Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Albacross is a B2B intent and website visitor identification platform founded in 2014 and headquartered in Stockholm, Sweden. It uses reverse IP lookup to identify companies visiting customer websites and enriches them with firmographic data. Albacross runs on EU infrastructure and is one of the few major visitor identification tools with a true EU controller, which makes it a strong GDPR friendly option for B2B lead generation.
Albacross is a B2B intent and website visitor identification platform founded in 2014 and headquartered in Stockholm, Sweden. Operated by Albacross Nordic AB, it identifies the companies visiting customer websites by performing a reverse IP lookup against its proprietary database, enriches them with firmographic data (industry, size, revenue), and can push that data into CRMs (HubSpot, Salesforce, Pipedrive), ad platforms (LinkedIn, Google Ads) or webhooks. Infrastructure runs on AWS Stockholm.
Albacross collects the visitor IP, user agent, current URL, referrer and basic page metadata. The IP is matched server side to a company in Albacross''s database. The tracking script can be configured cookieless, in which case no client identifier is stored. Optional cookies are available for session continuity in some configurations. Personal data of individual visitors is not built up as a persistent profile.
The visitor IP is personal data under GDPR (Breyer ruling), so Albacross''s processing must have a lawful basis. The product is positioned at B2B identification, where legitimate interest under Art. 6(1)(f) is the standard basis, balanced against the data subject rights. ePrivacy Art. 5(3) consent is not required when the script is configured cookieless, because no information is stored on the user''s device. When optional cookies are enabled, they need to be assessed.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
No cookie consent is required for the cookieless mode. The legitimate interest basis still demands a clear privacy notice, a right to object and a Legitimate Interest Assessment documented internally. If optional cookies are enabled or if you push data to US based ad platforms or CRMs, those processings need their own legal basis (consent for marketing tracking, contract for service performance).
Albacross primary infrastructure is in Stockholm, Sweden, so visitor data is processed inside the EEA. No third country transfer is mandatory. If you connect Albacross to US tools (Salesforce, Google Ads, HubSpot), those integrations add their own transfers under SCCs and the EU US Data Privacy Framework, which must be documented separately.
Sign Albacross''s Data Processing Agreement, choose the cookieless mode by default, document a Legitimate Interest Assessment in your records, mention Albacross in your privacy notice as a Swedish processor handling visitor IPs, allow visitors to object, restrict pushed data to firmographic and not personal data where possible and audit any onward integrations to US tools.
Websites using Albacross must obtain user consent under GDPR regulations.
DPIA considerations
Albacross identifies the company associated with a visitor IP and enriches that company's record with firmographic data. Key DPIA considerations: (1) the visitor IP is personal data under GDPR but it is used to derive company information, not to profile individuals; (2) the tracking script can be configured cookieless, which significantly reduces the ePrivacy load; (3) legitimate interest is the typical basis but must be balanced and disclosed clearly in the privacy notice; (4) optional integrations with US tools (Salesforce, HubSpot, Google Ads) add their own transfer questions; (5) the firmographic enrichment uses third party data sources and bears its own provenance considerations; (6) Albacross is a Swedish controller, which simplifies the EU compliance posture compared to US based visitor identification vendors.
Sample consent text
We use Albacross, a Swedish B2B visitor identification platform, to understand which companies visit our website based on their IP address. Albacross processes data exclusively in the European Union, no cookies are required for the core identification. We rely on legitimate interest under Art. 6(1)(f) GDPR; you can object via our privacy contact.
Third-party domains contacted
albacross.comserve.albacross.comapi.albacross.comcdn.albacross.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| ab_session | Functional | Session | Optional first party session cookie used by Albacross to maintain session continuity when not running in the recommended cookieless mode. |
Albacross collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Albacross can be configured cookieless, which is the recommended default. In that mode, no cookies are set on the visitor browser, the IP is processed server side to identify the company. Some configurations may still set a small set of first party cookies for session continuity, which should be disclosed if used.
In cookieless mode, you do not need cookie consent because no information is stored on the visitor device. You still rely on legitimate interest for processing the IP, which requires a clear privacy notice and a right to object. If you enable optional cookies, those need a consent mechanism.
Legitimate interest (Art. 6(1)(f) GDPR) is the standard basis for B2B identification, balanced against the visitor's interests and rights. A Legitimate Interest Assessment should be documented. Consent (Art. 6(1)(a) GDPR) applies if you enable optional cookies or push data to marketing tools that themselves require consent.
Albacross processes data on AWS Stockholm (eu-north-1), inside the EEA, with operator Albacross Nordic AB in Sweden. No transfer to a third country is mandatory for the core identification. Onward integrations to US tools (Salesforce, Google Ads) must be assessed separately.
A DPIA is generally not required for basic Albacross deployment in cookieless mode because the risk is limited (no profiling of individuals, EU only processing). A DPIA is recommended if Albacross is connected to US ad platforms or CRMs, or if the firmographic enrichment feeds automated decision making.
Sign Albacross's DPA, deploy in cookieless mode, document a Legitimate Interest Assessment, mention Albacross in your privacy notice (Swedish processor, IP based identification), provide a right to object, push only firmographic data to onward integrations and audit any US connector.
EU based B2B visitor identification alternatives include Leadfeeder/Dealfront (Finland), Lead Forensics (UK), Visiblee (France), CANDDi (UK) and Zoominfo (US, but with EU data centres). For pure intent data without IP based identification, Bombora (US, opt in publisher network) or self hosted server side analytics may be options.
Disclose Albacross as a Swedish processor that uses your visitor IP to identify the visiting company, name the firmographic enrichment used, mention the legitimate interest basis, confirm that processing happens inside the EEA, link the Albacross privacy notice and DPA and provide a clear way to object.