Does your website use third-party services? Get GDPR compliant in minutes.

Grivy

What does Grivy do?

Grivy is an advertising and coupon distribution platform used by brands to run promotional campaigns and digital reward programs across publisher inventory.

What Grivy is

Grivy is a digital advertising and coupon distribution platform that brands use to deploy promotional campaigns, reward programs and conditional offers on publisher and partner inventory. The platform serves coupons, tracks redemption events and measures effectiveness through cookies and a JavaScript SDK installed on the publisher pages.

What data Grivy collects

Grivy collects an anonymous visitor identifier through cookies, the IP address, the user agent, page URLs, coupon impressions, click events, redemption events and the brand to which the conversion is attributed. The data are used for campaign analytics, segmentation and reporting.

GDPR and ePrivacy implications

Cookies and identifiers stored on the device fall under Article 5(3) of the ePrivacy Directive and require prior consent. The cross site profiling involved in audience measurement and the absence of an adequacy decision for the data importer make consent the only realistic legal basis under Article 6(1)(a) GDPR.

Get GDPR compliant in 10 minutes

Free plan available · No credit card required

Try FlowConsent free

Consent requirements

Block the Grivy SDK and its cookies until the visitor accepts marketing or advertising in your consent banner. Avoid bundling Grivy with strictly necessary categories. Honour withdrawal by stopping events and removing the cookies.

Data transfers

Grivy is operated from Indonesia, which does not benefit from a GDPR adequacy decision. Transfers from the EEA require Standard Contractual Clauses, supplementary measures (encryption, pseudonymisation) and a documented transfer impact assessment that addresses local surveillance laws.

Practical compliance steps

Sign a Data Processing Agreement and the SCCs, document Grivy in your record of processing activities, run a DPIA, gate the SDK behind your CMP, restrict events to those needed for measurement and offer a user level opt out that excludes the visitor from Grivy audiences.

GDPR consent category

Marketing

Websites using Grivy must obtain user consent under GDPR regulations.

Legal basisArticle 6(1)(a) GDPR (consent) and Article 5(3) ePrivacy Directive for cookie storage and reading

Risk levelhigh

Applicable regulationsGDPR, ePrivacy Directive, PECR

DPIA considerations

A DPIA is required because Grivy combines advertising profiling with reward and coupon redemption data, and transfers personal data to a country without an adequacy decision.

Sample consent text

I agree that Grivy reads and writes cookies on my device, links my browsing to its coupon and reward campaigns and transfers personal data to operators outside the European Economic Area.

Technical details

Tracking methodJavaScript advertising and coupon distribution platform that uses cookies and pixel tracking to manage promotional campaigns and reward programs

Server locationAsia Pacific (Indonesia)

Data transferred outside the EUGrivy is operated from Indonesia, a country without a GDPR adequacy decision. Personal data are transferred outside the European Economic Area.

Third-party domains contacted

grivy.comcdn.grivy.comapi.grivy.compixel.grivy.com

Cookies placed

Name	Type	Duration	Purpose
grivy_uid	http_cookie	1 year	Anonymous visitor identifier set by Grivy to deduplicate impressions and attribute coupon redemptions
grivy_attr	http_cookie	90 days	Attribution cookie that links a coupon click to the converting brand
grivy_evt	http_cookie	session	Short lived event cookie used to track impressions and clicks during a single session

Grivy places tracking cookies for advertising — comply with GDPR using FlowConsent.

Get started free Scan your site

Frequently asked questions

Which cookies does Grivy set?

Grivy sets first or third party advertising cookies on the publisher domain and on grivy.com, including a visitor identifier, an attribution cookie for coupon redemption and short lived event cookies. They are personal data under the GDPR.

Is consent required to use Grivy?

Yes. Storing and reading advertising cookies and the cross site profiling that follows are subject to Article 5(3) of the ePrivacy Directive and require prior, freely given consent.

What legal basis applies?

Article 6(1)(a) GDPR (consent) is the only valid basis because the processing is profiling for advertising and the data are transferred to a country without an adequacy decision.

Are user data transferred outside the EEA?

Yes. Grivy is operated from Indonesia, which does not have an adequacy decision. Transfers require Standard Contractual Clauses, supplementary measures and a transfer impact assessment.

Do I need a DPIA for Grivy?

Yes. Cross site profiling, audience segmentation and transfers to a third country without adequacy meet the EDPB criteria for high risk processing.

How do I implement Grivy in a compliant way?

Block the SDK behind your CMP. Sign a Data Processing Agreement and SCCs. Document the integration in your record of processing activities. Allow users to exclude themselves from Grivy audiences.

Are there alternatives to Grivy?

First party coupon platforms hosted in the EU, server side reward management or contextual advertising offer lower compliance risk while keeping promotion programmes operational.

How should I update my cookie or privacy policy?

List Grivy as a processor with the categories of data (cookies, IP, browsing events, redemption events), purposes (coupon distribution, audience analytics), retention, the third country transfer mechanism and a direct opt out link.

Get compliant — Try FlowConsent free

Free plan · 10-min setup