Appearance
Customer data & privacy
Passing customer details with conversion events dramatically improves ad-platform match rates (Meta's Event Match Quality). Prism is built so that raw customer data never leaves the visitor's browser.
Recognized fields
Pass these as properties on any prism('track', ...) call:
js
window.prism('track', 'Lead', {
email: '[email protected]',
phone: '(555) 123-4567',
first_name: 'Jane',
last_name: 'Doe',
city: 'Austin',
state: 'TX',
zip: '78701',
date_of_birth: '1990-04-12',
});| Field | Normalization before hashing |
|---|---|
email | trimmed, lowercased |
phone | digits only |
first_name, last_name | letters only, lowercased |
city | letters only, lowercased |
state | 2-letter code, lowercased |
zip | first segment, whitespace stripped |
date_of_birth | digits only (YYYYMMDD) |
Each field is normalized to the ad platforms' matching rules and SHA-256 hashed in the browser before the event is sent. The raw values are removed from the payload — Prism's servers only ever see the hashes, which is exactly the format Meta CAPI accepts.
fb_login_id (the numeric Facebook user ID, for sites with Facebook Login) is also recognized and passed through un-hashed, per Meta's spec.
Identity and cookies
adsidian_id— issued server-side as an HTTP-only, secure cookie scoped to your root domain, 1-year lifetime. Because it's set by an HTTP response on your own domain, it is not subject to Safari's 7-day JavaScript cookie cap.- Click-ID cookies (
fbclid,gclid, …) — 90-day first-party cookies, so a visitor who clicks an ad today and converts next month still attributes correctly. _fbp— Meta's browser identifier. If the site has no Meta pixel, Prism generates a spec-compliant value so CAPI events still match.
Consent
If your site operates under GDPR/CCPA-style consent requirements, gate the snippet behind your consent manager the same way you would a pixel (only inject the script tag after consent), or ask your agency about Prism's per-client consent configuration.