay Tools (CIPA Section 631 — Wiretapping)
Session replay tools are the most legally dangerous category of website tracker. They record the full contents of a user's interaction with a website: every keystroke, mouse movement, scroll position, form input, and page element the user interacts with. The recording is transmitted to the replay vendor's servers, where it can be played back as a video of the user's session.
Under CIPA Section 631, this constitutes interception of the contents of a communication by a third party (the replay vendor) who is not a party to the communication between the user and the website. The user communicates with the website by typing, clicking, and scrolling; the replay vendor intercepts and records the substance of that communication without the user's knowledge or consent.
Courts have found this theory particularly compelling when the session replay captures form inputs containing personal information—names, addresses, credit card numbers, search queries, medical symptoms—that the user typed into the website expecting only the website operator to receive.
| Tracker Name | What It Captures | Severity | Why It's a Violation |
|---|---|---|---|
| Hotjar | Full session recordings, heatmaps, form inputs, keystrokes, mouse movement, scroll depth | Critical | Records and transmits the complete contents of user interactions to Hotjar servers. Most widely deployed session replay tool, appearing on thousands of consumer sites. |
| FullStory | Pixel-perfect session replay, DOM changes, network requests, console errors, form field values | Critical | Captures a reconstructable copy of the entire page and every user interaction. Automatically records form inputs unless explicitly configured to exclude fields. |
| Microsoft Clarity | Session recordings, heatmaps, dead clicks, rage clicks, scroll depth, form interactions | Critical | Free tool from Microsoft means extremely wide deployment. Records full session content and transmits to Microsoft infrastructure. Integration with Bing Ads amplifies data exposure. |
| Mouseflow | Session replay, click heatmaps, movement heatmaps, scroll heatmaps, form analytics, funnel tracking | Critical | Records all mouse movements and clicks with millisecond precision. Form analytics feature specifically captures what users type into input fields. |
| LogRocket | Session replay, network request/response bodies, Redux state, console logs, DOM mutations, user inputs | Critical | Goes beyond visual replay to capture network request and response payloads, which may contain API data, authentication tokens, and user-submitted content. |
| Lucky Orange | Session recordings, dynamic heatmaps, form analytics, chat transcripts, conversion funnels | Critical | Combines session replay with built-in chat recording. Dual exposure: wiretapping under Section 631 for replay, potential eavesdropping under Section 632 for chat. |
| Smartlook | Session recordings, event tracking, heatmaps, funnel analysis, user identification | Critical | Records every user session by default, including form inputs. User identification feature ties recordings to named individuals, strengthening the invasion-of-privacy claim. |
| Glassbox | Session replay, struggle detection, interaction maps, form field analysis, mobile gesture recording | Critical | Enterprise-grade replay tool used heavily in financial services and insurance. Captures interactions on sites handling sensitive financial data, amplifying GLBA overlay claims. |
| Quantum Metric | Session replay, continuous product design analytics, rage click detection, API call monitoring | Critical | Enterprise replay platform that captures API call data alongside visual sessions. Common on high-traffic retail and financial sites with large potential class sizes. |
| Inspectlet | Session recordings, heatmaps, form analytics, error logging, A/B testing interaction data | Critical | Records all user sessions with explicit form analytics that capture field-level input data. Stores recordings on Inspectlet servers as a third-party interceptor. |
| Salesforce Interaction Studio (Evergage) | Real-time behavior tracking, session content, product interactions, personalization data, cross-channel identity | Critical | Records user behavior for real-time personalization and transmits to Salesforce infrastructure. Cross-channel identity resolution means data from website sessions is linked to email, mobile, and offline interactions. |
| Contentsquare | Zone-based heatmaps, session replay, revenue attribution, journey analysis, interaction metrics | High | Captures interaction content at the zone level rather than pixel level. Slightly less granular than full session replay, but still records the substance of user interactions with page content. |
| Heap Analytics | Auto-captured events, retroactive analytics, session replay, form interactions, click data | High | Automatically captures every user interaction without requiring explicit configuration. "Capture everything" approach means the site operator may not even know what content is being intercepted and transmitted. |
Why session replay is the strongest claim: Unlike tracking pixels that collect metadata, session replay tools capture the actual content of user communications. When a user types a medical symptom into a search bar, enters a credit card number, or drafts a message in a text field, the replay tool records that content verbatim. This is content interception in its most literal form—exactly what Section 631 was designed to prohibit.
