Identity Recovery: Reconnecting Visitors When Browsers Forget

The thing I keep coming back to this year is how often real people visit a site more than once but get counted as someone new every time. Visitors switch between apps. Embedded browsers don't share state with the default browser on the same device. People use multiple browsers on the same phone. It adds up faster than most teams realize.

That's not a minor data hygiene issue. It inflates your visitor counts. It makes conversion rates look worse than they are. It breaks attribution because the ad click and the conversion end up on two different visitor IDs. And if you're doing patient journey analysis, you're missing the middle of the story.

We already have layers that help. Custom domains make your tracking first-party to your site, which improves both reliability and privacy. Deterministic identity stitches sessions together when visitors log in. But there's a gap between those two: the anonymous returning visitor who can't be recognized through normal means. That's what Identity Recovery fills.

What It Does

Identity Recovery is an opt-in feature that reconnects returning visitors whose sessions were interrupted. When someone comes back and can't be recognized, Ours Privacy checks whether they were seen recently. If there's a clear match, the original visitor ID is restored. If the situation is ambiguous, a new ID is assigned and nothing changes.

It only runs after all other identification methods have been checked. Login identity, external IDs, email. Identity Recovery is the last step, not the first. It's a safety net for anonymous sessions.

Two things were non-negotiable when we designed this:

No fingerprinting. We don't use canvas data, hardware characteristics, or any of the browser APIs that fingerprinting tools rely on. Identity Recovery uses only signals that are already part of a normal web request. Nothing extra is collected from the visitor's device.

Nothing permanent is stored. The data used for matching is short-lived and automatically expires. No raw IP addresses are stored in the process. Everything is scoped to your account. There is no cross-account linking.

Where It Helps

Across source types. Identity Recovery works across Web, API, and Webhook sources. A visitor identified through your web source can be recovered when they later trigger events through a form submission webhook or an API call. This is especially useful when connecting web SDK events with events arriving through other channels.

In-app browsers. A patient taps a link in Instagram, Facebook, TikTok, or an email client. They browse in the embedded browser, then later open Safari or Chrome to schedule an appointment. Those are completely separate browser contexts. Identity Recovery bridges the gap.

Returning visitors on mobile. Mobile visitors are especially likely to show up as new. Between multiple browsers, app-to-browser transitions, and shorter sessions, identity gaps are more common on phones than anywhere else. Identity Recovery catches the ones who come back within your configured window.

Where it gracefully steps aside. Shared networks like hospital lobbies and corporate offices have many people behind the same IP. When the system detects too many distinct visitors on the same network, it skips matching entirely rather than guess wrong. VPN users whose IP changes every session also get a clean new ID. These are the right outcomes.

Measuring Impact

We built a new Identity Report page so you can see exactly what's happening. It shows how many visitors were recovered in a given period, your recovery rate as a percentage of total unique visitors, and the trend over time with period-over-period comparison.

Recovery data flows through the platform like any other event. You can use it in the Audience Builder, include it in dashboards, or send it to downstream destinations. If you want visibility into how your new-versus-returning visitor ratio changes after enabling recovery, the reporting is there.

Getting Started

Identity Recovery is disabled by default. You enable it per source in the source settings. The defaults are conservative and work well for most sites. If you want to tune the match window or adjust the threshold for shared networks, those options are available in the advanced settings.

It works on Web, API, and Webhook source types.

For configuration details, see our Identity Recovery documentation.

Want to see it in action? Book a demo.