Skip to main content

The Challenge

A single customer might visit your store across multiple sessions, browsers, and devices before making a purchase. Traditional cookie-based tracking loses track of them each time:
  • Cookies expire or get cleared
  • Incognito sessions have no stored cookies
  • Different devices have completely separate cookie stores
  • Ad blockers prevent cookie creation entirely
NSM solves this with identity resolution — linking multiple sessions to the same visitor using device fingerprints and behavioral signals.

How Identity Resolution Works

1

Fingerprint Collection

Each time a visitor loads a page, NSM collects 50+ browser signals and hashes them into a device fingerprint. This fingerprint is not a perfect identifier — browser updates, screen resolution changes, or font installations can cause it to shift slightly over time.That is why NSM does not rely on exact matching.
2

Similarity Engine Matching

Instead of requiring an exact fingerprint match, NSM’s Similarity Engine uses a weighted scoring system to find the most likely match in your store’s visitor history.Each signal category has a different weight based on its stability and discriminating power:
Signal CategoryWeightWhy
WebGL renderer hashHighGPU identifier rarely changes
Canvas fingerprintHighUnique per device + browser combination
Audio fingerprintHighBased on hardware audio processing
Screen propertiesMediumResolution, pixel ratio, color depth
Installed fontsMediumFont list is relatively stable
Browser/OS detailsLowChanges with updates
Timezone/languageLowStable but not unique
The engine calculates a similarity score between the incoming fingerprint and existing visitor records. If the score exceeds a calibrated threshold, the sessions are linked to the same visitor.
3

Browser-Specific Calibration

Different browsers expose different levels of fingerprinting signals. Safari, for example, restricts Canvas and WebGL data compared to Chrome.The Similarity Engine is calibrated per browser type to adjust thresholds and weights accordingly, maintaining high accuracy across:
  • Chrome (desktop and mobile)
  • Safari (desktop and iOS)
  • Firefox
  • Edge
  • Samsung Internet
  • Brave
4

Cross-Device Linking

Fingerprints are inherently per-device — a phone and a laptop will always produce different fingerprints. NSM bridges the device gap using hashed email matching:
  1. When a customer enters their email at checkout on Device A, NSM stores a SHA-256 hash
  2. When the same email appears at checkout on Device B, NSM links the two device fingerprints
  3. Future visits on either device are attributed to the same customer identity
Cross-device matching only activates when a customer provides their email (at checkout or login). NSM never tracks cross-device activity without an explicit identifier.

Matching Priority

When attributing an order, NSM uses three matching methods in order of accuracy:

1. Click ID Match

Accuracy: ~100%Direct match via ad platform click IDs (gclid, fbclid, ttclid). The gold standard — links the exact ad click to the purchase.

2. Fingerprint Match

Accuracy: ~90%Device fingerprint links the purchase session to a previous session that had an ad click. Works even without click IDs.

3. Email Hash Match

Accuracy: ~95%Hashed email connects a purchase to a previous session on a different device. Enables cross-device attribution.
If none of these methods produce a match, the order is classified as Direct or Organic in your dashboard.

Accuracy and Edge Cases

Browser updates, OS updates, or hardware changes can cause fingerprint drift. The Similarity Engine accounts for this by using fuzzy matching — partial signal overlap still produces a match if enough high-weight signals remain consistent.For example, if a Chrome update changes the Canvas fingerprint but WebGL, Audio, and screen properties remain the same, the visitor is still matched with high confidence.
On shared devices (family computer, office workstation), multiple people produce the same fingerprint. NSM mitigates this by:
  • Using email hash to distinguish individuals at checkout
  • Tracking session-level behavior patterns
  • Not linking sessions that have conflicting customer data
In practice, shared devices represent a small percentage of e-commerce traffic.
VPNs change the visitor’s IP address but do not affect device fingerprinting signals. Since NSM’s identity resolution relies primarily on device characteristics (not IP), VPN users are still matched accurately.IP-based signals carry low weight in the Similarity Engine specifically for this reason.
NSM includes built-in bot detection that filters automated traffic before it enters the identity resolution pipeline. Bots are identified by:
  • Known bot user-agent strings
  • Missing or inconsistent browser APIs
  • Abnormal navigation patterns
  • Headless browser detection signals
Bot traffic is excluded from attribution calculations.

Data Retention

Identity resolution data follows strict retention policies:
Data TypeRetentionNotes
Device fingerprints30 daysAuto-deleted after expiration
Session records30 daysLinked to fingerprint lifecycle
Email hashesUntil GDPR deletionRequired for cross-device matching
Visitor identity graph30 daysRebuilt continuously from active data
All identity data is stored in ClickHouse on EU servers (Hetzner, Nuremberg, Germany). No data is transferred outside the EU. See Privacy Architecture for details.

Next Steps

How Tracking Works

Understand the full tracking pipeline from pixel to dashboard.

Attribution Models

Learn how NSM assigns credit across touchpoints.

Privacy Architecture

See how NSM protects visitor privacy by design.