Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
OptinMonster is a marketing platform that equips businesses with tools to amplify their digital presence and drive customer acquisition. It supports audience segmentation, campaign automation, and cross-channel engagement. OptinMonster provides real-time analytics and reporting dashboards for performance measurement and strategy optimization. By combining data intelligence with marketing execution, OptinMonster helps deliver the right message to the right audience at the right time.
OptinMonster, developed by Awesome Motive in Florida, is one of the most popular conversion optimisation and lead generation tools on the market. Used by over a million WordPress and non WordPress websites, it specialises in popups, exit intent overlays and inline opt in forms designed to maximise newsletter sign ups, free trial conversions and abandoned cart recovery.
OptinMonster loads a JavaScript snippet that fetches a campaign JSON from the API and renders the configured popup, slide in, fly in, floating bar, fullscreen overlay or inline form. The targeting engine supports exit intent, scroll depth, time on page, click triggers, page URL, referrer, IP geolocation, cookie based new vs returning visitor and Adblock detection.
OptinMonster sets first party cookies on the embedding website: om* (campaign state), omSeen, omClosed, omShown, omWPCookieID and a campaign specific cookie used to enforce display frequency. It collects the visitor IP, geolocation, user agent, referrer, the lead data submitted (email, name) and analytics events. All data is sent to a.omappapi.com in the United States.
The om* cookies are not strictly necessary and therefore require prior consent under Art. 5(3) ePrivacy. IP geolocation is the processing of personal data under Art. 4(1) GDPR and must rely on consent or a documented legitimate interest. The captured lead emails require Art. 6(1)(a) consent for any marketing follow up. The OptinMonster terms position the customer as data controller.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
All campaign configuration, visitor events and captured leads are stored on AWS US east infrastructure. Awesome Motive is self certified under the EU US Data Privacy Framework. Without the DPF, transfers must rely on Standard Contractual Clauses combined with supplementary measures and a documented Transfer Impact Assessment.
Block the OptinMonster script behind a marketing CMP category. Disable IP geolocation targeting if not strictly necessary. Use a clear opt in checkbox on every email capture form and document the proof of consent. Sign the Awesome Motive DPA. Document OptinMonster as a US sub processor and the EU US DPF transfer mechanism in your records of processing.
Websites using OptinMonster must obtain user consent under GDPR regulations.
Third-party domains contacted
optinmonster.coma.omappapi.comapp.optinmonster.comawesomemotive.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| om-<campaignID> | first_party | 1 year | Controls the display frequency of a specific OptinMonster campaign for the visitor. |
| omSeenCampaign-<id> | first_party | 6 months | Records that the visitor has seen the given OptinMonster campaign. |
| omClosedCampaign-<id> | first_party | 6 months | Records that the visitor has closed the given OptinMonster campaign. |
| omShownCampaign-<id> | first_party | 6 months | Counter used by OptinMonster to enforce the maximum number of impressions per campaign. |
| omWPCookieID | first_party | 6 months | WordPress specific identifier used by OptinMonster to link a visitor to a WordPress user when logged in. |
OptinMonster places tracking cookies for advertising — comply with GDPR using FlowConsent.
OptinMonster sets first party cookies on the embedding website: om-<campaignID> (campaign frequency, up to one year), omSeenCampaign-<id>, omClosedCampaign-<id>, omShownCampaign-<id> and omWPCookieID. All require prior consent under Art. 5(3) ePrivacy.
Yes. The om* cookies are not strictly necessary, IP geolocation is personal data, and the captured lead emails are processed for marketing. Prior explicit consent is required under Art. 5(3) ePrivacy and Art. 6(1)(a) GDPR.
Consent (Art. 6(1)(a) GDPR) for cookies, IP geolocation and marketing follow up. Contract (Art. 6(1)(b)) may apply once the subscriber explicitly opts in to a newsletter or paid offer.
Yes. All campaign data, visitor events and leads are stored on AWS US east infrastructure. Awesome Motive is self certified under the EU US Data Privacy Framework. Document the transfer mechanism and a Transfer Impact Assessment in your records of processing.
A DPIA is recommended when OptinMonster is combined with behavioural triggers, used at scale or for sensitive offers (health, financial). Document targeting rules, IP geolocation, US transfer, embedded cookies and retention of leads.
Block the script behind the marketing CMP category. Disable IP geolocation if not necessary. Use a clear opt in checkbox with a privacy notice on every form. Sign the Awesome Motive DPA. Set a reasonable retention period for leads. Document OptinMonster as a US sub processor.
EU based: Sleeknote (Denmark), Sales Layer (Spain), Brevo Push (France). US alternatives: ConvertBox, Sumo, Hello Bar, Poptin. Open source: WP Subscribe, Holler Box. Self hosted means data stays in your EU stack.
Subscribe to the Awesome Motive trust centre. When sub processors, certifications or campaign data flows change, update your cookie table, privacy notice and records of processing, and bump the consent banner version.