Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Kartra is a US all-in-one marketing platform combining funnels, email marketing, membership sites, helpdesk, video hosting and affiliate management for solopreneurs and small businesses.
Kartra is an all-in-one online marketing and business platform created by Genesis Digital LLC, headquartered in Los Angeles, California. Founded in 2018 by Andy Jenkins and Mike Filsaime, it bundles sales funnels, email marketing automation, membership sites, helpdesk ticketing, video hosting, affiliate management, calendar booking, online courses and surveys into a single hosted environment. Kartra is primarily used by solopreneurs, coaches, course creators and small businesses to manage their entire customer journey from lead capture to recurring billing without juggling separate tools.
Kartra deploys JavaScript tags on funnel pages, membership areas and checkout flows, and embeds tracking pixels in marketing emails. It sets cookies such as _kartra_session for active user sessions, kartra_visitor for cross visit identification with a typical 12 month duration, kartra_funnel_* for funnel attribution and kartra_lead_* for prospect identification. Data collected includes IP address, browser fingerprint, page views, email opens and clicks, video watch time, form submissions, purchase history, support tickets and membership activity.
Under Art. 5(3) of the ePrivacy Directive transposed in national cookie laws, the storage of Kartra tracking cookies on a visitor device requires prior informed consent. The processing of behavioural data, email engagement and lead scoring relies on Art. 6(1)(a) GDPR (consent), while membership access and payment processing rely on Art. 6(1)(b) GDPR (performance of contract). The controller must inform users about the categories of data, retention periods, transfer to the United States and the right to withdraw consent at any time under Art. 7(3) GDPR.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Kartra tracking scripts and email pixels should only fire after explicit opt in collected through a Consent Management Platform. Block the Kartra JavaScript snippet by default, load it conditionally when the marketing or analytics category is accepted, and disable email open tracking for recipients located in the EEA who have not consented. Maintain a consent log linking each lead record to the timestamp, version of the privacy notice and granular choices made.
All Kartra processing takes place on AWS infrastructure located in the United States. Transfers from the EEA must rely on Standard Contractual Clauses under Art. 46(2)(c) GDPR. Following the Schrems II ruling (C-311/18), the controller must perform a Transfer Impact Assessment evaluating US surveillance laws (FISA 702, EO 12333) and document supplementary measures such as encryption in transit, pseudonymisation of lead identifiers and contractual safeguards.
Sign a Data Processing Agreement with Genesis Digital LLC, maintain a record of processing activities under Art. 30 GDPR, list all Kartra cookies in the cookie policy with duration and purpose, configure granular consent in your CMP, complete a Transfer Impact Assessment, define retention periods for leads and customers, train staff on data subject rights (access, erasure, portability under Art. 15 to 20 GDPR) and review the configuration whenever Kartra adds new tracking features.
Websites using Kartra must obtain user consent under GDPR regulations.
DPIA considerations
A Data Protection Impact Assessment is recommended when Kartra is used for large scale behavioural tracking across funnels, membership areas and email campaigns. Key risk areas: combination of email engagement data with funnel conversion tracking, profiling of leads through tags and scoring, international transfers to the United States on AWS, retention of customer data in membership sites, processing of payment data through Stripe, PayPal and Authorize.net. Document the legitimate purposes, perform a Transfer Impact Assessment for US flows, evaluate the necessity and proportionality of behavioural profiling, and define clear retention periods for lead, customer and member records.
Sample consent text
We use Kartra to operate our sales funnels, send marketing emails and manage our membership area. With your consent, Kartra sets cookies to track your visits across our funnel pages, attribute conversions and personalise our email communications based on your engagement. Your data may be transferred to the United States where Kartra is hosted on AWS, under Standard Contractual Clauses. You can withdraw your consent at any time through our cookie preference centre.
Third-party domains contacted
kartra.comapp.kartra.comcdn.kartra.commembers.kartra.comt.kartra.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _kartra_session | session | Session | Maintains the active user session on Kartra pages, funnels and membership areas during a visit. |
| kartra_visitor | persistent | 12 months | Identifies unique visitors across visits for funnel attribution and lead tracking. |
| kartra_funnel_* | persistent | 6 months | Tracks the visitor journey through specific sales funnels and attributes conversions to the correct funnel and step. |
| kartra_lead_* | persistent | 12 months | Identifies leads who have submitted forms or interacted with email campaigns, linking browser activity to the lead record. |
| kartra_affiliate | persistent | 60 days | Stores affiliate referral identifiers to attribute commissions in the Kartra affiliate management module. |
Kartra places tracking cookies for advertising — comply with GDPR using FlowConsent.
Kartra installs several first party cookies including _kartra_session for active user sessions, kartra_visitor for cross visit identification with a typical 12 month duration, kartra_funnel_* for funnel attribution and kartra_lead_* for prospect identification. Email campaigns add tracking pixels that record opens and clicks. All these cookies are classified as marketing or analytics and require prior consent under Art. 5(3) of the ePrivacy Directive.
Yes. Kartra tracking scripts and email pixels qualify as non essential technologies. They must be blocked by default and only loaded after the user has accepted the marketing or analytics category in a Consent Management Platform. The consent must be specific, informed, freely given and unambiguous as required by Art. 4(11) and Art. 7 GDPR.
Two legal bases apply. Consent (Art. 6(1)(a) GDPR) covers marketing emails, tracking cookies, behavioural analytics and lead scoring. Performance of contract (Art. 6(1)(b) GDPR) covers membership access, course delivery and payment processing through Stripe, PayPal or Authorize.net. Each purpose must be documented separately in the record of processing activities.
Kartra is operated by Genesis Digital LLC in Los Angeles and hosted on AWS US infrastructure. Transfers from the EEA rely on Standard Contractual Clauses under Art. 46(2)(c) GDPR. Following Schrems II (C-311/18), controllers must complete a Transfer Impact Assessment evaluating US surveillance laws (FISA 702, EO 12333) and document supplementary measures such as encryption and pseudonymisation.
A Data Protection Impact Assessment is required under Art. 35 GDPR when Kartra is used for systematic behavioural profiling of leads or members, large scale processing, or combination of email engagement, funnel tracking and payment data. The DPIA should cover risks of profiling, US transfers, retention in membership areas and payment processing through third party gateways.
Block the Kartra JavaScript snippet by default in your tag manager, integrate a Consent Management Platform that conditionally loads the script after opt in, disable email open tracking for non consenting EEA recipients, sign a Data Processing Agreement with Genesis Digital LLC, declare all cookies in your cookie policy, document a Transfer Impact Assessment and provide a clear withdrawal mechanism in your preference centre.
European or EU hosted alternatives include Systeme.io (France, EU hosting), ConvertKit for email marketing, Kajabi for courses and membership (US but with strong DPA), GoHighLevel for agencies and ClickFunnels for funnels. None of these are fully exempt from international transfer rules, so each must be evaluated against the specific use case and EEA hosting options.
List each Kartra cookie by name (_kartra_session, kartra_visitor, kartra_funnel_*, kartra_lead_*), its purpose (session, attribution, lead identification), its duration (session or up to 12 months for kartra_visitor), the data controller (your organisation), the processor (Genesis Digital LLC) and the transfer destination (United States, AWS). Include a direct link to the consent preference centre.