Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Trovo Live is a livestreaming platform owned by Tencent, originally positioned as an alternative to Twitch and YouTube Live for gaming creators. When a website embeds a Trovo player, chat widget or follow button, the iframe loads scripts from trovo.live, sets third party cookies and shares signals with the Tencent advertising and audience stack. Because data is processed in the United States, Singapore and mainland China, Trovo embeds are treated as a high risk advertising tracker under the GDPR and ePrivacy Directive.
Trovo Live is a Tencent operated livestreaming platform launched as a global alternative to Twitch. It is used by gaming and lifestyle creators who embed their channel, latest VOD or follow widget on a personal website or blog. The Trovo embed loads an iframe from player.trovo.live and ancillary scripts from trovo.live and Tencent CDN domains.
As soon as the iframe loads, Trovo sets third party cookies on trovo.live (TROVO_LOGIN_INFO, TROVO_GUEST_ID, _ga, persistent advertising IDs synced with Tencent advertising). The player exchanges authentication tokens, viewing telemetry, IP address, user agent and locale with Trovo servers. The chat widget and follow button transmit similar data plus the user logged in account when the visitor is signed into Trovo.
The cookies fall under Article 5(3) ePrivacy. The advertising profiling and audience activation by Tencent fall under Article 6(1)(a) GDPR. Legitimate interest cannot be used because Trovo cookies are integrated with the Tencent advertising and recommendation engine. The fallback to user choice and the click to load pattern are both required, not optional.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Trovo embeds must be placeholders by default and only load after explicit consent. The consent message must mention Tencent, advertising cookies and the transfer to the United States, Singapore and mainland China. A clear refuse option must be available, and the choice must be revocable at any time.
Tencent processes data in the United States, Singapore and mainland China. Mainland China has no adequacy decision under Article 45 GDPR, no DPF equivalent and is exposed to the Cybersecurity Law, Data Security Law and PIPL. Transfers therefore require Standard Contractual Clauses, supplementary measures and, in practice, explicit consent under Article 49(1)(a) GDPR for occasional transfers.
Use a placeholder image and click to load pattern that lists Tencent and the destination countries, sign the Trovo/Tencent terms of service and look for an explicit Standard Contractual Clauses based DPA, document the transfer impact assessment, list Trovo in the privacy and cookie policies, and consider self hosting the video on Bunny.net or Mux EU instead, or switching to YouTube nocookie embeds when livestreaming is not required.
Websites using Trovo must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended whenever Trovo embeds are placed on EU facing websites, due to the cross border transfer to mainland China, integration with the Tencent advertising platform and persistent cookies for visitors who never log in to Trovo.
Sample consent text
This page contains a Trovo Live player operated by Tencent. Loading the player will set advertising cookies and transfer your IP address and browsing data to servers in the United States, Singapore and mainland China. Click Accept to display the video, or click Decline to keep the player blocked.
Third-party domains contacted
trovo.liveplayer.trovo.livestatic.trovo.livetrovo.tencent-cloud.comaegis.qq.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| TROVO_LOGIN_INFO | persistent | 1 year | Stores the Trovo authentication token used to keep a logged in user signed in across sessions and pages that embed Trovo content. |
| TROVO_GUEST_ID | persistent | 1 year | Persistent guest identifier assigned to non logged in visitors so that Trovo can attribute viewing telemetry, recommendations and advertising signals. |
| TROVO_QUALITY | persistent | 1 year | Remembers the playback quality preference and player layout chosen by the visitor. |
| TROVO_CSRF | session | Session | Anti CSRF token used by the Trovo player and chat widget to protect form submissions and API calls. |
Trovo places tracking cookies for advertising — comply with GDPR using FlowConsent.
Trovo sets the third party cookies TROVO_LOGIN_INFO, TROVO_GUEST_ID, TROVO_QUALITY, TROVO_CSRF and persistent advertising identifiers synchronised with the Tencent advertising platform. The cookies persist for several months and are read on every page that loads a Trovo iframe.
Yes. The Trovo embed sets advertising cookies under Article 5(3) ePrivacy and transfers personal data to the United States, Singapore and mainland China under Article 6(1)(a) GDPR. The iframe must be placeholders by default and only load after explicit, granular opt in consent.
Consent (Art. 6(1)(a) GDPR + Art. 5(3) ePrivacy) is the only valid basis. Explicit consent under Article 49(1)(a) GDPR is also required for the transfer to mainland China, since the country has no adequacy decision and Tencent is subject to Chinese national security laws.
Yes. Tencent processes data in the United States, Singapore and mainland China. The mainland China leg has no adequacy decision, no DPF equivalent, and is exposed to the Cybersecurity Law, Data Security Law and PIPL. SCC plus supplementary measures plus explicit consent are typically needed.
Yes for any meaningful EU deployment. The combination of advertising profiling by Tencent, transfers to a non adequate country and persistent cookies for non logged in visitors triggers the DPIA criteria of WP248 and the EDPB threshold guidance.
Use a click to load placeholder, mention Tencent and the destination countries (US, Singapore, China) in the consent message, sign the Trovo terms with an explicit SCC based DPA, document a transfer impact assessment, list Trovo in the privacy and cookie policies and consider alternatives when a high risk vendor is not strictly necessary.
For livestreaming, Twitch (US, DPF) and YouTube Live (US, DPF, with the YouTube nocookie embed for VOD) reduce risk compared to Trovo because they avoid mainland China. For self hosted streaming with EU residency, Mux EU, Bunny Stream, OVHcloud Streaming and Cloudflare Stream are options. Replacing the embed by a static thumbnail with a deep link to Trovo limits the data leakage to the moment the visitor opts in.
List Trovo Live with the operator (Tencent), the purpose (livestreaming embed and analytics), the cookies and persistent identifiers, the legal basis (consent and Article 49(1)(a) explicit consent for mainland China), the transfer destinations (US, Singapore, mainland China) and the safeguards (SCC, supplementary measures, transfer impact assessment).