Overview


Formulayt can integrate with OneTrust so that key features respect the user’s consent choices:

  • Formulayt Event System (custom JavaScript)

  • Formulayt Performance Tracking (Reporting)

  • Formulayt Contact Data Pre-Population


When the OneTrust integration is active and the OneTrust script is present on the page, Formulayt reads the relevant OneTrust cookie categories and enables or disables these features accordingly.


If OneTrust is not present on the page, the integration has no effect and Formulayt behaves as normal.

Prerequisites


To use the OneTrust integration:

  1. You must have an active OneTrust implementation on your site.

  2. The OneTrust script must be loaded before the Formulayt script.

  3. You should load the Formulayt script outside of your OneTrust script, or we strongly recommend you configure the Formulayt script as “essential” in OneTrust so it always loads. Formulayt then enforces its own behaviour based on the user’s choices.

How Formulayt reads OneTrust state


OneTrust exposes the user’s consent via a global variable:


window.OnetrustActiveGroups // e.g. "C0001,C0002,C0003"

Each value is a category ID (for example, using OneTrust defaults):

  • C0001 – Strictly Necessary

  • C0002 – Performance

  • C0003 – Functional

  • C0004 – Targeting

  • C0005 – Social Media


Formulayt reads OnetrustActiveGroups as it loads and uses your configuration to decide whether each feature (Events, Reporting, Pre-pop) should be active.


If window.OnetrustActiveGroups is not present at all, the integration behaves as if OneTrust isn’t running and all features are allowed.

Configuring the OneTrust app in Formulayt


In Apps → OneTrust, you configure which OneTrust categories must be accepted in order to use each Formulayt feature.


For each of the three areas:

  • Formulayt Event System (Custom JavaScript)

  • Formulayt Performance Tracking (Reporting)

  • Formulayt Contact Data Pre-Population


you can either:

  1. Use default OneTrust categories (via checkboxes like “Performance Cookies (C0002)”, “Functional Cookies (C0003)”, etc.), or

  2. Provide your own category IDs (one per line) if you don’t use the default C000x values.


Form rendering and submissions are always allowed; they are not gated by OneTrust.

Behaviour summary by feature


Assuming you’ve set the categories for each feature:


Event System (Custom JavaScript)

  • Formulayt determines whether the Event System is considered “allowed” based on the configured categories.

  • You can also use the OneTrust data source(s) described below inside your event code to decide whether to call third-party tools or run tracking logic for more detailed control.


Reporting (Performance Tracking)

If the required consent categories are not accepted:

  • No Formulayt performance tracking events are sent to Formulayt reporting.

  • No Formulayt tracking cookies are dropped for reporting purposes.


Contact Data Pre-Population

If the required consent categories are not accepted:

  • No personal data is used for pre-population.

  • MA-cookie based pre-pop (e.g. Eloqua / Marketo) is disabled.

  • Pre-pop based on previous submissions stored in the browser is also disabled.

  • Non-personal pre-pop sources (e.g. UTM parameters) are not affected.

OneTrust data source for events


When the OneTrust app is active, you’ll see the below data source field available in Formulayt:

  • OneTrust active opt-in IDs

    This contains a comma-separated list of category IDs that the user has opted-in to, eg:

    • "C0001,C0003"


You can use this in the Event System to decide if your JS should send events to analytics, MA platforms, etc.