iFrame & Cookies

This page explains how the Spara chat widget works from a technical perspective, what data it stores in the browser, and how it relates to your website's cookie consent policies.

How the Spara widget loads

When you add the Spara JavaScript snippet to your website, it creates an iframe (inline frame) that loads the chat agent interface. An iframe is a standard web technology that embeds one webpage inside another — similar to how a YouTube video embed works.

The iframe approach means:

• Spara's code runs in isolation from your website's code. It cannot access your page's JavaScript variables, DOM, or other data unless explicitly passed through the embed snippet.

• Your website's code runs in isolation from Spara. Your scripts cannot access the contents of the Spara iframe.

• Styling is independent. Spara's styles do not conflict with your website's CSS, and vice versa.

What Spara stores in the browser

Spara uses localStorage (not cookies) to persist a small amount of data in the visitor's browser. localStorage is a browser storage mechanism that keeps data on the user's device, similar to cookies but with key differences:

• localStorage data is not sent to servers with every HTTP request (unlike cookies)

• localStorage is scoped to your website's domain — it cannot be read by other websites

• localStorage persists until explicitly cleared by the user or your code

Data stored

Spara does not store:

• Names, email addresses, or other personally identifiable information in localStorage

• Third-party tracking data

• Cross-site identifiers

Cookies

Spara does not set any cookies on your website. The embed snippet reads (but does not write) certain existing cookies on your site for analytics integration purposes:

• Google Analytics cookies (_ga, _ga_*) — If present, Spara reads the GA4 client ID and session ID so that Spara lead activity can be correlated with your Google Analytics data

• Google Click ID cookies (_gcl_aw, _gcl_au) — If present, Spara captures these for ad attribution

These cookies are set by Google Analytics, not by Spara. Spara will ingest the GA4 client ID and session ID automatically and can read the gcl_au and gcl_aw cookies if they are mapped as query parameters. See Query Parameters for more information.

Cookie consent and Spara

A common question is whether Spara needs to be behind your cookie consent banner. The answer depends on your organization's specific compliance requirements, but here are the technical facts:

• Spara does not set cookies — it uses localStorage only

• Spara does generate a pseudonymous identifier (the prelead UUID) stored in localStorage, which some privacy regulations may classify similarly to cookies

• Spara does read existing Google Analytics cookies if present, for attribution purposes

Common approaches

• Show Spara before consent — Since Spara does not set cookies, some organizations display the chat widget immediately, even before cookie consent is granted. The prelead UUID is pseudonymous and not linked to personal data unless the visitor voluntarily provides it during conversation.

• Show Spara after consent — Organizations with stricter consent requirements load the Spara embed snippet only after the visitor accepts cookies. This can be done by conditionally inserting the script tag based on your consent management platform's API.

Z-index and stacking

The Spara chat widget uses a high z-index to ensure it appears above most page content. If your cookie consent banner also uses a high z-index, both elements can coexist — the banner will typically appear above or alongside the chat widget depending on your CSS. If you need to adjust layering, contact your Spara account manager.