> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kleep.ai/llms.txt
> Use this file to discover all available pages before exploring further.
# Cookies, CMP & Data Privacy
> How Kleep handles cookies, consent (CMP), trackers and personal data — and what your Consent Management Platform must enforce before Kleep loads.
This page describes how cookies and similar technologies are handled when Kleep is installed on your storefront, the exhaustive list of trackers and data involved, and the role your Consent Management Platform (CMP) / tag manager must play. It is intended for your data protection and legal teams. Throughout this page, "you" / "the merchant" refers to the website operator acting as **Data Controller**, and "Kleep" refers to Kleep SAS.
Wherever a legal reference is needed, this page maps to the French framework (Article 82 of the *Loi Informatique et Libertés* and the CNIL guidelines on consent), which is among the strictest in the EU. The same logic applies under the GDPR and the ePrivacy Directive across the EU.
## 1. Core principle — Kleep is fully gated by your consent
The Kleep script is loaded and executed **only after consent has been collected through your CMP**. As long as no consent has been given (a refusal **or** the absence of any choice), Kleep does not load: nothing is written to the browser, no event is transmitted, and no recommendation is computed.
It is therefore **your CMP / tag manager that conditions the loading of Kleep** and must trigger our script exclusively after consent has been granted.
Do not load the Kleep script or call `kleep.load(...)` until your CMP signals that consent has been granted for the relevant purposes. If consent is later withdrawn, stop loading Kleep on subsequent page views. See the [JS Library](/cms/js-library) guide for the exact consent-gating wording and implementation.
## 2. Inventory of trackers (dropped after consent only)
All of the items below are placed on the product page **exclusively after consent**. `localStorage` and `sessionStorage` are treated as trackers within the meaning of Article 82 of the *Loi Informatique et Libertés* and are therefore subject to consent.
| Tracker | Storage | Purpose | Description | Retention | Legal basis |
| --------------------------- | ------------------------------ | ------------------------------------- | ------------------------------------------ | -------------------------------------------------------------------------- | ----------- |
| `kleep_uid` | localStorage | Recommendation + audience measurement | Visitor identifier (random UUID) | Persists in the browser until cleared; associated data purged at 12 months | Consent |
| `kleep_user_uuid` | localStorage | Recommendation + audience measurement | Identical to `kleep_uid` | Same as `kleep_uid` | Consent |
| `kleep_session_uuid` | sessionStorage | Recommendation + audience measurement | Session identifier (random UUID) | The session (cleared when the tab is closed) | Consent |
| `kleep_mid` | localStorage | Recommendation | Technical measurement / product identifier | 12 months | Consent |
| `kleep_recommendation_type` | localStorage | Recommendation | Product type (clothing / footwear) | 12 months | Consent |
| `kleep_retailer` | localStorage | Recommendation | Merchant domain | 12 months | Consent |
| `kleep_is_test` | localStorage | Functioning | Technical flag (`0`/`1`) | 12 months | Consent |
| PostHog | Cookie + PostHog local storage | Audience measurement and A/B testing | Analytics provider storage | 12 months | Consent |
## 3. Data processed (in addition to trackers)
* **Kleep questionnaire answers**: age, height, weight, and answers to the morphological questions — collected **only when the user submits the questionnaire** — purposes: size recommendation and algorithm improvement (see §4) — retention: 12 months.
* **Navigation events**: `product_viewed`, `add_to_cart`, `checkout` (including the product variant, price and currency) — purpose: audience measurement and A/B testing — retention: 12 months.
* **No directly identifying data** about your customers (name, e-mail, address) is transmitted to Kleep. The identifiers used are pseudonymous UUIDs specific to Kleep. All data is processed in a pseudonymised manner.
## 4. Purposes and legal bases
Three purposes, all subject to the consent collected through your CMP:
1. **Size recommendation** for clothing and footwear, on behalf of the merchant (Data Controller).
2. **Audience measurement and experience improvement** (A/B testing), via PostHog.
3. **Reuse of data to improve and develop Kleep's recommendation algorithm.** This reuse is carried out exclusively on pseudonymised or aggregated data, without any direct identifier, without re-identification; for this purpose Kleep acts as a **subsequent data controller** in compliance with the GDPR.
As things currently stand, consent is collected **globally**: accepting Kleep covers all three purposes. Per-purpose granularity is on our roadmap (see §7).
