Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
ChurnZero is a US based customer success platform used by SaaS companies to track product usage, score customer health, run NPS surveys and deliver in app messages, walkthroughs and Net Renewal Revenue plays. The JavaScript SDK loaded from analytics.churnzero.net writes first party cookies on the SaaS application, sends events to AWS US East and feeds dashboards visible to Customer Success Managers. EU customers can request data residency in AWS Frankfurt as a paid add on.
ChurnZero is a customer success platform incorporated as ChurnZero Inc. in Arlington, Virginia (USA). SaaS companies install the ChurnZero JavaScript SDK in their product to track every user action, the accounts those users belong to and the contracts behind them. The platform then produces health scores, automated playbooks, journey orchestrations, in app messages, walkthroughs and NPS surveys, and feeds the result back to Customer Success Managers in dashboards and to CRMs such as Salesforce or HubSpot.
The SDK writes first party cookies on the customer''s SaaS application (cz_session, cz_visitor) and a localStorage object that stores the ChurnZero contact ID, the account ID, the last seen timestamp and a synthetic event queue. Every event, page view and feature usage is sent over HTTPS to analytics.churnzero.net. Customer Success Managers can also import data from the customer''s CRM, support tool and billing system, which is then enriched with ChurnZero''s own behavioural data.
ChurnZero processes personal data of authenticated users, which under the GDPR is fully covered. Under Art. 5(3) ePrivacy the cz_session and cz_visitor cookies and the localStorage identifiers are not strictly necessary to deliver the SaaS service the user has paid for, so they require prior consent in the EU, even for B2B users. Health scoring and account level playbooks are also forms of profiling under Art. 4(4) and may trigger Art. 22 if decisions about the customer (price increases, downsell, automated emails) are taken without meaningful human intervention.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
For authenticated SaaS users, B2B legitimate interest can support behavioural analytics necessary to operate the contract and to prevent churn, provided a balancing test is documented and the user can object at any time. The cookies and localStorage themselves still require Art. 5(3) ePrivacy consent in most EU member states. In practice many SaaS companies surface a settings toggle Allow product analytics and respect Do Not Track or a CMP signal.
By default, ChurnZero processes EU customer data on AWS US East regions. EU data residency on AWS Frankfurt is available as a contractual add on for enterprise plans. The ChurnZero DPA includes the EU Standard Contractual Clauses (modules 2 and 3), the UK International Data Transfer Addendum, and references the EU US Data Privacy Framework. A Transfer Impact Assessment should review US surveillance laws and the additional risk of full text NPS comments and free text in app survey responses being processed in the US.
Sign the ChurnZero DPA, request EU data residency if available on your plan, integrate the SDK behind a product analytics toggle in your user settings or CMP, disclose ChurnZero in the privacy notice for your SaaS users, add the tool to your Article 30 record, document a Legitimate Interest Assessment and a Transfer Impact Assessment, and ensure that automated CS plays do not produce decisions with legal or significant effect without meaningful human review.
Websites using ChurnZero must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended because ChurnZero combines behavioural analytics, profiling for health scoring and automated in app interactions, often at scale and across multiple personas at customer accounts. The DPIA should cover health score profiling, NPS feedback, in app messaging triggers and the international transfer to the United States.
Sample consent text
We use ChurnZero (ChurnZero Inc., United States) to monitor product usage, score customer health, send in app messages and run NPS surveys for our authenticated users. ChurnZero sets first party analytics cookies, sends event data to AWS US East and may trigger walkthroughs and feedback prompts. International transfers are covered by SCCs and the EU US Data Privacy Framework.
Third-party domains contacted
analytics.churnzero.netapi.churnzero.netapp.churnzero.netchurnzero.netCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| cz_session | first_party | Session | Functional session cookie used by the ChurnZero SDK to keep an active tracking session for the authenticated SaaS user during their visit. |
| cz_visitor | first_party | 1 year | Long lived visitor identifier used by ChurnZero to stitch sessions across visits of the same browser and to map them to a ChurnZero contact ID. |
| ChurnZero.contactId | first_party | Persistent (localStorage) | localStorage key holding the ChurnZero contact identifier for the logged in user, used to attribute events to the right contact and account. |
| ChurnZero.eventQueue | first_party | Persistent (localStorage) | Offline event queue stored in localStorage. The SDK flushes the queue to analytics.churnzero.net when the user is online again. |
ChurnZero collects user analytics data — you legally need a consent banner. Try FlowConsent free.
The ChurnZero SDK writes cz_session (functional session), cz_visitor (long lived visitor identifier) and ChurnZero localStorage entries (contact ID, account ID, event queue, last seen timestamp). These are first party on the SaaS application but linked back to ChurnZero's US backend over analytics.churnzero.net.
Yes for the cookies and the localStorage identifiers under Art. 5(3) ePrivacy, even for authenticated B2B users. The behavioural analytics processing itself can sometimes rely on B2B legitimate interest, but only after a documented balancing test and with a working right to object.
Legitimate interest (Art. 6(1)(f) GDPR) for product analytics on authenticated B2B users with a documented LIA. Consent (Art. 6(1)(a) and Art. 5(3) ePrivacy) for cookies and localStorage. Contract performance (Art. 6(1)(b)) for support and billing.
Yes. By default ChurnZero processes EU customer data on AWS US East. EU residency in AWS Frankfurt is available as an enterprise add on. Transfers are covered by the EU Standard Contractual Clauses, the UK IDTA and the EU US Data Privacy Framework.
A DPIA is recommended because ChurnZero involves systematic monitoring of authenticated users, behavioural profiling (health scoring) and automated CS plays. Art. 35 GDPR triggers the obligation when at least two of these criteria are met.
Sign the DPA, request EU residency if available, gate the SDK behind a product analytics toggle in user settings or your CMP, list ChurnZero in your privacy notice and Article 30 record, document LIA and TIA, and ensure CS playbooks include human review for decisions with legal or similarly significant effect.
EU friendly customer success platforms include Planhat (Sweden), Custify (Romania, EU clusters), Hook (UK) and Vitally (US with EU residency). Generic product analytics options include Mixpanel EU, Amplitude EU, PostHog Cloud EU and self hosted PostHog or Plausible Events.
List cz_session, cz_visitor and ChurnZero's localStorage objects under product analytics in your cookie policy. In your privacy notice, name ChurnZero Inc. as a processor for customer success, describe the in app tracking, the US storage on AWS, the EU residency option, the international transfers with SCCs and DPF and the customer's right to object to profiling.