Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Iterable is a US based cross channel marketing automation platform that orchestrates email, SMS, push notifications and in app messaging from a single identity graph. Iterable identifies users via JavaScript SDK and server side events, builds rich behavioural profiles and triggers automated journeys. Personal data is processed on US infrastructure by default, with EU data residency available for Enterprise plans, requiring consent under GDPR and ePrivacy as well as documented cross border transfer safeguards.
Iterable is a US cross channel marketing automation platform headquartered in San Francisco. Used by retailers, media companies and consumer apps, it orchestrates email, SMS, push notifications, in app messaging and direct mail from a single identity graph. Iterable combines server side event ingestion with a JavaScript SDK that tags web events and resolves them to identified profiles. The platform supports complex multi step journeys, audience segmentation and AI optimisation.
The Iterable web SDK sets first party cookies (typically iterableEmailCampaignId and similar identifiers) to recognise the visitor and link page activity to the identified user record. Iterable processes email, phone, push tokens, behavioural events, custom user fields, transactional data and message engagement (open, click, unsubscribe). The dataset is rich and identity centric, which makes it sensitive under GDPR.
The Iterable cookies and SDK calls require ePrivacy consent before they fire on the website. Marketing emails, SMS and push notifications require GDPR Article 6(1)(a) consent collected at the right channel level. Iterable supports preference centres that align with the granular consent expected by EU regulators. Profiling for personalisation triggers transparency and right to object obligations under Article 21.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block the Iterable web SDK via your CMP until consent is obtained. Collect channel specific opt ins for email, SMS and push and store them in dedicated subscriber fields. Honour unsubscribes in real time across all channels. Use the Iterable preference centre to give recipients granular control.
By default Iterable processes data on AWS in us east 1 in the United States. Standard Contractual Clauses cover the transfer under Article 46 GDPR. Enterprise customers can opt for EU data residency in Frankfurt, which keeps subscriber records and behavioural events within the EU. Document the chosen residency and the applicable safeguards in your Records of Processing Activities.
Sign the Iterable DPA with SCCs, request EU data residency where appropriate, configure the CMP to block the SDK pre consent, document Iterable in the privacy policy with channel specific disclosures, list cookies in the cookie policy and configure data retention and deletion policies in the Iterable account. Map all integrations (CDPs, data warehouses, CRMs) in your Records of Processing Activities.
Websites using Iterable must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended for Iterable deployments processing identified user profiles across multiple channels at scale, automating decisioning or segmentation based on behavioural data, or combining Iterable data with sensitive sources such as health, finance or children data. The breadth of cross channel orchestration and the default US transfer warrant formal assessment.
Sample consent text
We use Iterable to send marketing communications across email, SMS, push and in app channels and to track engagement. Iterable processes your data, including email, phone and behavioural events, on US infrastructure. Please accept to enable personalised marketing across these channels.
Third-party domains contacted
iterable.comlinks.iterable.comapi.iterable.comapp.iterable.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| iterableEmailCampaignId | first_party | 1 year | Persistent campaign attribution and visitor identification |
| iterableTemplateId | first_party | 1 year | Template engagement tracking |
| iterableMessageId | first_party | Session | Message level interaction tracking |
Iterable places tracking cookies for advertising — comply with GDPR using FlowConsent.
First party cookies including iterableEmailCampaignId, iterableTemplateId and iterableMessageId, set by the Iterable web SDK to identify visitors and link page activity to known user records and campaign attribution.
Yes. The Iterable web SDK sets cookies and processes IP and behavioural data on page load before any user interaction, requiring prior ePrivacy consent. Marketing communications additionally require channel specific opt ins under GDPR Article 6(1)(a).
Consent for cookie based tracking and direct marketing across email, SMS, push and in app channels. Contract performance may apply to transactional messages directly tied to a purchase or service.
By default yes. Iterable processes data on AWS in the United States. EU data residency in Frankfurt is available on Enterprise plans. Standard Contractual Clauses cover the US transfer for standard plans.
Recommended for deployments processing identified user profiles across multiple channels at scale, automating decisioning or segmentation, or combining Iterable data with sensitive sources such as health, finance or children data.
Sign the DPA with SCCs, request EU data residency where appropriate, block the SDK via your CMP, document Iterable in the privacy policy with channel disclosures, list cookies in the cookie policy and configure data retention in the Iterable account.
Brevo (France), Sarbacane (France), Mailjet (France), Selligent (Belgium), CleverReach (Germany) and Splio (France) provide cross channel marketing automation with EU data residency and reduced cross border transfer concerns.
Add the Iterable cookies with name, category (marketing), duration and purpose. Reference Iterable Inc. as a US based processor (or EU residency Frankfurt if configured) and link to its privacy policy.