Integration patterns at a glance

HEA supports three complementary patterns: Floating pop-up (this page), Conversation starter (full-page iFrame), and the Magic ask bar (auto-expand input → chat).

🍪 Privacy & Cookies (CMP)

HEA is privacy-first by design. Your visitors can use the chat without marketing tracking. We only collect the minimum operational signals needed for security, reliability, and (if applicable) usage-based billing. We separate conversation UX from optional analytics, and we rely on your site’s consent banner to decide what is allowed.

Default behavior (no consent)
  • No CMP runs inside the HEA iframe.
  • Only “strictly necessary” runtime behavior is enabled.
  • Minimal operational logging may occur for security, reliability, and metering (no advertising profiling).

Practical meaning: the chat works. Optional analytics remains off until consent is granted. (Conversation persistence depends on your configuration.)

Embedded on your website
  • Your CMP (Cookiebot / OneTrust / Usercentrics / …) stays the single source of truth.
  • The host page can provide a vendor-agnostic consent signal to HEA.
  • The iframe never talks directly to Cookiebot (or any CMP vendor).

This prevents CMP lock-in and keeps the integration robust when embedded.

If visitor accepts “all”
  • Optional analytics can be enabled (e.g., GTM / usage measurement) on the host page.
  • Additional UX preferences may be stored more persistently depending on consent categories.
  • We still do not sell data, and consent can be changed or revoked at any time.

Analytics and non-essential behavior are gated by consent (privacy-first defaults).

Implementation note: HEA-World uses a connector approach. Add one small “CMP connector” script on the host page so consent is available early (before the widget loads).
Recommended (Cookiebot)
<script defer src="https://hea-world.com/public/CMP_connectors/hea_consent_cookiebot.js"></script>

Place it above the HEA widget snippet so consent is available before HEA initializes.

Testing shortcuts

Use only for internal/testing (not for production):

<script src="https://hea-world.com/public/CMP_connectors/hea_consent_deny_all.js"></script> <script src="https://hea-world.com/public/CMP_connectors/hea_consent_allow_all.js"></script>

Want the full guide (consent categories, what HEA stores, templates)? Open CMP integration guide

🔸 Floating Pop-up (Script Loader — Auto-mount)

This is your site

Paste this snippet anywhere before </body> on your page:

Basic Integration

Advanced: With Legacy Chatbot Handover

CSP: allow https://hea-world.com in script-src and frame-src.
Troubleshooting: If the floating button looks off, remove global FAB/button styles that override widget CSS. If it doesn’t open, ensure there isn’t another widget on the page and check the console for network/CSP errors.

Now try clicking the floating avatar at the bottom right!