Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Zaxaa is a US digital sales platform aimed at info product creators and affiliates. It hosts checkout pages, manages a buyer database, runs an affiliate program with cookie based attribution, and ships a basic email autoresponder. For EU sellers, Zaxaa raises GDPR and ePrivacy obligations on affiliate tracking, US data transfers, and lawful basis for marketing emails to buyers.
Zaxaa is a US sales and affiliate platform for info product creators, course sellers and digital agencies. It hosts checkout pages, processes payments via Stripe and PayPal, manages a buyer database, runs an affiliate program with cookie based attribution and offers a basic email autoresponder.
Buyer email, name, billing address, payment data handled by Stripe and PayPal, affiliate click identifiers, IP, user agent, referrer, affiliate cookies, order data, subscription status and email engagement.
Affiliate tracking cookies are advertising related and require prior consent under article 5(3) ePrivacy. Order processing relies on performance of contract. Marketing emails to buyers rest on consent or the soft opt in.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block the affiliate cookie until consent is captured. Capture a separate, explicit marketing opt in at checkout for messages beyond strictly transactional. Provide one click unsubscribe and a preference centre.
Zaxaa stores buyer and affiliate data in the US. Transfers rely on SCCs, EU US DPF where applicable, and supplementary measures. Stripe and PayPal as sub processors operate global infrastructure with their own transfer mechanisms.
Sign a DPA, document Stripe and PayPal as sub processors, gate the affiliate cookie behind consent, capture marketing opt in separately, set retention on inactive buyers, document the affiliate program in the privacy notice, and respect EU consumer protection (right of withdrawal for digital products).
Websites using Zaxaa must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA may be appropriate when Zaxaa is used at scale to profile buyers across multiple products or to drive automated upsells. Document the affiliate tracking, retention, US transfer and the email marketing flow.
Sample consent text
We use Zaxaa to process digital sales and run our affiliate program. Zaxaa stores cookies for affiliate attribution and transfers your order data to the United States under Standard Contractual Clauses. Affiliate tracking cookies are activated only with your consent.
Third-party domains contacted
zaxaa.comcheckout.zaxaa.comapp.zaxaa.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| zaxaa_aff | persistent | 60 days | Zaxaa affiliate tracking cookie used to remember which affiliate referred the visitor and to credit the commission on the next sale. Requires consent. |
| zaxaa_cart | session | session | Session cookie used by Zaxaa to maintain checkout state across pages. Strictly necessary for the order flow. |
Zaxaa places tracking cookies for advertising — comply with GDPR using FlowConsent.
Zaxaa sets an affiliate tracking cookie on the seller's pages to remember which affiliate referred the visitor, plus session and checkout cookies that are strictly necessary for the order flow. The affiliate cookie is marketing related and requires prior consent.
The affiliate tracking cookie requires prior consent under article 5(3) ePrivacy. Strictly necessary checkout cookies do not. Marketing emails to buyers require consent or the soft opt in for existing customers.
Affiliate cookie: consent. Order processing: performance of contract. Marketing emails: consent or soft opt in. Profiling for upsells: consent if it leads to significant decisions or sensitive segments.
Yes. Buyer and affiliate data is stored on US infrastructure. Transfers rely on SCCs and the EU US Data Privacy Framework where Zaxaa is certified, with supplementary measures.
A DPIA can be appropriate for large catalogues with cross product profiling or automated upsells. Document the affiliate flow, retention, US transfer, sub processors (Stripe, PayPal) and the marketing automation.
Sign the DPA, gate the affiliate cookie behind consent, collect marketing opt in separately at checkout, retain only what is needed for accounting and tax, document Zaxaa, Stripe and PayPal in the records of processing and respect EU consumer rights.
EU friendly alternatives include Lemon Squeezy (US, EU optimised), Paddle (UK), FastSpring (US, EU DPF), Stripe Payment Links with a custom affiliate solution, Tapfiliate (Netherlands), and ThriveCart with EU connectors.
List the Zaxaa affiliate cookie and any session cookies with vendor, purposes, retention and legal basis. State the transfer to the United States. Update whenever you add new payment or marketing sub processors.