Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
All in one CRM SaaS (sales, marketing automation, helpdesk, web tracking, chat) hosted in the United States with operational support in India. High risk under GDPR.
Agile CRM is an all in one customer relationship management SaaS founded around 2013, with teams in the United States and India. It bundles contact management, sales pipeline tracking, marketing automation, helpdesk ticketing, email campaigns, web visitor tracking and telephony in a single hosted platform. Most websites integrate it through a JavaScript snippet that loads from agilecrm.com and from a CloudFront CDN, enabling web tracking, live chat and form capture for marketing and sales teams.
Once the snippet loads, Agile CRM sets first party and third party cookies such as _agile_session, _agile_uid, _agile_pixel_uid and agile_chat_id, and it also writes to localStorage. It collects IP address, user agent, referrer, pages viewed, time on page, form input, click events and any identifiers you push through the JavaScript API (email, name, company). Chat conversations, attachments and call recordings can also be captured.
Because Agile CRM stores and reads identifiers on the user device, Article 5(3) of the ePrivacy Directive (and the German TDDDG) requires prior, informed consent before the script runs. The data captured (IP, behaviour, contact details) is personal data under Article 4 GDPR, so a controller to processor contract under Article 28 with the appropriate Standard Contractual Clauses is mandatory, together with a record of processing activity.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Loading the Agile CRM snippet on a public website is a marketing and tracking activity, so the only valid legal basis for cookie placement and initial data collection is consent under Article 6(1)(a) GDPR, collected through a compliant Consent Management Platform with granular Opt in. Legitimate interest (Article 6(1)(f)) may justify subsequent B2B contact processing inside the CRM, provided a balancing test is documented and clear opt out options are offered.
Agile CRM hosts data on AWS in the United States and routes some operational support through India, so transfers under Chapter V GDPR rely on Standard Contractual Clauses plus a Transfer Impact Assessment. Practical steps: block the snippet until consent is granted, sign the DPA, document SCCs, list the cookies in your cookie policy, configure data retention inside the dashboard, and offer a working opt out mechanism for every visitor.
Websites using Agile CRM must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended whenever Agile CRM is used for large scale behavioural tracking, lead scoring, telephony recording or marketing automation combining web data with CRM identifiers. The assessment must cover cookie and SDK identifiers, IP, contact details, third country transfers to the United States and India, retention configured in the dashboard, and the rights of data subjects (access, deletion, opposition).
Sample consent text
We use Agile CRM, a US based customer relationship management tool, to track your visit, manage live chat and store contact details. It places cookies on your device and transfers data to the United States and India. Click Accept to allow Agile CRM, or Reject to browse without tracking.
Third-party domains contacted
agilecrm.comwww.agilecrm.comcdn.agilecrm.comapi.agilecrm.comapp.agilecrm.comd3hgfk2v0pl1m9.cloudfront.netagileengage.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _agile_session | first_party | session | Session identifier used by Agile CRM to link page views within a single visit and feed web tracking analytics. |
| _agile_uid | first_party | 2 years | Persistent visitor identifier used to recognise returning users, build behavioural profiles and stitch sessions to CRM contacts. |
| _agile_pixel_uid | third_party | 2 years | Cross domain pixel identifier set by the Agile CRM CDN to attribute conversions and trigger marketing automation workflows. |
| agile_chat_id | first_party | 1 year | Identifier for the live chat widget so that ongoing conversations and offline messages can be linked to a returning visitor. |
| _agile_dnt | first_party | 1 year | Stores the visitor do not track preference once they decline tracking through the cookie banner or the privacy controls. |
| agile_form_view | first_party | 30 days | Tracks which Agile CRM web forms a visitor has seen to power form abandonment campaigns and avoid duplicate submissions. |
Agile CRM places tracking cookies for advertising — comply with GDPR using FlowConsent.
Agile CRM stores first party and third party cookies such as _agile_session, _agile_uid, _agile_pixel_uid and agile_chat_id, plus localStorage keys for the live chat. Exact names depend on the modules enabled (web tracking, chat, forms, telephony) in your account.
Yes. The script is a marketing and tracking tool that places cookies and reads device data, so Article 5(3) ePrivacy and the German TDDDG require prior, freely given, informed consent collected through a CMP before the snippet is loaded.
Cookie placement and the initial web tracking rely on consent (Art. 6(1)(a) GDPR). Once a contact exists in the CRM, legitimate interest (Art. 6(1)(f)) can cover B2B follow up, provided a documented balancing test and an easy opt out are offered.
Yes. Agile CRM hosts data on AWS in the United States and routes some operational support through India. Transfers rely on Standard Contractual Clauses, a Transfer Impact Assessment, encryption in transit and at rest, plus the signed DPA.
A DPIA is recommended whenever Agile CRM is used for large scale behavioural tracking, lead scoring, telephony recording or marketing automation combining web data with CRM identifiers, especially because data is exported to the US and India.
Load the snippet only after consent through a CMP, sign the DPA, store SCCs and the TIA, configure retention in the dashboard, document the cookies in your cookie policy, and offer a clear opt out and rights mechanism for visitors.
Yes: HubSpot, Pipedrive, Zoho CRM, Salesforce, Brevo and the EU based Sellsy provide similar CRM, marketing and chat features. Choosing an EU hosted vendor reduces third country transfer risk and simplifies your transfer documentation.
List every Agile CRM cookie (name, purpose, duration, party), mention transfers to the US and India, link the Agile CRM privacy policy and DPA, describe the legal basis (consent) and explain how visitors can withdraw consent or opt out at any time.