Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Linear is a marketing and advertising platform that helps brands plan, deliver and measure cross channel campaigns. It combines audience segmentation, tracking pixels, conversion attribution and reporting dashboards. Because Linear collects identifiers and behavioural data through cookies and pixels, it qualifies as a tracking technology under the ePrivacy Directive and as a personal data processor under the GDPR.
Linear is a marketing and advertising platform used by brands and agencies to plan campaigns, segment audiences, deliver personalised messages across channels and measure the resulting business outcomes. The product is delivered as a JavaScript SDK and a tracking pixel that website operators embed in their pages, supplemented by server side APIs for offline conversion uploads and CRM synchronisation.
When a visitor loads a page that contains the Linear pixel, the SDK reads and writes cookies that hold a pseudonymous user identifier, a session identifier and a campaign attribution token. Linear also collects the IP address, the user agent, the referring URL, the page URL, the page title, viewport metrics, click and scroll events, form interactions and any custom event the website operator pushes through the API. When the visitor authenticates or completes a purchase, hashed email addresses and order values may also be transmitted.
Linear writes and reads identifiers on the user device, which falls within Article 5(3) of the ePrivacy Directive as transposed into national law (TTDSG in Germany, the French Data Protection Act, the Spanish LSSI). Prior, free, specific, informed and unambiguous consent is therefore required before the SDK is loaded. The downstream processing of personal data also requires a GDPR legal basis, which in this advertising context is consent under Article 6(1)(a). Linear acts as processor for some flows and as joint controller for audience building, which must be reflected in the contractual documentation.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Data is transferred to Linear servers located in the United States. The legal mechanism is the EU US Data Privacy Framework where the company is certified, otherwise the Standard Contractual Clauses adopted by the European Commission combined with a Transfer Impact Assessment. Operators must inform users that their personal data leaves the European Economic Area, document the safeguards and verify that Linear honours data subject requests originating from the EEA.
Block the Linear SDK and pixel until consent is granted, integrate the platform with your Consent Management Platform using the IAB Transparency and Consent Framework or the Google Consent Mode signals, document Linear in your record of processing activities, in the privacy notice and in the cookie banner, and define a retention period that matches the advertising purpose. Verify that data subject access, deletion and objection requests are forwarded to Linear within the legal deadline.
If consent rates are too low or risk appetite too limited, alternatives include cookieless analytics platforms hosted in the European Union, server side conversion APIs combined with first party data and contextual advertising solutions that do not rely on cross site identifiers. These alternatives reduce the dependency on third country transfers and lower the compliance burden.
Websites using Linear must obtain user consent under GDPR regulations.
DPIA considerations
A Data Protection Impact Assessment is recommended because Linear collects behavioural data at scale, builds advertising audiences and transfers personal data to the United States. The DPIA must document the legal basis, the categories of data, the international transfer mechanism and the technical and organisational safeguards. Joint controllership analysis with Linear is also required when audiences are shared.
Sample consent text
We use Linear to measure the performance of our marketing campaigns and to display personalised advertising. This involves storing cookies on your device and sharing identifiers with Linear, including transfers to the United States. You can accept, refuse or withdraw your consent at any time in our privacy preferences.
Third-party domains contacted
linear.compixel.linear.comcdn.linear.comapi.linear.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _lin_uid | first_party | 13 months | Pseudonymous user identifier used to recognise returning visitors and stitch sessions across visits. |
| _lin_sid | first_party | 30 minutes | Session identifier scoped to the current browsing session, refreshed after 30 minutes of inactivity. |
| _lin_attr | first_party | 90 days | Stores the original referrer and UTM parameters to attribute conversions to the right marketing campaign. |
| lin_pixel | third_party | 13 months | Cross site advertising identifier used to build retargeting audiences and measure cross domain conversions. |
Linear places tracking cookies for advertising — comply with GDPR using FlowConsent.
Linear typically sets a first party identifier cookie that stores a pseudonymous user ID, a session cookie, a campaign attribution cookie that records the original referrer or UTM parameters, and a third party cookie used for cross site retargeting. Durations vary from the lifetime of the browser session up to 13 months for advertising identifiers. The exact list depends on the configured features and should be audited with browser developer tools.
Yes. Because the Linear pixel writes and reads identifiers on the user device, prior consent is required under Article 5(3) of the ePrivacy Directive. Consent must be free, specific, informed and unambiguous, given through a clear affirmative action. The Linear SDK and pixel must remain blocked until the user has accepted the advertising or marketing purpose in your consent management platform.
The legal basis is consent under Article 6(1)(a) of the GDPR. Legitimate interest is not appropriate here because Linear processes data for advertising and audience targeting, which courts and supervisory authorities consider intrusive enough to require explicit consent. Your privacy notice and cookie banner must reflect this and offer a granular opt in for the marketing purpose.
Yes. Linear processes data on servers located in the United States. The transfer relies on the EU US Data Privacy Framework when Linear is certified, otherwise on the European Commission Standard Contractual Clauses combined with a Transfer Impact Assessment. Operators must inform users of these transfers in the privacy notice and document the safeguards in their record of processing activities.
A Data Protection Impact Assessment is strongly recommended. Linear monitors visitor behaviour at scale, builds advertising profiles, may share audiences with third parties and transfers personal data outside the EEA. These criteria from the European Data Protection Board guidelines trigger the DPIA obligation under Article 35 GDPR.
Block the script until consent is granted, integrate Linear with a Consent Management Platform that supports the IAB Transparency and Consent Framework or Google Consent Mode v2, document Linear in the privacy notice and the cookie banner, sign a data processing agreement and Standard Contractual Clauses, configure IP truncation if available and define a clear retention period for advertising data.
For analytics, consider EU hosted cookieless platforms such as Matomo, Plausible or Pirsch. For attribution, consider server side conversion APIs combined with first party data. For advertising, contextual ad networks that do not rely on cross site identifiers are a lower risk option. Each alternative reduces or eliminates the need for third country transfers and the associated compliance burden.
Add a dedicated row in the cookie table that lists each Linear cookie name, its provider, its purpose and its retention period. Mention that data is transferred to the United States and identify the legal mechanism. Link to the Linear privacy policy. Increment the version of the cookie policy and trigger a fresh consent prompt for existing visitors so that previously stored consent is renewed against the new processing.