Tracking Pixels (CIPA Section 638.51 — Pen Register)
Tracking pixels collect addressing information: who visited a website, when they visited, from where (IP address, referrer), what pages they viewed, and what actions they took (add to cart, submit form, make purchase). They transmit this data to a third-party advertising platform—Meta, TikTok, LinkedIn, or a data broker—that uses it to build behavioral profiles for ad targeting.
Under CIPA Section 638.51, this constitutes operation of a "pen register" without a court order. The statute defines a pen register as a device that records "dialing, routing, addressing, or signaling information" about communications—precisely what tracking pixels do when they log which users visited which pages and transmit that information to third-party servers.
Tracking pixels create the broadest class action exposure because they are deployed on nearly every commercial website and fire on every page load, generating a violation for each visit by each class member. A site with 500,000 monthly California visitors running three tracking pixels faces theoretical exposure of $3.75 billion in statutory damages per month ($2,500 per violation times 1.5 million violation-events).
| Tracker Name | What It Captures | Severity | Why It's a Violation |
|---|---|---|---|
| Meta Pixel (Facebook) | Page views, button clicks, form submissions, purchases, add-to-cart events, custom conversions, browser/device fingerprint | High | Transmits detailed user behavior data to Meta for ad targeting and cross-site tracking. Links website visits to Facebook profiles, creating a comprehensive surveillance dossier. Most litigated tracking pixel in CIPA cases. |
| TikTok Pixel | Page views, click events, form submissions, content views, product interactions | Medium | Transmits browsing behavior to TikTok (ByteDance) servers. Foreign ownership and data transfer concerns amplify the privacy narrative in litigation. |
| LinkedIn Insight Tag | Page views, conversion events, company-level visitor demographics, retargeting data | Medium | Identifies website visitors by their LinkedIn professional profiles. Links browsing behavior to named individuals through LinkedIn's identity graph. |
| Pinterest Tag | Page views, checkout events, add-to-cart, signup events, search queries, custom events | Medium | Transmits shopping and browsing behavior to Pinterest for ad targeting. Captures search queries, which may constitute content rather than mere addressing information. |
| Snapchat Pixel | Page views, purchase events, signup events, add-to-cart events, content views | Medium | Transmits conversion and browsing data to Snap Inc. for ad attribution and retargeting. Links website behavior to Snapchat user profiles. |
| Klaviyo | Page views, product views, add-to-cart events, checkout behavior, email engagement, customer profiles, purchase history | High | Email marketing platform that builds detailed customer profiles from website behavior. Combines browsing data with email engagement to create cross-channel surveillance profiles used for automated marketing. |
| Twitter/X Pixel | Page views, conversion events, site visits, content views, download events | Medium | Transmits browsing behavior to X Corp. for ad targeting and audience building. Links website visits to X user accounts. |
| HubSpot Tracking | Page views, form submissions, email opens, CTA clicks, document views, meeting bookings, chat interactions | High | CRM platform that builds named visitor profiles from website behavior. Identifies anonymous visitors by matching browsing data to known contacts via cookies and email tracking. |
| Microsoft Bing UET / Ads | Page views, conversion events, search queries that led to the visit, shopping behavior, custom events | High | Transmits browsing and conversion data to Microsoft for ad targeting across Bing, MSN, Outlook, and Edge. Microsoft's broad platform reach means the addressing data feeds into an extensive cross-property surveillance network. |
| Criteo Retargeting | Product views, cart contents, purchase data, browsing patterns, cross-site behavioral profile | High | Explicitly designed for cross-site tracking and retargeting. Builds behavioral profiles across thousands of partner sites to serve personalized ads. The cross-site nature strengthens the pen register theory. |
| The Trade Desk | Page views, conversion events, audience segment data, cross-device matching, real-time bidding signals | High | Demand-side platform that feeds user data directly into programmatic ad auctions. Website behavior data is broadcast to dozens of ad exchanges and data brokers in real time. |
| Taboola | Page views, content engagement, scroll depth, click-through events, audience interests | Medium | Content recommendation platform that profiles user interests from browsing behavior. Transmits engagement data to Taboola's ad network for native advertising targeting. |
| Outbrain | Page views, content engagement, click-through events, interest categories, referral data | Medium | Content discovery platform that collects browsing patterns and interest signals. Transmits user engagement data to Outbrain's recommendation and ad-serving infrastructure. |
Chat Widgets (CIPA Section 632 — Eavesdropping)
Live chat widgets record conversations between website visitors and customer service representatives. When a consumer uses a chat widget to discuss a billing dispute, inquire about a medical condition, share account credentials, or ask about a legal matter, that conversation may constitute a confidential communication under California law. The user is typing into a private, one-on-one conversational interface—not posting on a public forum.
