Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
CNZZ is a free web analytics service from Alibaba Group (Umeng+) that measures audience, sources of traffic and on site behaviour, widely used by Chinese websites and by international sites targeting Chinese users.
CNZZ (站长统计) is a free web analytics product owned by Alibaba Group and folded into the Umeng+ platform. It is one of the most popular analytics services in the Chinese internet ecosystem and is frequently embedded by Chinese site builders and apps. European publishers may encounter it on white labelled Chinese themes, on Chinese affiliate networks, or after migrating from a Chinese host.
CNZZ is implemented as a JavaScript snippet (typically loaded from s4.cnzz.com or s95.cnzz.com) that fires a beacon on every pageview. The dashboard reports visitors, pageviews, sessions, bounce rate, source and medium, geography and device. Premium tiers add funnel analysis, event tracking, and integration with the Alibaba advertising stack.
CNZZ sets cookies such as CNZZDATA<id> on the publisher domain and uses additional third party cookies on cnzz.com. It collects the IP address, user agent, referrer, page URL, screen resolution, language, and a stable visitor identifier. Reports are accessible from the umeng.com console.
IP addresses and persistent identifiers are personal data. The CNZZ tag writes cookies that are not strictly necessary, so Article 5(3) ePrivacy and Article 6(1)(a) GDPR require prior, freely given, specific, informed and unambiguous consent before the tag is loaded. Alibaba acts as an independent controller for its own analytics and advertising purposes, alongside any processor role under contract.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
All CNZZ events go to Alibaba servers in mainland China. China is not recognised as providing an adequate level of data protection. Transfers therefore require Article 46 safeguards (Standard Contractual Clauses) plus a Transfer Impact Assessment that accounts for Chinese state access powers under PIPL, the Cybersecurity Law and the Data Security Law. As of writing, Alibaba does not publish EU SCCs for CNZZ, making lawful deployment very difficult.
Audit your site to confirm CNZZ is intentional. Block the s4.cnzz.com or s95.cnzz.com script by default in your CMP. Load it only after the visitor explicitly accepts the analytics category. Disclose the China transfer in your cookie banner and privacy notice. For European audiences, replace CNZZ with Matomo, Plausible, Piwik PRO or another EU hosted analytics service.
Websites using CNZZ must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is strongly recommended. CNZZ combines large scale behavioural profiling with a systematic transfer to mainland China, where state access powers under PIPL, the Cybersecurity Law and the Data Security Law are broad. Document the purposes, the retention, the SCCs (if Alibaba publishes any), and the Transfer Impact Assessment.
Sample consent text
We use CNZZ (Alibaba Umeng+) to measure how our site is used. This service places cookies and transfers your data to servers in China. We only activate it after you click Accept in our cookie banner.
Third-party domains contacted
s4.cnzz.coms95.cnzz.comcnzz.mmstat.comlog.cnzz.comwww.umeng.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| CNZZDATA<id> | http_cookie | 1 year | First party visitor identifier set by the CNZZ tag on the publisher domain, used to recognise returning visitors and compute sessions. |
| umeng_uid | http_cookie | 2 years | Cross site visitor identifier used by the Umeng+ network to consolidate analytics across all sites running CNZZ. |
| umeng_it_v1 | http_cookie | Session | Session signature used by Umeng+ servers to validate the incoming beacon and prevent forged events. |
CNZZ collects user analytics data — you legally need a consent banner. Try FlowConsent free.
CNZZ sets a CNZZDATA<id> cookie on the publisher domain to identify the visitor across sessions and may use additional cookies on cnzz.com for cross site recognition. The IP, user agent, referrer, URL, resolution and language are also collected on every request.
Yes. CNZZ writes non strictly necessary cookies and processes IP and persistent identifiers. Article 5(3) ePrivacy and Article 6(1)(a) GDPR require prior consent before the s4.cnzz.com or s95.cnzz.com tag is loaded.
Consent under Article 6(1)(a) GDPR is the appropriate basis. Legitimate interest cannot reasonably be invoked given the third country transfer to China and the role of Alibaba as an independent controller for its own analytics and advertising purposes.
Yes. All CNZZ data is sent to Alibaba servers in mainland China. China has no EU adequacy decision. Transfers require SCCs and a Transfer Impact Assessment that addresses the access powers granted by PIPL, the Cybersecurity Law, and the Data Security Law.
A DPIA is strongly recommended. CNZZ combines systematic visitor profiling, third country transfers, and an independent controller relationship with Alibaba, several criteria that meet the EDPB DPIA threshold.
Audit the site for unintended CNZZ embeds. If kept, block s4.cnzz.com and s95.cnzz.com in your CMP, require explicit consent, and disclose the transfer in your privacy notice. Otherwise remove the tag and replace it with an EU hosted analytics service.
For European audiences, prefer Matomo, Plausible, Piwik PRO, Fathom or Umami. These tools host data in the EU, support cookieless modes, and are designed with GDPR in mind. Reserve CNZZ only if you specifically need Chinese mainland analytics.
List CNZZ as a third party analytics service in your cookie policy. Mention the CNZZDATA cookies and their lifetime, the cnzz.com third party cookies, the data sent to Alibaba in China, the legal mechanism for the transfer, and the right to withdraw consent.