Does your website use third-party services? Get GDPR compliant in minutes.

Optinopoli

What does Optinopoli do?

Optinopoli is a US lead capture and on site marketing campaign tool that displays exit intent overlays, embedded forms and welcome bars; it sets cookies and processes personal data, so prior GDPR consent is required.

What is Optinopoli

Optinopoli is a US based lead capture platform that lets marketers display exit intent overlays, embedded forms, scroll triggered prompts and welcome bars on their websites. It captures emails, scores visitor engagement and integrates with email service providers and CRMs to push collected leads into automated journeys. Because the widget runs in the visitor browser and persists campaign state, it sets identifiers and processes personal data subject to GDPR and the ePrivacy Directive.

What data and cookies does Optinopoli collect

The Optinopoli script loads from optinopoli.com and stores cookies such as optinopoli_visitor (visitor identifier), optinopoli_session (session correlation) and optinopoli_campaign_state (records which overlays have already been shown or dismissed). The platform receives the visitor IP, user agent, referrer, the URL of the page hosting the widget, behavioural signals like scroll depth, dwell time and exit intent, plus the email address and any custom field submitted in the form.

GDPR and ePrivacy implications

Optinopoli identifiers are not strictly necessary for the website to function, so Article 5(3) of the ePrivacy Directive applies. The CNIL, BfDI, AEPD and ICO all require prior, freely given, specific and informed consent before any such identifier is set or read. The legal basis under Article 6(1)(a) GDPR is consent for cookies and behavioural targeting; once an email is submitted, processing of the captured contact for marketing follow up also rests on consent under Article 6(1)(a) GDPR or, where the soft opt in conditions are met, on legitimate interest.

Get GDPR compliant in 10 minutes

Free plan available · No credit card required

Try FlowConsent free

International data transfers

Optinopoli is operated from the United States and stores data on US cloud infrastructure. Transfers from the EEA require a valid mechanism. Standard Contractual Clauses must be in place with the vendor and a transfer impact assessment is needed to evaluate the impact of US surveillance laws (FISA 702, EO 12333). At the time of writing the company is not publicly listed under the EU US Data Privacy Framework, so SCCs remain the working assumption.

Practical compliance steps

Block the Optinopoli script in your CMP until the user consents to the marketing or advertising purpose. Avoid auto displaying overlays before consent is captured. Pre tick boxes and bundling consent for the email opt in with cookie consent are not allowed. Document Optinopoli in your record of processing activities, sign SCCs, run a transfer impact assessment, and align retention rules between the lead form, the CMP and your downstream CRM so that opted out users are deleted from all systems.

GDPR consent category

Marketing

Websites using Optinopoli must obtain user consent under GDPR regulations.

Legal basisArticle 6(1)(a) GDPR (consent) for cookies, behavioural triggers, lead capture and marketing follow up. Article 5(3) ePrivacy Directive requires prior consent for non essential identifiers.

Risk levelhigh

Applicable regulationsGDPR, ePrivacy Directive (Article 5(3)), CNIL France cookie guidelines, BfDI Germany, AEPD Spain, ICO UK PECR

DPIA considerations

Medium to high risk. DPIA recommended when Optinopoli is used at scale for behavioural targeting, exit intent profiling and cross site lead capture, especially given US data transfers.

Sample consent text

We use Optinopoli (lead capture and on site marketing campaigns, US vendor) which sets identifiers on your device and processes browsing signals to display targeted overlays. Without your consent these identifiers are not set or read.

Technical details

Tracking methodJavaScript widget loaded from optinopoli.com, third party cookies, lead capture forms with on site behavioural triggers

Server locationUnited States (vendor based in the US, hosted on US cloud infrastructure)

Data transferred outside the EUOptinopoli is a US vendor that processes data on US infrastructure. Transfers from the EEA rely on Standard Contractual Clauses where applicable, supplemented by a transfer impact assessment. There is no public DPF certification at the time of writing.

Third-party domains contacted

optinopoli.comapp.optinopoli.comcdn.optinopoli.com

Cookies placed

Name	Type	Duration	Purpose
optinopoli_visitor	third_party	12 months	Persistent visitor identifier used to recognise returning users and prevent the same overlay from being displayed repeatedly.
optinopoli_session	third_party	session	Session correlation identifier that groups events of the current browsing session and triggers behavioural rules (scroll depth, dwell time, exit intent).
optinopoli_campaign_state	third_party	6 months	Stores which campaigns or overlays have already been shown, completed or dismissed by the visitor.

Optinopoli places tracking cookies for advertising — comply with GDPR using FlowConsent.

Get started free Scan your site

Frequently asked questions

Which cookies does Optinopoli set?

Optinopoli writes cookies such as optinopoli_visitor (visitor identifier), optinopoli_session (session correlation) and optinopoli_campaign_state (records of overlays already shown or dismissed). They are loaded from the optinopoli.com domain.

Is consent required to use Optinopoli in the EU?

Yes. Optinopoli identifiers are non essential and serve marketing or advertising purposes, so Article 5(3) of the ePrivacy Directive requires prior, freely given, specific and informed consent collected through a CMP that blocks the script before load.

What is the legal basis for processing through Optinopoli?

Article 6(1)(a) GDPR (consent) covers cookies, behavioural triggers and the captured email when used for marketing follow up. Article 6(1)(f) (legitimate interest) cannot bypass the ePrivacy consent rule but may apply to limited soft opt in scenarios in some Member States.

Does Optinopoli transfer data to the United States?

Yes. Optinopoli is a US vendor running on US infrastructure. Transfers rely on Standard Contractual Clauses backed by a transfer impact assessment. There is no public DPF certification at the time of writing.

Do I need a DPIA for Optinopoli?

A DPIA is recommended when Optinopoli is deployed at scale or used to enrich profiles with behavioural data. Large scale lead capture coupled with US transfers and exit intent profiling triggers several high risk indicators in WP29 and EDPB guidelines.

How do I implement Optinopoli in a GDPR compliant way?

Block the Optinopoli script in your CMP until consent. Do not auto display overlays before acceptance. Decouple the email opt in from the cookie consent (granular boxes, no pre tick). Sign SCCs, complete a TIA, document Optinopoli in your record of processing activities and align retention rules with your CRM.

Are there alternatives to Optinopoli?

Privacy friendly alternatives with EU hosting include Sleeknote (Denmark), Notify Visitors EU plans, Mailjet popups (France), Brevo on site forms (France) and self hosted solutions like FormKit. Choose based on residency, integration needs and behavioural targeting depth.

How should I update my cookie policy for Optinopoli?

Disclose the Optinopoli cookies (optinopoli_visitor, optinopoli_session, optinopoli_campaign_state), state the marketing and lead capture purpose, list the data processed (IP, user agent, referrer, behavioural signals, submitted email), name Optinopoli as US processor, mention SCCs and link to consent withdrawal and erasure mechanisms.

Get compliant — Try FlowConsent free

Free plan · 10-min setup