Under CIPA Section 632, it is a crime to record a confidential communication without the consent of all parties. California is a two-party consent state: both the user and the agent must consent to recording. When the chat vendor records, stores, and processes these conversations on its own servers—often for analytics, quality assurance, AI training, or sale to third parties—that third-party recording may violate Section 632.
The eavesdropping theory is strengthened when the chat widget does not display a recording disclosure before the conversation begins, or when the disclosure is buried in a terms-of-service link that no reasonable user would read before typing a time-sensitive customer service question.
| Tracker Name | What It Captures | Severity | Why It's a Violation |
|---|---|---|---|
| Intercom | Chat transcripts, user identity, browsing history, custom attributes, company data, conversation metadata | Medium | Records full chat transcripts and links them to identified user profiles. Conversation data is stored on Intercom's servers and used for product analytics and AI features. |
| Drift | Chat transcripts, meeting bookings, visitor identity, lead qualification data, conversation routing metadata | Medium | Records conversations and uses them for lead scoring and sales intelligence. Chat data is processed by Drift's AI to qualify leads, meaning conversation content is analyzed by automated systems. |
| Zendesk Chat | Chat transcripts, support tickets, user identity, satisfaction ratings, agent performance data | Medium | Records and stores all chat transcripts on Zendesk servers. Conversations about billing disputes, account issues, and personal problems are retained indefinitely by default. |
| LiveChat | Chat transcripts, pre-chat survey responses, visitor browsing path, typing preview (message sneak peek), file attachments | Medium | The "sneak peek" feature shows agents what visitors are typing before they press send. This captures draft communications the user may choose not to send—a particularly invasive form of eavesdropping. |
| Tidio | Chat transcripts, visitor browsing behavior, email addresses, phone numbers, custom properties | Medium | Combines live chat recording with visitor tracking. Collects personal contact information shared during conversations and links it to browsing behavior profiles. |
| Crisp Chat | Chat transcripts, co-browsing sessions, video calls, visitor identity, knowledge base interactions | Medium | Co-browsing feature allows agents to see the visitor's screen in real time, combining eavesdropping (Section 632) with potential content interception (Section 631). |
| Freshchat | Chat transcripts, bot conversations, user properties, campaign interactions, ticket data | Medium | Part of the Freshworks suite. Records conversations across chatbot and human agent interactions. Bot conversation data is used for Freshworks' AI training and improvement. |
| HubSpot Live Chat | Chat transcripts, contact identity, deal associations, meeting bookings, conversation routing | Medium | Integrates chat conversations directly into the HubSpot CRM. Every conversation becomes a permanent record in the contact's profile, linked to sales pipeline and marketing data. |
| Olark | Chat transcripts, visitor identity, co-browsing data, custom visitor properties, team performance metrics | Medium | Records all chat conversations and stores them with visitor identification data. Transcripts are retained on Olark's servers and accessible to the site operator for review and analytics. |
AI Chatbots (CIPA Section 632 — Emerging Theory)
AI chatbots are the newest and fastest-growing category of tracker creating privacy litigation exposure. When consumers interact with an AI-powered customer service widget, they often share deeply personal information: medical symptoms, financial difficulties, legal questions, relationship problems. The conversational interface creates an expectation of privacy that mirrors a phone call or in-person consultation.
The critical distinction from traditional chat widgets is that AI chatbot conversations are not just recorded—they are processed, analyzed, and potentially used for model training by the third-party AI vendor. When a user shares personal health information with a website's AI assistant powered by OpenAI, that conversation data may be transmitted to OpenAI's servers, processed by their systems, and—depending on the vendor's data policies—used to improve future AI models. The user's confidential communication does not just sit in a database; it becomes training data for a commercial AI product.
