Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Appier is a Japanese AI-powered marketing technology company offering cross-device tracking, audience segmentation, and programmatic advertising solutions. It sets third-party cookies and builds detailed behavioural profiles across devices using machine learning. Japan has an EU adequacy decision with supplementary rules, but Appier's US infrastructure requires Standard Contractual Clauses. Prior consent is mandatory before Appier scripts load on European websites.
Appier is a Tokyo-based AI marketing technology company that provides a suite of products for cross-device audience identification, behavioural analytics, programmatic advertising, and marketing automation. Its core technology uses machine learning to identify the same user across multiple devices (desktop, mobile, tablet) and build unified behavioural profiles for ad targeting and personalisation. Appier is listed on the Tokyo Stock Exchange and serves major brands across Asia and increasingly in Europe and North America. Its products include AIRIS (cross-device insights), AIQUA (personalisation), AIXON (data science platform), and Crossing Minds (recommendation engine).
Appier sets third-party tracking cookies and collects device fingerprinting data to identify users across devices. It collects IP addresses, browser and device characteristics, pages visited, content consumed, products viewed, purchase intent signals, geolocation derived from IP, and behavioural interaction patterns. The cross-device matching technology infers connections between devices using probabilistic and deterministic signals. This data feeds into audience segments used for programmatic ad targeting across Appier''s advertising network.
Appier''s cross-device tracking and AI-driven profiling place it firmly in the high-risk category under GDPR. The ePrivacy Directive requires consent before any tracking cookies are set. Under GDPR, the systematic profiling of individuals across devices for advertising purposes requires consent as the legal basis. The combination of cross-device identification, behavioural profiling, automated audience segmentation, and data sharing across an advertising network constitutes large-scale profiling that triggers DPIA obligations under Article 35.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Consent under Article 6(1)(a) GDPR and Article 7(2) for advertising profiling is required before Appier scripts load. Consent banners must clearly disclose that Appier is used for cross-device tracking and personalised advertising, explain that AI models are used to infer user identity across devices, and describe the data sharing with Appier''s advertising network. Users must be able to decline without being penalised and must be able to withdraw consent at any time with immediate effect on all tracking.
Japan received an EU adequacy decision in 2019 under GDPR, covering transfers to organisations subject to Japan''s Act on the Protection of Personal Information with supplementary rules aligned to GDPR standards. Appier, as a Japanese company, benefits from this adequacy decision for data processed in Japan. However, Appier also uses US infrastructure, for which Standard Contractual Clauses are required. Organisations should verify in their DPA with Appier exactly which infrastructure processes EU personal data and what transfer mechanisms apply to each jurisdiction.
To deploy Appier compliantly: block all Appier scripts until explicit consent is obtained; categorise Appier under marketing or advertising cookies with a clear description of cross-device tracking; update your privacy policy to disclose Appier, its cross-device profiling, and the Japan and US transfer mechanisms; sign a DPA with Appier; conduct a DPIA given the large-scale profiling and cross-device tracking; verify the Japan adequacy decision remains in force; document all processing in your RoPA; and implement a mechanism for users to opt out of cross-device tracking with immediate effect.
Websites using Appier must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is required for Appier deployments involving large-scale cross-device behavioural profiling and automated audience segmentation for advertising purposes. The combination of persistent cross-device tracking, AI-driven profiling, programmatic ad targeting, and data sharing across Appier's advertising network creates a high-risk processing profile under GDPR Article 35.
Sample consent text
We use Appier to deliver personalised advertising and analyse our audience across devices. Appier's AI technology sets cookies and collects browsing data to build audience segments and target relevant ads. This data may be processed in Japan and the United States. Please accept to enable personalised advertising and cross-device tracking.
Third-party domains contacted
appier.comapi.appier.comstatic.appier.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _a_uid | persistent | 1 year | Cross-device user identifier used to build unified behavioural profiles for programmatic ad targeting across devices |
| _a_sid | session | Session | Session identifier used to track interaction signals within a browsing session for real-time audience segmentation |
Appier places tracking cookies for advertising — comply with GDPR using FlowConsent.
Appier sets third-party tracking cookies used to identify users across devices and sessions for behavioural profiling and programmatic ad targeting. It also uses device fingerprinting signals collected via JavaScript to enable cross-device matching without relying solely on cookies. All tracking requires prior consent under the ePrivacy Directive before Appier scripts load.
Yes. Appier's cross-device tracking, behavioural profiling, and advertising targeting are all non-essential processing activities that require explicit consent under GDPR Article 6(1)(a) and the ePrivacy Directive. The consent notice must specifically disclose cross-device tracking, AI-driven profiling, and data sharing with Appier's advertising network.
Consent under Article 6(1)(a) GDPR is the only appropriate legal basis for Appier's advertising and cross-device tracking. Legitimate interest cannot be used for tracking-based advertising under the GDPR and ePrivacy framework, as confirmed by multiple EU data protection authority guidance documents and the IAB TCF legal framework.
Yes, to Japan and the United States. Japan has an EU adequacy decision (since 2019) with supplementary rules under APPI, covering transfers to Japanese organisations meeting enhanced data protection standards. For Appier's US infrastructure, Standard Contractual Clauses apply. Verify in your DPA which infrastructure handles EU data and what mechanisms apply to each jurisdiction.
Yes, a DPIA is required. Large-scale behavioural profiling for advertising, cross-device tracking, and systematic use of AI to infer user identity all meet the DPIA trigger criteria under GDPR Article 35. The DPIA must assess the cross-device profiling methodology, the advertising network data sharing, and the Japan and US transfer mechanisms.
Block all Appier scripts until explicit consent is obtained. Use a GDPR-compliant CMP that captures granular consent for cross-device tracking and advertising. Update your privacy policy to disclose Appier's cross-device profiling and the Japan adequacy decision and US SCC transfer mechanisms. Sign a DPA with Appier. Conduct a DPIA. Implement a user-accessible opt-out mechanism that stops all Appier tracking immediately upon withdrawal.
Criteo (France-based) offers programmatic retargeting with EU data residency options. Adform is a Danish programmatic advertising platform with full EU data processing. For first-party audience building without third-party tracking, server-side customer data platforms (CDPs) like Segment or mParticle with EU data residency keep behavioural data within your own infrastructure.
Add an entry for Appier in your cookie policy under the advertising or targeting category. Describe the cross-device tracking cookies, their duration, and their purpose. Note that AI models are used to identify users across devices. Disclose data sharing with Appier's programmatic advertising network. Reference the Japan adequacy decision and US SCC transfers. Link to Appier's privacy policy and provide an opt-out mechanism for advertising-related tracking.