Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Divi is a WordPress theme and visual builder developed by Elegant Themes (San Francisco, USA). It combines a flexible parent theme with the Divi Builder, a drag and drop page editor, plus a library of layouts, modules and global elements. Divi runs on the merchant's own WordPress server and does not set tracking cookies by default. The Bloom (email opt in) and Monarch (social sharing) add ons can introduce their own cookies or third party flows.
Divi is one of the most established WordPress themes and visual builders, developed by Elegant Themes since 2013. It bundles a flexible parent theme, the Divi Builder visual editor, the Divi Theme Builder for templates, a wide library of layouts and modules, the Divi Cloud asset library, the Bloom email opt in plugin, the Monarch social sharing plugin and the Divi AI assistant. Many freelancers and agencies use Divi as their default WordPress stack for marketing and small business websites.
Divi itself runs on the WordPress server and does not collect data about anonymous visitors. The theme contacts Elegant Themes for license activation, automatic updates, Divi Cloud sync and Divi AI generations. The Bloom plugin stores email opt ins in the WordPress database and may set cookies that remember whether a popup has already been shown. Monarch social sharing buttons can load remote scripts from Twitter, Facebook, LinkedIn or Pinterest. The Divi Marketplace and third party Divi modules can introduce additional flows.
The plain Divi theme does not trigger the ePrivacy consent rule because it does not write information to the device. Bloom popups, Monarch buttons, embedded YouTube or Google Maps modules and any marketing tag placed via the Theme Options or Custom CSS can fall outside strictly necessary use and require consent under Article 6(1)(a) GDPR and Article 5(3) of the ePrivacy Directive. The site operator remains the controller for data collected by Divi Forms and similar modules.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Elegant Themes Inc. is established in the United States. License activation, automatic updates, Divi Cloud asset storage, Divi AI inferences and marketplace transactions take place on US infrastructure. Transfers rely on the Elegant Themes Data Processing Addendum, the EU Standard Contractual Clauses under Article 46(2)(c) GDPR and the EU US Data Privacy Framework, with TLS in transit, encryption at rest and standard hosting security controls.
In the WordPress admin, disable Bloom popups that fire before consent, swap Monarch native sharing scripts for static share buttons or load them through a consent management platform, and gate every Divi module that embeds external content (YouTube, Google Maps, Mailchimp, Facebook). Decide whether Divi AI is allowed for content that may contain personal data. Document Elegant Themes Inc. as a processor in your record of processing activities and update the privacy notice with the United States transfer details.
Websites using Divi must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is not required for a typical Divi marketing site. A DPIA may be considered when Bloom or third party Divi marketplace modules collect sensitive personal data at scale, when Divi AI is used on content that contains personal data, or when the site operates in a regulated sector and exposes personal data through Divi Forms or membership modules.
Sample consent text
This website uses the Divi theme by Elegant Themes Inc. (USA). Divi itself does not load marketing or analytics cookies, but the email opt in (Bloom), social sharing (Monarch) and third party Divi modules we have enabled may set additional cookies. By accepting, you allow these scripts to run and any related data transfers, including to the United States under EU Standard Contractual Clauses and the EU US Data Privacy Framework.
Third-party domains contacted
elegantthemes.comcdn.elegantthemes.comdivi.cloudCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| et_bloom_subscribed_to_* | Functional (Bloom) | 1 year | Set by the Bloom email opt in plugin when the visitor has subscribed to a specific opt in. Used to avoid showing the same popup again. |
| et_bloom_unique_count_* | Functional (Bloom) | 1 year | Counter cookie set by Bloom to limit how many times the same popup is shown to the visitor based on the configured frequency. |
| et_pb_ab_view_page_* | Analytics (A/B testing) | 1 year | Set by the Divi Leads A/B testing feature to remember which variation a visitor has seen, in order to keep them on the same variation across navigations. |
Divi collects user analytics data — you legally need a consent banner. Try FlowConsent free.
The Divi theme itself does not set tracking, analytics or marketing cookies. The Bloom popup plugin can set a small cookie to remember whether a popup has already been shown to the visitor, and Monarch sharing buttons can trigger third party cookies from Twitter, Facebook, LinkedIn or Pinterest.
Consent is not required for the Divi theme as such. Consent is required for Bloom popups that target non essential opt ins, for native Monarch share scripts, for embedded Divi modules (YouTube, Google Maps, Facebook) and for any marketing pixel added through Divi Theme Options.
Theme rendering and license activation rely on legitimate interest under Article 6(1)(f) GDPR and the performance of the contract with Elegant Themes under Article 6(1)(b) GDPR. Personal data collected by Divi Forms, Bloom opt ins or membership modules follows the legal basis chosen by the site operator.
Elegant Themes signs the EU Standard Contractual Clauses under Article 46(2)(c) GDPR via its Data Processing Addendum and confirms participation in the EU US Data Privacy Framework. Supplementary measures include TLS in transit, encryption at rest and standard hosting security controls used by the underlying cloud provider.
A DPIA is not required for a typical Divi marketing site. A DPIA may be relevant when Bloom or third party Divi modules collect sensitive personal data at scale, when Divi AI processes personal content or when the site operates in a regulated sector and exposes data via membership or e commerce modules.
Disable Bloom popups that trigger before consent, switch Monarch native scripts for static share buttons or load them through a consent management platform, gate embedded modules (YouTube, Google Maps, Facebook) behind the same CMP, document Elegant Themes Inc. as a processor and update the privacy notice with the United States transfer details.
Alternatives include Elementor (Israel), Bricks Builder (Germany), Brizy (Cyprus), Oxygen Builder (US), Astra theme with Spectra blocks, or moving to a different stack such as Webflow, Framer or Astro. The right choice depends on team skills, performance budget and the need for advanced theme builder features.
Mention Elegant Themes Inc. (USA) as a processor for the theme, state that Divi itself does not set tracking cookies, list any Bloom or Monarch cookies and the third party services they load, mention the United States transfer with SCCs and the EU US Data Privacy Framework and link to the Elegant Themes Privacy Policy.