This theory is still emerging in the courts, but the legal logic is sound: Section 632 prohibits recording a confidential communication without consent. The AI vendor records, processes, and derives commercial value from the conversation. The user did not consent to their private statements becoming AI training data. The conversational format creates a reasonable expectation of confidentiality.
| Tracker Name | What It Captures | Severity | Why It's a Violation |
|---|---|---|---|
| OpenAI ChatGPT Widget | Full conversation transcripts, user queries, context window content, interaction metadata | Medium | Conversations are transmitted to OpenAI's servers for processing. Depending on configuration, conversation data may be used for model training. Users sharing personal information do not expect their words to train a commercial AI product. |
| Ada AI Support | Conversation transcripts, user intents, resolution outcomes, handoff context, customer identity | Medium | AI-first customer service platform that records and analyzes all conversations. Uses conversation data to train and improve its AI models, deriving commercial value from user communications. |
| Google Dialogflow | Conversation transcripts, detected intents, extracted entities (names, dates, numbers), session context, fulfillment data | Medium | Transmits conversation data to Google Cloud infrastructure. Entity extraction specifically identifies and stores personal information mentioned in conversations (names, phone numbers, addresses). |
| IBM Watson Assistant | Conversation logs, user intents, entities, context variables, dialog node traversal, session data | Medium | Records complete conversation logs on IBM Cloud infrastructure. Watson's AI processes user statements to extract meaning, requiring the full content of each communication to be transmitted to and stored by IBM. |
| Amazon Lex | Voice and text transcripts, detected intents, slot values (user-provided data), session attributes, fulfillment responses | Medium | Transmits all user input to AWS infrastructure for intent processing. Slot values specifically capture structured personal information (names, account numbers, dates) provided during conversation. |
| Botpress | Conversation transcripts, user attributes, workflow state, NLU training data, integration payloads | Medium | Open-source chatbot platform where conversation data may be used to train custom NLU models. User communications become direct training inputs for the bot's language understanding. |
| Voiceflow | Conversation transcripts, user variables, workflow analytics, A/B test data, knowledge base queries | Medium | Conversation design platform that logs all user interactions for analytics and optimization. Conversation data stored on Voiceflow's cloud infrastructure and used for workflow improvement. |
| Kore.ai | Conversation transcripts, task completion data, user identity, sentiment analysis, intent classification | Medium | Enterprise AI platform that performs sentiment analysis on user communications. Analyzing the emotional content of conversations goes beyond mere recording to active interpretation of confidential communications. |
| Rasa Chatbot | Conversation transcripts, custom actions, entity extraction, story data, policy predictions | Medium | Open-source conversational AI that records conversations for model training. Even self-hosted deployments may transmit data to third-party NLU services depending on the pipeline configuration. |
Analytics and Data Collection (Section 638.51)
This final category encompasses analytics platforms, ad tracking tools, data collection infrastructure, and identity resolution services. While individually less dramatic than session replay or chat recording, these tools collectively create substantial exposure because of their ubiquity and the volume of addressing data they transmit to third parties.
Most analytics tools operate as pen registers under Section 638.51: they collect and transmit addressing information (who visited, when, from where, what pages) to third-party servers without capturing the content of communications. However, two tools in this category—LiveRamp Identity Resolution and FingerprintJS—carry Critical severity ratings because their specific function is to identify and track individual users across the internet, creating a more invasive form of addressing-information surveillance.
Analytics Platforms
| Tracker Name | What It Captures | Severity | Why It's a Violation |
|---|---|---|---|
| Google Analytics 4 (GA4) | Page views, events, conversions, user properties, session data, demographic signals, cross-device user ID | Medium | Transmits detailed behavioral data to Google's servers. Cross-device tracking and Google Signals integration link website visits to individual Google accounts. The most widely deployed analytics tool worldwide. |
| Mixpanel | Events, user profiles, behavioral cohorts, funnel analytics, retention data, A/B test results | Medium | Builds named user profiles from website behavior and transmits event data to Mixpanel servers. User identification features link browsing behavior to known individuals. |
| Amplitude | Events, user properties, behavioral cohorts, session data, feature usage, revenue attribution | Medium | Product analytics platform that collects user behavior data for behavioral analysis. Identity resolution links anonymous sessions to identified users. |
| Adobe Analytics | Page views, custom events, eVars, props, classification data, visitor profiles, cross-device stitching | Medium | Enterprise analytics platform with cross-device identity stitching. Part of Adobe Experience Cloud, where website behavior data feeds into a broader marketing surveillance ecosystem. |
