|
| 1 | +# Impact.com Affiliate Tracking |
| 2 | + |
| 3 | +## Role of This Document |
| 4 | + |
| 5 | +This spec defines the business rules and invariants for affiliate |
| 6 | +conversion tracking via Impact.com for KiloClaw subscriptions. It is |
| 7 | +the source of truth for _what_ the system must guarantee — which |
| 8 | +events are tracked, how attribution is captured, what data is sent to |
| 9 | +Impact.com, and how the system behaves when tracking infrastructure is |
| 10 | +unavailable. It deliberately does not prescribe _how_ to implement |
| 11 | +those guarantees: handler names, column layouts, retry strategies, and |
| 12 | +other implementation choices belong in plan documents and code, not |
| 13 | +here. |
| 14 | + |
| 15 | +## Status |
| 16 | + |
| 17 | +Draft -- created 2026-03-31. |
| 18 | + |
| 19 | +## Conventions |
| 20 | + |
| 21 | +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", |
| 22 | +"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and |
| 23 | +"OPTIONAL" in this document are to be interpreted as described in |
| 24 | +BCP 14 [RFC 2119] [RFC 8174] when, and only when, they appear in all |
| 25 | +capitals, as shown here. |
| 26 | + |
| 27 | +## Definitions |
| 28 | + |
| 29 | +- **Impact.com**: The third-party affiliate tracking platform used to |
| 30 | + attribute conversions to affiliate partners. |
| 31 | +- **UTT (Universal Tracking Tag)**: A JavaScript snippet provided by |
| 32 | + Impact.com that enables client-side tracking and cross-domain |
| 33 | + identity bridging. |
| 34 | +- **Click ID**: An opaque tracking identifier (`im_ref` query |
| 35 | + parameter) appended to landing page URLs by Impact.com when a |
| 36 | + visitor arrives via an affiliate tracking link. |
| 37 | +- **Conversion**: An event reported to Impact.com's Conversions API |
| 38 | + representing a meaningful step in the customer lifecycle (signup, |
| 39 | + trial, or subscription payment). |
| 40 | +- **Lead event**: A conversion representing a user signup. In |
| 41 | + Impact.com's parent-child model, this is the parent action. |
| 42 | +- **Sale event**: A conversion representing a trial or subscription |
| 43 | + payment. In Impact.com's parent-child model, these are child |
| 44 | + actions linked to the lead via the customer identifier. |
| 45 | +- **Affiliate attribution**: A record associating a user with the |
| 46 | + affiliate tracking identifier that brought them to the platform. |
| 47 | +- **First-touch attribution**: The attribution model used: only the |
| 48 | + first affiliate interaction per provider is recorded for a given |
| 49 | + user. |
| 50 | +- **Affiliate provider**: A named affiliate tracking platform (e.g. |
| 51 | + `impact`). The system supports multiple providers, each storing one |
| 52 | + attribution per user. |
| 53 | + |
| 54 | +## Overview |
| 55 | + |
| 56 | +Affiliate tracking enables Impact.com to attribute KiloClaw |
| 57 | +conversions to the affiliate partners that referred them. When a |
| 58 | +visitor arrives via an affiliate tracking link, the system captures and |
| 59 | +persists the tracking identifier. As the visitor progresses through the |
| 60 | +customer lifecycle — signup, trial, subscription — the system reports |
| 61 | +each stage to Impact.com as a conversion event, including the tracking |
| 62 | +identifier and customer details needed for attribution. |
| 63 | + |
| 64 | +The system uses a hybrid tracking architecture: a client-side |
| 65 | +JavaScript tag (UTT) for cross-domain identity bridging, and |
| 66 | +server-side API calls for reliable conversion reporting that is |
| 67 | +resistant to ad blockers and browser tracking prevention. |
| 68 | + |
| 69 | +This integration applies only to KiloClaw subscriptions. |
| 70 | + |
| 71 | +## Rules |
| 72 | + |
| 73 | +### Affiliate Attribution |
| 74 | + |
| 75 | +1. The system MUST support multiple affiliate providers, identified by |
| 76 | + a provider enum. The initial provider is `impact`. |
| 77 | + |
| 78 | +2. The system MUST store at most one attribution per user per |
| 79 | + provider. |
| 80 | + |
| 81 | +3. When a user arrives with an affiliate tracking identifier |
| 82 | + (`im_ref` query parameter for Impact.com), the system MUST persist |
| 83 | + the identifier before or during user creation. |
| 84 | + |
| 85 | +4. The system MUST preserve the tracking identifier across the |
| 86 | + authentication flow (e.g. through OAuth redirects) so it is |
| 87 | + available after the user is authenticated. |
| 88 | + |
| 89 | +5. Attribution MUST use first-touch semantics: if a user already has |
| 90 | + an attribution record for a given provider, subsequent tracking |
| 91 | + identifiers for that provider MUST NOT overwrite it. |
| 92 | + |
| 93 | +6. The tracking identifier MUST be treated as opaque. The system MUST |
