Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
AI driven first party data and marketing attribution platform popular with Shopify and headless commerce brands. It rebuilds the post cookie tracking layer, sends Conversion API events to Meta, Google, TikTok and LinkedIn, and powers audience segmentation.
Aimerce is an AI driven first party data platform built for Shopify and headless commerce brands. It installs as a Shopify app or a tag plus server side endpoint, recognises returning visitors with a first party identifier, attributes conversions across channels and sends server side Conversion API events to advertising platforms (Meta, Google, TikTok, LinkedIn, Snap, Pinterest).
Aimerce sets first party cookies on the merchant domain (visitor ID, session ID, attribution data, consent state), hashes signals such as e mail and phone for advanced matching, and processes URLs, referrers, basket content and order values. The resulting unified profile feeds AI based attribution and audience segmentation.
First party trackers used for advertising remain subject to Article 5(3) ePrivacy. The CNIL has confirmed in 2023 and reinforced in 2024 that being first party does not exempt a tracker from consent when it serves marketing or behavioural analytics. Hashed personal data remains personal data under EDPB and CJEU rulings.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block Aimerce until prior consent. Mirror the consent state into Aimerce and to each Conversion API. Use Google Consent Mode v2 and IAB TCF v2.2 to forward consent so advertising platforms can react with appropriate default modes.
Aimerce processes data in the United States and forwards it to US based advertising platforms. Transfers must be covered by SCCs and the EU US Data Privacy Framework. Document the partner chain in the DPA records and re evaluate when new advertising integrations are added.
Run a DPIA, sign the Aimerce DPA, host the server side proxy on an EU subdomain when possible, integrate Consent Mode v2 and TCF v2.2, restrict the events forwarded, set short retention for raw events, restrict admin access, document each downstream Conversion API and review configuration after every new advertising partner.
Websites using Aimerce must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is required because Aimerce performs systematic and large scale behavioural profiling combined with cross channel marketing forwarding under Article 35(3)(a) GDPR. Cover the identity matching, hashed signals, retention, downstream advertising partners and the transfer impact assessment.
Sample consent text
With your consent we use Aimerce to recognise you on our store, link your interactions across pages and securely forward conversion events to advertising platforms (Meta, Google, TikTok, LinkedIn). Some data is processed in the United States with appropriate safeguards. You can withdraw consent at any time.
Third-party domains contacted
aimerce.aicdn.aimerce.aiapi.aimerce.aicollect.aimerce.aiCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| aimerce_vid | http | 13 months | First party pseudonymous visitor identifier used for cross session and cross device matching. |
| aimerce_session | http | 30 minutes | Session identifier for the current visit. |
| aimerce_attrib | http | 30 days | Stores last and first touch attribution data used by the AI attribution model. |
| aimerce_consent | http | 6 months | Mirrors the consent state from the CMP so Aimerce only fires when allowed. |
| aimerce_hash | http | 13 months | Stores a hashed personal identifier (email or phone) for advanced matching with advertising platforms. |
Aimerce places tracking cookies for advertising — comply with GDPR using FlowConsent.
Aimerce sets first party cookies on the merchant domain: aimerce_vid (visitor ID, 13 months), aimerce_session (session, 30 min), aimerce_attrib (attribution, 30 days), aimerce_consent (consent state, 6 months) and aimerce_hash (hashed personal identifier).
Yes. Aimerce does behavioural identity resolution and feeds advertising APIs, which is non essential under Article 5(3) ePrivacy. CNIL guidance is explicit: first party trackers used for advertising or behavioural analytics need consent.
Article 6(1)(a) GDPR (consent) for behavioural identity resolution and Conversion API forwarding. Legitimate interest under Article 6(1)(f) is not sufficient for this type of cross channel marketing.
Yes. Aimerce is US based and forwards events to advertising platforms in the United States. Transfers rely on SCCs and the EU US Data Privacy Framework, documented in the Aimerce DPA.
Yes. Aimerce performs systematic and large scale profiling combined with cross channel marketing forwarding, which falls under Article 35(3)(a) GDPR. Cover identity matching, hashed signals, retention, advertising partners and the transfer impact assessment.
Block the snippet and server proxy before consent, mirror consent state to Aimerce and downstream APIs, host the proxy on an EU subdomain when possible, sign the DPA, restrict the events forwarded, set short retention, control admin access, document each Conversion API and review on every new integration.
Other first party / server side tracking platforms include Stape, Addingwell, Jentis (EU), AdFixus, Snowplow, RudderStack, Segment, Tealium iQ and Google Tag Manager server side containers. EU vendors reduce transfer complexity.
List Aimerce as a processor, describe the first party cookies, the purposes (identity resolution, conversion measurement, advertising attribution), the retention, the downstream Conversion APIs, link to the Aimerce privacy policy and refresh on every new integration.