Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Wyng is a no-code zero-party data and personalisation platform, formerly known as Offerpop, headquartered in New York. It lets brands build interactive experiences (quizzes, polls, contests, preference centres) that capture explicit visitor preferences, then activates that data in CRM, email and on-site personalisation. For European deployments, Wyng involves cross border transfers to AWS US and consent both for cookies and for the explicit data collected.
Wyng is a no-code zero-party data and personalisation platform headquartered in New York and originally founded in 2008 as Offerpop. The platform lets brands build embedded interactive experiences (quizzes, polls, contests, sweepstakes, preference centres, product finders) that collect explicit preference and intent data from visitors. Wyng then activates that zero-party data through native integrations with CRM, ESP, CDP, ad platforms and on-site personalisation.
Wyng captures explicit answers to quizzes and polls (preferences, intent, demographics), email and name for contest entries, IP, browser, device and page URL. It sets first party cookies (wyng_uid, wyng_session) on the customer domain to link visitor activity. Visitor responses are stored with a Wyng visitor ID and pushed via webhooks or native connectors to CRM, ESP and CDP.
Wyng is a data processor under Art. 28 GDPR for the customer activity it manages. Zero-party data is data the visitor explicitly provides, so consent is the natural basis. The widget cookies are non essential and trigger Art. 5(3) ePrivacy. When contests offer incentives, Art. 7(4) GDPR rules against bundling consent with participation must be respected. Quizzes that touch on sensitive interests (health, politics, religion, sexual orientation) collect Art. 9 GDPR special category data requiring explicit consent and stronger safeguards.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Cookie consent is required for the wyng_uid identifier and the widget tracking. Participation in a quiz or contest is an explicit user action, but consent for using the resulting data for marketing must be obtained separately. Sensitive category questions require explicit consent under Art. 9(2)(a). Preference centres are themselves a way to capture and refresh consent.
Wyng runs on AWS US infrastructure and has no EU data centre. EU visitor data is transferred under SCCs and the EU US Data Privacy Framework where applicable. Sub processors (AWS, SendGrid, Twilio, Stripe) have their own transfer chains.
Sign Wyng''s DPA, complete a TIA for US transfers, load the widget only after cookie consent, separate participation from marketing consent in contests, avoid bundling, treat sensitive interest questions as Art. 9 GDPR and capture explicit consent, document Wyng and sub processors (AWS, SendGrid, Twilio, Stripe) and offer a preference centre to manage choices.
Websites using Wyng must obtain user consent under GDPR regulations.
DPIA considerations
Wyng captures explicit zero-party data (preferences, intent, opinions) via interactive experiences and links it to visitor identifiers. Key DPIA considerations: (1) the embedded widget can set first party cookies (wyng_uid) and requires consent under Art. 5(3) ePrivacy; (2) zero-party data is explicit but still personal data, with consent as the natural basis; (3) integrations push the captured data to CRM, ESP, ad platforms, each with their own consent requirements; (4) US transfers rely on SCCs and the EU US Data Privacy Framework; (5) contests with incentives must respect freely given consent and avoid linking consent to participation in a way that violates Art. 7 GDPR; (6) sensitive interests (health, politics, religion) collected through quizzes are special category data requiring Art. 9 GDPR safeguards.
Sample consent text
With your consent, we use Wyng to offer interactive quizzes, polls and preference centres on our site and to personalise content based on your choices. Wyng stores your preferences and a visitor identifier on US infrastructure under Standard Contractual Clauses. You can withdraw consent at any time from your preference centre.
Third-party domains contacted
wyng.comwyng.ioofferpop.comcdn.wyng.comapi.wyng.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| wyng_uid | Marketing | 1 year | First party visitor identifier set by the Wyng widget. Links quiz, poll and contest responses to a recurring visitor. |
| wyng_session | Functional | Session | Session cookie used by Wyng to maintain state during a single interactive experience (quiz, poll, contest). |
| wyng_pref | Functional | 1 year | Stores visitor preferences (selected options, opt ins) captured via the Wyng preference centre. |
Wyng places tracking cookies for advertising — comply with GDPR using FlowConsent.
Wyng sets first party cookies on the customer domain via its embedded widget, including wyng_uid (visitor identifier, 1 year) and wyng_session (session). These are linked to any answers the visitor provides in quizzes, polls or contests.
Yes for the wyng_uid cookie and any tracking, and yes for the marketing use of the data collected. Participation in a quiz is the user's action, but separate marketing consent is needed before sending follow up emails or building audiences in ad platforms.
Consent (Art. 6(1)(a) GDPR) for cookies, marketing use of zero party data and contests with prizes. Contract (Art. 6(1)(b) GDPR) for delivering personalised content the user explicitly requested. Special category data captured by quizzes (health, politics, religion) needs explicit consent under Art. 9(2)(a) GDPR.
Wyng runs on AWS US East infrastructure. EU visitor data is transferred to the US under Standard Contractual Clauses and the EU US Data Privacy Framework where applicable. Sub processors include AWS, SendGrid (email), Twilio (SMS) and Stripe (billing).
A DPIA is recommended when quizzes touch sensitive interests, when contests use significant incentives, when zero party data is combined with behavioural data or when integrations push the data into ad platforms. The DPIA should cover consent UX, US transfers and Art. 9 GDPR safeguards.
Sign Wyng's DPA, complete a TIA, load the widget after cookie consent, separate participation and marketing consent in contests, treat sensitive questions as Art. 9 GDPR with explicit consent, document Wyng and sub processors (AWS, SendGrid, Twilio, Stripe), and offer a preference centre allowing visitors to review and update choices.
EU based zero party data and interactive experience alternatives include Riddle (Germany), Easypromos (Spain), Inpulse.io (France), Survicate (Poland) and Typeform (Spain). For deep personalisation with EU controllers, Bloomreach (Netherlands) or Algolia Recommend (France) can complement zero party data.
Disclose Wyng as a sub processor, name the widget cookies and their duration, describe the zero party data collected (quiz answers, preferences), document the marketing uses (CRM, ESP, ad platforms), mention US transfers under SCCs and the EU US Data Privacy Framework, treat sensitive interests separately and link Wyng's privacy notice.