### Consent wording to display in your CMP
Your CMP / cookie banner must expose **two processing purposes**, and Kleep may only be loaded once the visitor has consented to both. Pick your storefront language below and copy the wording (the French version is authoritative).
```text Finalités (FR) theme={null}
1ère finalité : le traitement des données à des fins de recommandation de taille de vêtements et de chaussures pour le compte du Responsable de traitement.
2ème finalité (réutilisation des données) : le traitement des données à des fins d'amélioration et de développement de vos Services et Produits. Plus précisément à des fins d'amélioration et de développement de l'algorithme de recommandation des tailles de vêtements et de chaussures de la société Kleep.
```
```text Purposes (EN) theme={null}
Purpose 1: processing of data for the purpose of recommending clothing and footwear sizes on behalf of the Data Controller.
Purpose 2 (data reuse): processing of data for the purpose of improving and developing Kleep's Services and Products. More specifically, for the purpose of improving and developing Kleep's clothing and footwear size recommendation algorithm.
```
```text Zwecke (DE) theme={null}
Zweck 1: die Verarbeitung der Daten zum Zweck der Größenempfehlung für Bekleidung und Schuhe im Auftrag des Verantwortlichen.
Zweck 2 (Weiterverwendung der Daten): die Verarbeitung der Daten zum Zweck der Verbesserung und Weiterentwicklung der Dienste und Produkte von Kleep. Genauer gesagt zum Zweck der Verbesserung und Weiterentwicklung des Algorithmus von Kleep zur Empfehlung von Bekleidungs- und Schuhgrößen.
```
```text Finalidades (ES) theme={null}
Finalidad 1: el tratamiento de los datos con fines de recomendación de tallas de ropa y calzado por cuenta del Responsable del tratamiento.
Finalidad 2 (reutilización de los datos): el tratamiento de los datos con fines de mejora y desarrollo de los Servicios y Productos de Kleep. Más concretamente, con fines de mejora y desarrollo del algoritmo de recomendación de tallas de ropa y calzado de la empresa Kleep.
```
```text Finalità (IT) theme={null}
Finalità 1: il trattamento dei dati a fini di raccomandazione delle taglie di abbigliamento e calzature per conto del Titolare del trattamento.
Finalità 2 (riutilizzo dei dati): il trattamento dei dati a fini di miglioramento e sviluppo dei Servizi e Prodotti di Kleep. Più precisamente, a fini di miglioramento e sviluppo dell'algoritmo di raccomandazione delle taglie di abbigliamento e calzature della società Kleep.
```
```text Finalidades (PT) theme={null}
Finalidade 1: o tratamento dos dados para fins de recomendação de tamanhos de vestuário e calçado por conta do Responsável pelo tratamento.
Finalidade 2 (reutilização dos dados): o tratamento dos dados para fins de melhoria e desenvolvimento dos Serviços e Produtos da Kleep. Mais concretamente, para fins de melhoria e desenvolvimento do algoritmo de recomendação de tamanhos de vestuário e calçado da empresa Kleep.
```
```text Finalidades (BR) theme={null}
Finalidade 1: o tratamento dos dados para fins de recomendação de tamanhos de roupas e calçados por conta do Controlador de dados.
Finalidade 2 (reutilização dos dados): o tratamento dos dados para fins de melhoria e desenvolvimento dos Serviços e Produtos da Kleep. Mais especificamente, para fins de melhoria e desenvolvimento do algoritmo de recomendação de tamanhos de roupas e calçados da empresa Kleep.
```
```text Doeleinden (NL) theme={null}
Doel 1: de verwerking van de gegevens met het oog op het aanbevelen van kleding- en schoenmaten namens de Verwerkingsverantwoordelijke.
Doel 2 (hergebruik van gegevens): de verwerking van de gegevens met het oog op de verbetering en ontwikkeling van de Diensten en Producten van Kleep. Meer bepaald met het oog op de verbetering en ontwikkeling van het algoritme van Kleep voor het aanbevelen van kleding- en schoenmaten.
```
```text Formål (DA) theme={null}
Formål 1: behandling af data med henblik på anbefaling af tøj- og skostørrelser på vegne af den dataansvarlige.
Formål 2 (genbrug af data): behandling af data med henblik på forbedring og udvikling af Kleeps tjenester og produkter. Mere specifikt med henblik på forbedring og udvikling af Kleeps algoritme til anbefaling af tøj- og skostørrelser.