| 94 | + NOT parse, validate the format of, or assign meaning to its |
| 95 | + contents. |
| 96 | + |
| 97 | +7. When a user record is deleted (e.g. GDPR soft-delete), the system |
| 98 | + MUST delete all affiliated attribution records for that user. |
| 99 | + |
| 100 | +### Conversion Events |
| 101 | + |
| 102 | +8. The system MUST report the following conversion events to |
| 103 | + Impact.com, in order of the customer lifecycle: |
| 104 | + |
| 105 | + | Event | Impact.com Type | Trigger | |
| 106 | + | ------------------ | --------------- | --------------------------------------------- | |
| 107 | + | SIGNUP | Lead | New user creation (with attribution) | |
| 108 | + | TRIAL_START | Sale | KiloClaw trial subscription becomes active | |
| 109 | + | TRIAL_END | Sale | KiloClaw trial subscription ends (any reason) | |
| 110 | + | SUBSCRIPTION_START | Sale | KiloClaw subscription invoice is paid | |
| 111 | + |
| 112 | +9. Each conversion event sent to Impact.com MUST include: |
| 113 | + - The user's affiliate tracking identifier (if available) |
| 114 | + - A stable customer identifier (the user's internal ID) |
| 115 | + - The customer's email address, SHA-1 hashed |
| 116 | + - An event timestamp |
| 117 | + - A unique order identifier (for sale events) |
| 118 | + |
| 119 | +10. SUBSCRIPTION_START events MUST include the invoice amount and |
| 120 | + currency. |
| 121 | + |
| 122 | +11. SUBSCRIPTION_START events MUST be reported for every paid invoice, |
| 123 | + not only the first. Impact.com determines commission eligibility |
| 124 | + based on its own contract rules. |
| 125 | + |
| 126 | +12. SUBSCRIPTION_START events MUST include the subscription plan |
| 127 | + identifier (e.g. `kiloclaw-standard`, `kiloclaw-commit`) as the |
| 128 | + item category. |
| 129 | + |
| 130 | +13. Conversion events SHOULD include a promo code when one was applied |
| 131 | + to the transaction. |
| 132 | + |
| 133 | +14. The SIGNUP event MUST only be sent for new user creation, not for |
| 134 | + returning users who sign in. |
| 135 | + |
| 136 | +### Client-Side Tracking (UTT) |
| 137 | + |
| 138 | +15. The system MUST load the Impact.com UTT script on all pages when |
| 139 | + the UTT identifier is configured. |
| 140 | + |
| 141 | +16. The system MUST NOT load the UTT script when the UTT identifier |
| 142 | + is not configured. |
| 143 | + |
| 144 | +17. After a user authenticates, the system MUST call the UTT |
| 145 | + `identify` function with the user's internal ID and SHA-1 hashed |
| 146 | + email to enable cross-device attribution. |
| 147 | + |
| 148 | +### Reliability and Isolation |
| 149 | + |
| 150 | +18. Conversion reporting MUST NOT block or delay the primary |
| 151 | + operation it is attached to (user creation, subscription |
| 152 | + settlement, etc.). Failures in conversion reporting MUST be |
| 153 | + handled asynchronously. |
| 154 | + |
| 155 | +19. If Impact.com credentials are not configured, all tracking |
| 156 | + operations MUST be no-ops. The application MUST function normally |
| 157 | + without Impact.com configuration. |
| 158 | + |
| 159 | +20. The system SHOULD retry conversion API calls that receive a |
| 160 | + server error (5xx) response. |
| 161 | + |
| 162 | +21. The system MUST log conversion reporting failures for |
| 163 | + observability. |
| 164 | + |
| 165 | +### Rewardful Removal |
| 166 | + |
| 167 | +22. The existing Rewardful integration MUST be fully removed. This |
| 168 | + includes the client-side script, server-side cookie reading, and |
| 169 | + any checkout session metadata populated by Rewardful. |
| 170 | + |
| 171 | +### Checkout Metadata |
| 172 | + |
| 173 | +23. The KiloClaw checkout session MUST include the user's affiliate |
| 174 | + tracking identifier (if any) in Stripe subscription metadata, so |
| 175 | + it is available to webhook handlers independently of a database |
| 176 | + lookup. |
| 177 | + |
| 178 | +## Error Handling |
| 179 | + |
| 180 | +1. When a conversion API call fails with a client error (4xx), the |
| 181 | + system MUST log the error and MUST NOT retry. |
| 182 | + |
| 183 | +2. When a conversion API call fails with a server error (5xx), the |
| 184 | + system SHOULD retry with backoff. |
| 185 | + |
| 186 | +3. When a conversion API call fails for any reason, the primary |
| 187 | + operation (user creation, invoice settlement, etc.) MUST NOT be |
| 188 | + affected. |
| 189 | + |
| 190 | +4. When the affiliate tracking identifier is not available for a user |
| 191 | + (no attribution record exists), conversion events MUST still be |
| 192 | + sent with an empty or null click ID. Impact.com will not attribute |
| 193 | + these but may use them for reporting. |
| 194 | + |
| 195 | +## Changelog |
| 196 | + |
| 197 | +### 2026-03-31 -- Initial spec |
0 commit comments