VWO assigns each visitor a unique identifier stored in a cookie on the arlo.com domain for 366 days, which is used to track your behavior across multiple visits and sessions for analytics and A/B testing purposes.
This analysis describes what Arlo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
A persistent 366-day tracking cookie means your browsing behavior on Arlo's site can be linked across visits for over a year, enabling longitudinal profiling of your product interests, purchase patterns, and site engagement.
Interpretive note: Whether consent gating is properly implemented for this cookie depends on the OneTrust configuration, which is not fully visible in this document; the practical enforcement of consent requirements depends on jurisdiction.
A unique identifier tied to your device is stored for 366 days, allowing VWO and Arlo to recognize you and link your browsing sessions across more than a year of visits to the arlo.com website.
How other platforms handle this
We use cookies and similar tracking technologies to track the activity on our websites and services and store certain information. Tracking technologies used include beacons, tags, and scripts to collect and track information and to improve and analyze our services. You can instruct your browser to ...
We use cookies, web beacons, pixel tags, and other tracking technologies to collect information about your use of our Services. This information may include your IP address, browser type, operating system, referring URLs, and information about how you interact with our Services.
User content, such as prompts, photos, images, music, videos, audio, screen sharing, comments, questions, messages, works of authorship, and other content or information that you, or third parties acting on your behalf, input, generate, transmit, upload, or submit to us as part of a contest or live ...
Monitoring
Arlo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"window._vwoCookieDomain="arlo.com"; ... window.VWO.visUuid="DC177A9E79BCB970A8B296674EB0FC55A|6ca07b28c173a3cd0f825c64908ad01b"; ... setValue(a.join("|"),366)— Excerpt from Arlo's Arlo Privacy Policy
1) REGULATORY LANDSCAPE: A 366-day persistent tracking cookie deployed for behavioral analytics and A/B testing is a non-essential cookie requiring prior informed consent under the ePrivacy Directive for EU users, and GDPR Article 6 lawful basis. Under CCPA/CPRA, the persistent identifier qualifies as personal information (a unique identifier tied to a device), and its use for analytics constitutes processing that must be disclosed. Some EU data protection authorities have issued guidance suggesting that cookie lifetimes should be proportionate to the purpose; a 366-day lifetime for A/B testing purposes may be subject to challenge. 2) GOVERNANCE EXPOSURE: Medium. The 366-day cookie lifetime exceeds the 13-month maximum recommended by some EU regulators (e.g., CNIL guidance) and may require justification under data minimization principles. The UUID format (two concatenated identifiers separated by a pipe) suggests a multi-component identifier that may enable more sophisticated user tracking than a simple session cookie. 3) JURISDICTION FLAGS: EU/EEA users have the strongest protections, with cookie consent required before the UUID is set. California residents can request deletion of personal information including device identifiers under CPRA. Users in other US states with active privacy laws (Virginia, Colorado, Connecticut) may also have deletion or opt-out rights regarding persistent identifiers. 4) CONTRACT AND VENDOR IMPLICATIONS: The VWO UUID cookie is set on the arlo.com domain, meaning Arlo controls the cookie at the first-party level even though VWO is the processor. This structure should be reflected in the DPA with VWO, confirming that data associated with the UUID is processed only on Arlo's behalf and not used for VWO's own purposes. Procurement teams should confirm VWO's data retention and deletion practices for UUID-linked behavioral data. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that the VWO UUID cookie is blocked from being set until the user provides consent through OneTrust, and that withdrawing consent results in deletion of the cookie. The 366-day lifetime should be reviewed against applicable regulatory guidance on proportionality. Data subject access and deletion requests under GDPR and CPRA should include mechanisms to identify and delete data linked to VWO UUIDs.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Netflix updated its Privacy Statement on April 18, 2026, disclosing voice recording collection and expanded household ad profiling for the first time.
Google's Privacy Policy covers Search, Gmail, YouTube, Maps, and every site running Google Analytics. Here is what it actually authorizes.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
A persistent 366-day tracking cookie means your browsing behavior on Arlo's site can be linked across visits for over a year, enabling longitudinal profiling of your product interests, purchase patterns, and site engagement.
A unique identifier tied to your device is stored for 366 days, allowing VWO and Arlo to recognize you and link your browsing sessions across more than a year of visits to the arlo.com website.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Arlo.