[Refactor/Chore] Analytics and Tracking

[DavideDelbianco]

Self Checks

• [x] I have read the Contributing Guide and Language Policy.
• [x] This is only for refactors or chores; if you would like to ask a question, please head to Discussions.
• [x] I have searched for existing issues search for existing issues, including closed ones.
• [x] I confirm that I am using English to submit this report, otherwise it will be closed.
• [x] 【中文用户 & Non English User】请使用英语提交，否则会被关闭 ：）
• [x] Please do not modify this template :) and fill in all the required fields.

Description

In Europe, a website has to show a cookie / data policy that the user can accept or decline, without limiting the software functionality if the policy is declined.

Dify shows a cookie policy:

Which incorrectly uses some sort of template:

The Privacy Policy should list all the third parties tracking softwares that you use and that you shares data with.

Dify uses both Google Analytics and Amplitude Analytics:

It never checks the user consent before starting to trace or send tracking events:

Motivation

Under EU GDPR, tracking after user consent requires that consent be freely given, specific, informed, and unambiguous, meaning users must actively opt-in for each purpose (e.g., analytics, marketing) before trackers activate, and it must be as easy to reject as to accept, with clear information provided about what's being tracked (cookies, pixels, fingerprinting). Websites must use Consent Management Platforms (CMPs) to document choices, respect withdrawals, and avoid "cookie walls" or nudging users towards acceptance, ensuring transparency and granular control over their data.

Additional Context

No response

[CodingOnStar]

Okay, thanks for the issue. We will handle it as soon as possible.