Google Analytics Ecommerce Tracking

Question

When using the Ecommerce methods in Google Analytics do you also make calls to the normal tracking methods as well?

When we first added GA too our site a few years ago we left it off of the sales pages as we wanted to be careful about what information might be sent to Google. But now that I'm adding Ecommerce tracking to these pages I'm wondering if GA would benefit from also getting normal tracking data on the sales pages.

My guess is that as long as I'm not doing something stupid like passing personal data as GET parameters then it is safe to put GA on a page that handles credit card information?

I could just leave it alone and only make the Ecommerce calls to GA but I'm worried that I won't get as much benefit from GA if it doesn't have the full context of the transaction from normal tracking calls.

Any general experience with using GA on a page that handles credit card information would be helpful.

Answer 1

Yes, you should. From a purely data-integrity perspective, your data gets messed up if you leave pages off of tracking.

Imagine if Pages A and D both have GA tags on them, and B and C are your private, untagged pages.

If someone Lands on Page A, clicks to Page B, buys on B, takes them to C (receipt page), and then they go to D, Google Analytics views that as two separate visits, the second one referred by your own site. This is obviously not what happened, but your data will say that is what did happen.

On the privacy front, Google's Terms of Service stipulate that they do not use your data; indeed, they have too much of it to ever make use of it even if they were that evil.

Further, if your eCommerce takes place on a secure server (https), then Google Analytics tracking is done via secure methods as well, so none of your private data is publicly 'listenable' to malicious third parties.

Google does not have access to anything you don't send it, so as long as you're not passing credit card numbers (which would be a violation of the Terms of Service, and a horrendously bad idea) or personally identifiable information (names, addresses, etc), you can trust that the data is treated safely and securely. Google views Analytics as a lure to sell AdWords more effectively, and to that end, have an interest in keeping data secure to maintain their core business model.

From the Google Analytics Terms of Service:

1. INFORMATION RIGHTS AND PUBLICITY . Google and its wholly owned subsidiaries may retain and use, subject to the terms of its Privacy Policy (located at http://www.google.com/privacy.html , or such other URL as Google may provide from time to time), information collected in Your use of the Service. Google will not share information associated with You or your Site with any third parties unless Google (i) has Your consent; (ii) concludes that it is required by law or has a good faith belief that access, preservation or disclosure of such information is reasonably necessary to protect the rights, property or safety of Google, its users or the public; or (iii) provides such information in certain limited circumstances to third parties to carry out tasks on Google's behalf (e.g., billing or data storage) with strict restrictions that prevent the data from being used or shared except as directed by Google . When this is done, it is subject to agreements that oblige those parties to process such information only on Google's instructions and in compliance with this Agreement and appropriate confidentiality and security measures.confidentiality and security measures.

Answer 2

If you worry so much about sending data somewhere, install Piwik to your own server and use it to track everything. It can track page views, events, goals, and pretty much everything GA can. And it is open-source.