Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Signalayer is an advertising signal and identity resolution platform that enriches ad targeting and measurement using device, browser, and contextual data. It assists advertisers in reaching audiences across cookieless environments by combining first party identifiers, hashed emails, and probabilistic signals. Because it processes online identifiers used for advertising, it qualifies as non essential and requires prior, freely given consent under the GDPR and ePrivacy Directive.
Signalayer is an advertising technology that operates as a signal layer between publishers, advertisers, and demand side platforms. It collects identifiers, behavioural signals, and contextual data from visitors of a website or mobile application and resolves them into audience segments used for targeting, frequency capping, and conversion measurement. The script is typically loaded through a tag manager and writes cookies in the publisher domain while also calling Signalayer servers for enrichment and matching with partner identity graphs.
Signalayer typically processes IP addresses, user agent strings, page URLs and referrers, screen and language settings, hashed email addresses when shared by the publisher, and probabilistic identifiers derived from these signals. Persistent cookies are written to remember the visitor across sessions, while session cookies maintain the matching state during a visit. Because IP addresses and online identifiers are personal data under the GDPR, this processing falls fully within the regulation.
Reading and writing identifiers in a user terminal for advertising purposes triggers Article 5(3) of the ePrivacy Directive. National regulators including the CNIL in France, the BfDI in Germany, and the AEPD in Spain consider this kind of advertising tracking strictly non essential. The lawful basis must therefore be consent under Article 6(1)(a) GDPR and not legitimate interest. The European Data Protection Board has confirmed this position in its guidelines on consent and on connected vehicles.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Signalayer infrastructure is operated from the United States and may share signals with partners worldwide. Transfers of European personal data require an Article 46 GDPR safeguard, generally Standard Contractual Clauses combined with a Transfer Impact Assessment, or reliance on the EU US Data Privacy Framework when the recipient is certified. Document the safeguard, list onward recipients, and inform users transparently about international transfers in your privacy notice.
Block the Signalayer tag until consent is granted through a TCF v2.2 compatible consent management platform. List Signalayer in your cookie banner under the marketing or advertising category with a clear description of its purpose. Document the consent in your records of processing, retain proof for at least three years, and offer an equally easy refuse option. Finally, review your data processing agreement with Signalayer to confirm SCCs and the DPF status are in place.
Websites using Signalayer must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Signalayer is combined with large scale audience profiling, retargeting, or cross site tracking. Document the categories of personal data, recipients, retention periods, and the legitimate interests assessment for any first party processing. Verify the DPF certification status of the controller and assess the impact of US disclosure laws on EU residents.
Sample consent text
We use Signalayer to power advertising and audience measurement. With your consent, Signalayer reads device, browser, and identifier signals (including IP address, user agent, hashed identifiers, and cookies) to deliver and measure ads. You can accept, refuse, or change your choice at any time from our cookie preferences.
Third-party domains contacted
signalayer.comcdn.signalayer.compixel.signalayer.comsync.signalayer.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _slr_uid | persistent | 12 months | Stores a pseudonymous Signalayer user identifier used for ad targeting and frequency capping. |
| _slr_sync | persistent | 6 months | Tracks identity sync status with Signalayer partner platforms and demand side platforms. |
| _slr_sess | session | session | Maintains the Signalayer matching state during a single visit. |
| _slr_consent | persistent | 13 months | Stores the user consent signal so the Signalayer tag adapts behaviour to the user choice. |
Signalayer places tracking cookies for advertising — comply with GDPR using FlowConsent.
Signalayer typically writes one or two persistent cookies in the publisher domain to store a pseudonymous user identifier and a sync state, plus short lived session cookies used during signal matching. It may also store a hashed identifier in browser storage when first party data such as a hashed email is shared by the publisher.
Yes. Because Signalayer reads and writes identifiers in the user terminal for advertising purposes, Article 5(3) of the ePrivacy Directive requires the prior, freely given, specific, informed, and unambiguous consent of the visitor before any signal is collected.
The lawful basis is consent under Article 6(1)(a) of the GDPR. Legitimate interest is not appropriate for advertising profiling, as confirmed by the EDPB and several national supervisory authorities.
Yes. Signalayer infrastructure is operated from the United States. Transfers rely on Standard Contractual Clauses combined with a Transfer Impact Assessment, or on the EU US Data Privacy Framework if the recipient entity is certified.
A DPIA is recommended whenever Signalayer is used at scale or combined with cross site tracking, retargeting, or sensitive audience inference. The DPIA should cover proportionality, risks to rights and freedoms, and the safeguards in place.
Load the script only after explicit consent through a TCF v2.2 compatible CMP, document the consent, expose a refuse option as easy as the accept option, list Signalayer in your privacy policy, and ensure the data processing agreement and SCCs are signed.
Yes. Cookieless contextual advertising, server side first party measurement, and privacy preserving identity solutions such as the Privacy Sandbox or hashed email based deterministic graphs operated within the EU are alternatives that reduce the need for cross site tracking.
Add a dedicated entry naming Signalayer, the controller or joint controller, the processing purpose, the cookie names and durations, the recipients, the legal basis (consent), and the international transfer safeguards. Link to the Signalayer privacy notice and to the cookie preferences page.