| Quantcast | Page views, audience demographics, interest categories, cross-site behavioral profiles, real-time bidding data | Medium | Audience measurement platform that builds cross-site behavioral profiles. Data feeds directly into Quantcast's ad platform for programmatic targeting. |
Ad Tracking and Tag Management
| Tracker Name | What It Captures | Severity | Why It's a Violation |
|---|---|---|---|
| Google DoubleClick / Floodlight | Ad impressions, click-through events, conversion tracking, audience segments, cross-site ad attribution | Medium | Google's ad-serving infrastructure that tracks users across the DoubleClick ad network. Cross-site tracking cookies link browsing behavior across thousands of websites. |
| Clarity Conversion API | Server-side conversion events, purchase data, lead submissions, custom conversion actions | Medium | Server-side tracking that bypasses browser privacy controls. Because it operates server-to-server, users cannot block it with ad blockers or browser privacy settings, making the tracking more covert. |
| Google Tag Manager | Acts as a container that loads and manages other tracking scripts; captures data layer events, custom triggers, tag firing sequences | Medium | Tag management system that enables deployment of multiple tracking tools. While GTM itself is a delivery mechanism, it facilitates the deployment of other trackers that may violate CIPA, and its data layer can capture user interaction data. |
Data Collection and Identity Resolution
| Tracker Name | What It Captures | Severity | Why It's a Violation |
|---|---|---|---|
| Segment | All user events, identity traits, page views, custom track calls; routes data to 300+ downstream integrations | Medium | Customer data platform that acts as a multiplier: it collects user data and fans it out to hundreds of third-party tools. A single Segment integration can create exposure with dozens of downstream data recipients. |
| LiveRamp Identity Resolution | Cross-device identity graph, offline-to-online matching, deterministic and probabilistic identity links, data onboarding | Critical | Explicitly designed to identify anonymous website visitors by matching their browsing behavior to offline identity data (real names, addresses, purchase history). The most invasive form of addressing-information collection: it resolves anonymous visits to named individuals. |
| FingerprintJS | Browser fingerprint (canvas, WebGL, fonts, plugins, screen resolution, timezone, hardware concurrency), visitor ID, confidence score | Critical | Creates a persistent identifier from browser characteristics that survives cookie deletion, incognito mode, and VPN use. Designed specifically to track users who have taken steps to avoid being tracked—defeating the user's express privacy choices. |
The identity resolution escalation: LiveRamp and FingerprintJS represent a qualitative shift from routine analytics. Most pen register tools collect pseudonymous addressing data—an IP address, a cookie ID. These tools are specifically engineered to resolve that data to a named individual. A user who deliberately clears cookies or browses in private mode has made an affirmative choice to avoid tracking. FingerprintJS is designed to defeat that choice. This intentional circumvention of user privacy controls strengthens both the pen register claim and a potential wiretapping claim under Section 631.
How Deliberize Detects These Trackers
Deliberize's detection engine does not rely on blocklist databases or self-reported tag inventories. It uses a headless Playwright browser to load each target website in a controlled environment and performs four layers of forensic analysis:
- Network request pattern matching: Every outbound HTTP request is captured in a HAR (HTTP Archive) file. The scanner matches request URLs, headers, and payloads against known tracker domain patterns and API endpoints. A Meta Pixel detection, for example, requires matching a request to
connect.facebook.netwith a specificfbq()initialization pattern. - JavaScript execution signatures: The scanner monitors JavaScript execution for tracker initialization patterns—global variable assignments, function calls, and object constructor invocations that are unique to each tracking vendor. This catches trackers that use custom domains or proxy their requests through first-party infrastructure.
- DOM element analysis: Chat widgets, consent banners, and embedded iframes are detected by inspecting the live DOM after page load. The scanner identifies tracker-specific HTML elements, shadow DOM encapsulation, and dynamically injected script tags.
- Evidence capture: For every detection, the scanner captures forensic evidence: the full HAR file showing the network request, a screenshot of the page state, the relevant DOM elements, and cookie data. This evidence is packaged into litigation-ready exhibits that an attorney can attach directly to a complaint or discovery request.
The detection methodology is deterministic, not probabilistic. If the scanner reports that Hotjar is present on a website, it means Hotjar's JavaScript executed, Hotjar's network requests were captured, and the evidence is preserved. This is not guesswork—it is forensic evidence of the tracker's presence and behavior. To see what a full detection report looks like, view a sample report.
See which of these trackers are on 560+ scanned websites
Every site scored for litigation viability. Every tracker mapped to a CIPA theory. Evidence packages ready for plaintiff attorneys.
Browse the Case DatabaseDeliberize LLC is a technology company, not a law firm, and does not provide legal advice. All reports and analysis are investigative tools that require independent review by a licensed attorney.