Consent Resolve
Compliance Blog

Is It Legal to See Which Pages a Website Visitor Viewed?

Seeing which service pages a homeowner read before they call is useful — and it's legal when permission comes first. The trouble starts when a shop collects behavior quietly and asks forgiveness later.

By Tyler Spurlock, Account Manager at Consent Resolve 6 min read

The short answer, first

Yes — you can legally see which pages a homeowner viewed before they contacted you. The catch is the order of operations. Reading a visitor’s page trail is fine when the visitor agreed to it first, with a clear banner and a record of the yes. It stops being fine the moment a shop collects that behavior quietly and figures it’ll sort out permission later.

That single distinction — permission before data, not after — is what separates a useful signal from a legal headache. Everything else in this piece is just detail on where that line sits and how to stay on the right side of it.

Why the page trail is worth having at all

Before the law, the value. When a homeowner reads your water-heater page twice, opens financing, then comes back two nights later, they’ve handed you a brief. You know the job before they say a word, and your first follow-up can speak to it instead of starting cold. That’s the whole appeal of behavior and job-type insights: the browsing tells you what they want.

The temptation, then, is obvious. If that trail is so useful, why not just record everyone’s and use it? Because the way you collect it decides whether you have an asset or a liability — and plenty of tools on the market get the order wrong.

The laws that actually govern this

Three buckets of law touch what you’re doing, and they cover different moments.

Wiretap and interception laws. California’s CIPA, and similar statutes in other states, govern the recording of a visitor’s activity. This is the one shops forget, because it applies even if you never call or email anyone. The act of quietly capturing browsing can be the problem on its own. Consent up front is the clean answer.

The TCPA. The federal Telephone Consumer Protection Act governs calls and texts to the people you identify. It’s why a consent-first setup delivers an email-grade lead into your funnel rather than a phone number to dial. You reach people who agreed to hear from you, in a channel they agreed to — not a cold call to a stranger.

State privacy laws. Texas’s TDPSA and California’s CCPA govern the collection, use, and sale of personal data. Texas has been active here: the Attorney General sued Allstate and its Arity unit over collecting and selling driver data without proper consent. The through-line across all of these is the same word: consent.

Where shops get into trouble

The pattern that draws claims is almost always “collect first, disclose later.” A visitor is tracked across a site, their behavior is stitched into a profile, and only somewhere in a buried policy is any of it mentioned — if at all. That’s the setup regulators dislike, because the person never had a real chance to say no.

The FTC’s action against HomeAdvisor is a nearby cautionary tale. It ended in a $7.2 million consent order over how leads were marketed and sold — a reminder that in this corner of the market, how you gather and represent lead data gets scrutinized. You don’t want your data practices to be the interesting part of a story like that.

For a contractor, the exposure is rarely worth the shortcut. A painter or a roofer running a small shop doesn’t have a compliance department to absorb a claim. The safe path is also the simpler one: ask first.

Consent-first flips the risky order. Nothing about a visitor is recorded until they accept a clear consent banner. Only after that affirmative yes does the browsing become a readable trail, and only then does the visitor become a named, deliverable lead. The built-in compliance layer keeps a timestamped record of that yes, so you’re not relying on memory or assumption — you have proof the permission came first.

That proof matters more than any clever bit of data science. If anyone ever asks how you knew a homeowner was pricing a roof replacement, the answer is short: they told you, they agreed to be identified, and here’s the record with the time on it. That’s a very different conversation than “our software captured it.”

The practical guardrails

  • Banner before behavior. The consent prompt has to come before anything is recorded, not after the fact. Order is the whole game.
  • Keep the timestamped record. A yes you can’t prove is a yes you can’t rely on. The record is the point.
  • Stay email-grade, skip the cold call. Reaching a consented contact by email into your own funnel keeps you clear of the TCPA’s call-and-text rules. No phone number to dial, ever.
  • Keep the lead exclusive and honest. A consented lead recovered on your own site is yours alone, a flat $7, never resold. You’re not buying a stranger’s data off a list — you’re following up with someone who visited your site and agreed to hear back.

The bottom line for your shop

Reading a homeowner’s page trail is legal, useful, and worth doing — provided you earn it with a real yes first and keep the receipt. The shops that get burned aren’t the ones using behavior data; they’re the ones collecting it quietly and hoping nobody asks. Put permission in front of the data, keep the follow-up in a channel people agreed to, and the trail becomes exactly what it should be: a clean signal you’re allowed to use. If you want the mechanics, why consent-first walks through how the permission and the record fit together before a single lead lands in your inbox.

FAQ

Frequently asked questions

Yes, when consent comes first. If a visitor accepts a clear banner before anything is recorded, and you keep a timestamped record of that yes, reading their page trail is on solid footing. The legal risk comes from collecting behavior on people who never agreed.