Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Drip is a US based e commerce CRM and marketing automation platform owned by Leadpages Inc. It combines email marketing, SMS, on site personalization and visitor analytics. Drip sets first party cookies on the merchant site, identifies known subscribers and tracks their behaviour across products. Personal data is processed on US infrastructure, requiring consent under GDPR and ePrivacy and a documented Standard Contractual Clauses based transfer.
Drip is a US e commerce focused CRM and marketing automation platform owned by Leadpages Inc. It is widely used by Shopify, Magento and WooCommerce stores to send segmented email campaigns, run automated workflows and personalise the on site experience. Drip ties anonymous browser activity to known subscriber profiles using a JavaScript snippet and server side webhooks from the e commerce platform.
The Drip snippet sets persistent first party cookies (typically _drip_visitor and _drip_client) to identify the visitor across product and category pages. It records page views, product interactions, cart events, purchases, email and SMS engagement and any custom events configured by the merchant. When the visitor authenticates or submits an email address, the anonymous profile is merged with the identified subscriber record.
The Drip cookies are not strictly necessary and require ePrivacy consent before the snippet runs. Direct marketing emails sent through Drip require GDPR Article 6(1)(a) consent (or the soft opt in for existing customers under specific national rules). Profiling of individual subscribers triggers transparency obligations and the right to object under Article 21.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block the Drip snippet via your CMP until consent is obtained. Use a clear opt in for marketing emails at sign up time and a separate opt in for SMS. Respect unsubscribe requests in real time and synchronise them across Drip workflows.
Drip processes data on US infrastructure operated by Leadpages Inc. Standard Contractual Clauses cover the transfer under Article 46 GDPR. Document the transfer in your Records of Processing Activities and complete a Transfer Impact Assessment for high volume European deployments.
Sign the Drip DPA with SCCs, configure the CMP to block the snippet pre consent, document Drip in the privacy policy with the US transfer disclosure, list its cookies in the cookie policy and configure data retention in the Drip account. Audit any CRM or e commerce integrations to keep the data flows mapped in your Records of Processing Activities.
Websites using Drip must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended for Drip deployments that process behavioural data of large numbers of European subscribers, that integrate with CRM systems combining engagement and transaction data, or that automate decisions such as audience segmentation at scale. The combination of cookie tracking, identified subscriber profiling and US transfer warrants formal assessment.
Sample consent text
We use Drip to send marketing emails and to track behaviour across our website to personalise communications. Drip sets cookies and processes your data, including email and browsing events, on US infrastructure. Please accept to enable personalised marketing.
Third-party domains contacted
getdrip.comtag.getdrip.comapi.getdrip.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _drip_visitor | first_party | 2 years | Persistent visitor identification across product pages |
| _drip_client | first_party | Session | Client side session tracking |
| _drip_subscriber | first_party | 2 years | Identified subscriber linkage |
Drip places tracking cookies for advertising — comply with GDPR using FlowConsent.
Persistent first party cookies including _drip_visitor, _drip_client and _drip_subscriber to identify visitors and known subscribers across the merchant site, plus session level cookies that track product interactions and cart events.
Yes. The Drip snippet sets cookies and processes IP and behavioural data on page load before any user interaction, requiring prior ePrivacy consent. Marketing emails additionally require an opt in under GDPR Article 6(1)(a).
Consent for cookie based tracking and direct marketing emails. Contract performance may apply to transactional emails directly tied to a purchase or account.
Yes. Drip is operated by Leadpages Inc. in the United States. Subscriber data and behavioural events are processed on US infrastructure with Standard Contractual Clauses as the transfer mechanism.
Recommended for deployments processing large volumes of European subscriber data, integrating with CRMs that combine engagement and transaction data, or automating segmentation and decisioning at scale.
Block the snippet via your CMP, sign the DPA with SCCs, document Drip in the privacy policy, list cookies in the cookie policy, configure retention in the Drip account and audit CRM integrations.
Brevo (France), Sarbacane (France), Mailjet (France), CleverReach (Germany) and Klaviyo with EU configuration provide e commerce focused email automation with EU data residency.
Add the _drip_visitor, _drip_client and _drip_subscriber cookies with name, category (marketing), duration and purpose. Reference Drip and Leadpages Inc. as US based processors and link to their privacy policy.