```
```text Käyttötarkoitukset (FI) theme={null}
Käyttötarkoitus 1: tietojen käsittely vaatteiden ja jalkineiden kokosuositusten antamiseksi rekisterinpitäjän lukuun.
Käyttötarkoitus 2 (tietojen uudelleenkäyttö): tietojen käsittely Kleepin palvelujen ja tuotteiden parantamiseksi ja kehittämiseksi. Tarkemmin sanottuna Kleepin vaatteiden ja jalkineiden kokosuositusalgoritmin parantamiseksi ja kehittämiseksi.
```
```text Ändamål (SV) theme={null}
Ändamål 1: behandling av uppgifter i syfte att rekommendera kläd- och skostorlekar för den personuppgiftsansvariges räkning.
Ändamål 2 (återanvändning av uppgifter): behandling av uppgifter i syfte att förbättra och utveckla Kleeps tjänster och produkter. Mer specifikt i syfte att förbättra och utveckla Kleeps algoritm för rekommendation av kläd- och skostorlekar.
```
```text Cele (PL) theme={null}
Cel 1: przetwarzanie danych w celu rekomendowania rozmiarów odzieży i obuwia w imieniu Administratora danych.
Cel 2 (ponowne wykorzystanie danych): przetwarzanie danych w celu ulepszania i rozwoju usług i produktów Kleep. Dokładniej, w celu ulepszania i rozwoju algorytmu rekomendacji rozmiarów odzieży i obuwia firmy Kleep.
```
```text 目的 (JA) theme={null}
目的1:管理者(データ管理者)のために、衣料品および履物のサイズを推奨することを目的としたデータの処理。
目的2(データの再利用):Kleep のサービスおよび製品の改善・開発を目的としたデータの処理。より具体的には、Kleep 社の衣料品および履物のサイズ推奨アルゴリズムの改善・開発を目的とするもの。
```
```text 목적 (KO) theme={null}
목적 1: 개인정보처리자(데이터 컨트롤러)를 대신하여 의류 및 신발 사이즈를 추천할 목적으로 데이터를 처리하는 것.
목적 2(데이터 재사용): Kleep의 서비스 및 제품의 개선과 개발을 목적으로 데이터를 처리하는 것. 보다 구체적으로는 Kleep 사의 의류 및 신발 사이즈 추천 알고리즘의 개선과 개발을 목적으로 함.
```
```text 目的 (ZH) theme={null}
目的一:代表数据控制者,为推荐服装和鞋类尺码之目的处理数据。
目的二(数据再利用):为改进和开发 Kleep 的服务与产品之目的处理数据。更具体而言,为改进和开发 Kleep 公司的服装和鞋类尺码推荐算法之目的。
```
## 5. Decision matrix
The Kleep script loads; the module is displayed; identifiers are stored; events are transmitted; the questionnaire is functional; the recommendation is rendered; all three purposes apply.
The Kleep script is **not** loaded; nothing is stored (localStorage / sessionStorage / cookie); no event; no recommendation; no reuse. The module is not active; the site works normally.
Treated exactly like a refusal (continuing to browse does not amount to consent, in line with the CNIL's position). Nothing is stored and nothing is processed until the user has actively consented.
## 6. Hosting, subprocessors, security, retention
* **Hosting**: Amazon Web Services, Ireland region (European Union).
* **Subsequent subprocessors**: AWS (hosting, EU) and PostHog (audience measurement / A/B testing, EU Cloud instance).
* **Transfers outside the EU**: none. All processing is carried out within the European Union.
* **Security**: encryption in transit (TLS/HTTPS) and at rest; identity and access management (IAM); an incident management process including notification within the regulatory deadlines; auditability (AWS CloudTrail / CloudWatch logs). Security officer (CISO): Théophile Bousquet ([theophile@kleep.ai](mailto:theophile@kleep.ai)). Our detailed security questionnaire is available on request.
* **Retention**: 12 months.
## 7. Roadmap
Per-purpose consent granularity (allowing visitors to consent to each of the three purposes in §4 independently) is planned. Until then, consent is collected globally as described in §4.
Questions about cookies, data processing or our security posture? Contact **[theophile@kleep.ai](mailto:theophile@kleep.ai)**.