ServerTrack.io

User Data Collection and Privacy

Last updated: January 30, 2026 • 7 min read

Guide to collecting user data (email, phone, name) for better event matching while respecting privacy regulations.

Introduction

Collecting user data (email, phone, name, etc.) improves event matching and conversion tracking accuracy. This guide explains how to collect user data properly while respecting privacy regulations like GDPR.

Important: ServerTrack automatically hashes PII (Personally Identifiable Information) before sending to platforms. You should send raw data to ServerTrack, and we handle the hashing (SHA256) automatically.

User Data Structure

User data should be structured as an object with standard fields:

const userData = {
    // Contact Information
    em: "customer@example.com",    // Email (lowercase, trimmed)
    ph: "16505551212",              // Phone (numbers only, country code)
    
    // Personal Information
    fn: "john",                     // First Name (lowercase)
    ln: "doe",                      // Last Name (lowercase)
    db: "19970216",                 // Date of Birth (YYYYMMDD)
    ge: "m",                        // Gender (f or m)
    
    // Location Information
    ct: "newyork",                  // City (lowercase, no spaces)
    st: "ny",                       // State (2-letter code, lowercase)
    zp: "10001",                    // Zip Code (no dashes)
    country: "us"                   // Country (2-letter ISO code)
};

Required Formatting

User data fields must be properly formatted:

  • Email (em): Lowercase, trimmed, no spaces
  • Phone (ph): Numbers only, country code included, no + or leading zeros
  • Names (fn, ln): Lowercase, no punctuation
  • Date of Birth (db): YYYYMMDD format (8 digits)
  • Gender (ge): "f" (female) or "m" (male), lowercase
  • City (ct): Lowercase, no spaces or punctuation
  • State (st): 2-letter code, lowercase
  • Zip Code (zp): No dashes or spaces
  • Country: 2-letter ISO 3166-1 alpha-2 code, lowercase

Hashing Requirements

ServerTrack automatically handles hashing:

  • Automatic Hashing: ServerTrack hashes PII fields (em, ph, fn, ln, etc.) using SHA256 before sending to platforms
  • Send Raw Data: You should send raw, unhashed data to ServerTrack
  • SHA256 Standard: PII is hashed using SHA256 algorithm (standard for Facebook CAPI, TikTok ePIG)
  • Normalization: Data is normalized (lowercase, trimmed) before hashing

Note: Do NOT hash data before sending to ServerTrack. Send raw data, and ServerTrack will handle hashing automatically.

GDPR Considerations

When collecting user data, consider GDPR requirements:

  • Consent: Obtain user consent before collecting personal data
  • Purpose Limitation: Only collect data necessary for tracking purposes
  • Data Minimization: Collect only the minimum data needed
  • Transparency: Inform users about data collection in your privacy policy
  • User Rights: Respect user rights to access, delete, or modify their data

Privacy Compliance

To ensure compliance:

  • Privacy Policy: Include data collection information in your privacy policy
  • Cookie Consent: Implement cookie consent mechanisms where required
  • Data Controller vs Processor: Understand that you are the data controller, ServerTrack is the processor
  • Data Processing Agreement: Review ServerTrack's DPA (Data Processing Agreement)

Data Minimization

Collect only what you need:

  • Essential Fields: Email and phone are most important for matching
  • Optional Fields: Names, location, and other fields improve matching but aren't required
  • Context Matters: Collect more data for high-value events (Purchase) than for low-value events (ViewContent)

Implementation Example

// Collect user data from your forms/checkout
function trackPurchase(orderData) {
    const userData = {
        // Only include data you have permission to collect
        em: orderData.email?.toLowerCase().trim(),
        ph: orderData.phone?.replace(/\D/g, ''), // Remove non-digits
        fn: orderData.firstName?.toLowerCase().trim(),
        ln: orderData.lastName?.toLowerCase().trim(),
        country: orderData.country?.toLowerCase().substring(0, 2)
    };
    
    // Remove undefined/null values
    Object.keys(userData).forEach(key => {
        if (!userData[key]) delete userData[key];
    });
    
    st('track', 'Purchase', {
        value: orderData.total,
        currency: orderData.currency,
        transaction_id: orderData.orderId,
        content_ids: orderData.productIds
    }, userData);
}

Best Practices

  • Collect at Checkout: Best time to collect complete user data
  • Normalize Before Sending: Normalize data format before sending to ServerTrack
  • Validate Data: Validate email format, phone number format, etc.
  • Respect Privacy: Only collect data users have consented to provide
  • Handle Errors: Handle cases where user data is missing or invalid

Summary

User data collection best practices:

  • Collect user data (email, phone, name) to improve event matching
  • Format data correctly (lowercase, trimmed, proper formats)
  • Send raw data to ServerTrack (we handle hashing automatically)
  • Respect privacy regulations (GDPR, consent, data minimization)
  • Collect only necessary data with user consent

Following these practices ensures better tracking accuracy while maintaining privacy compliance.

Was this article helpful?

Please log in to provide feedback on this article.