Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Elementor is the most widely used drag and drop page builder for WordPress, with millions of active installations. The free plugin ships with a visual editor, a library of widgets and templates, and Elementor Pro adds advanced features such as forms, popups, dynamic content, theme builder and WooCommerce builder. Elementor itself does not set tracking cookies, but the widgets and integrations it ships (forms, popups, Google Maps, YouTube embeds, Marketing tags) can trigger their own consent obligations.
Elementor is a WordPress page builder used by millions of websites. The free plugin adds a visual editor that lets non technical users design pages by dragging widgets (headings, images, buttons, sections, accordions) directly on the page. Elementor Pro adds advanced features such as the form widget, popups, theme builder, WooCommerce builder, dynamic content and the recent Elementor AI assistants. Some customers run their Elementor site on their own hosting, others use the managed Elementor Cloud Website.
Elementor itself runs on the WordPress server and does not collect data about anonymous visitors. The plugin contacts Elementor servers for license activation, automatic updates, template library access and optional usage analytics that the operator can disable. Elementor Pro Forms stores submissions in the WordPress database. Elementor AI sends prompts and the generated content to Elementor''s AI provider. Widgets like Google Maps, YouTube, Vimeo, Facebook Page or third party plugins (Yoast SEO, WPML) trigger their own data flows that are independent of Elementor.
Elementor does not load tracking cookies by itself, so it does not directly trigger the ePrivacy consent rule on visitor pages. The website operator remains the controller of all data collected through forms, popups and embedded widgets, and must rely on Article 6(1)(a), (b) or (f) GDPR depending on the use case. Editor accounts and license usage data sent to Elementor Ltd. are processed on the basis of the contract between the operator and Elementor.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Elementor Ltd. is established in Israel, which benefits from an EU adequacy decision under Article 45 GDPR, allowing transfers without additional safeguards. Elementor Cloud runs on Google Cloud, with EU regions available. License servers, support tooling and the AI sub processor (typically OpenAI) can be located in the United States. For those flows Elementor relies on the EU Standard Contractual Clauses under Article 46(2)(c) GDPR and the EU US Data Privacy Framework.
In the WordPress admin, disable the optional Elementor usage tracking, review the consent text on Elementor Pro Forms and connect the forms to a GDPR friendly email service. Decide whether Elementor AI is allowed for editors who handle personal data. For every Elementor widget that loads external content (Google Maps, YouTube, Vimeo, Facebook, Twitter, Mailchimp), gate the embed behind a consent management platform compatible with WordPress (Complianz, Cookiebot, Iubenda, CookieYes). Document Elementor Ltd. as a processor in your record of processing activities.
Websites using Elementor must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required for a small Elementor based site. A DPIA is recommended when Elementor Pro Forms is used at scale to collect personal data (lead generation, recruiting, health questionnaires), when Elementor AI processes user content or when popups and dynamic content target identified visitors in regulated sectors.
Sample consent text
This website is built with Elementor, a WordPress page builder provided by Elementor Ltd. (Israel). Elementor itself does not load marketing or analytics cookies, but the widgets we have configured (Google Maps, YouTube, embedded forms, popups) may load third party scripts. By accepting, you allow these scripts to run and the related data transfers, including outside the European Economic Area, under EU Standard Contractual Clauses or adequacy decisions.
Third-party domains contacted
elementor.commy.elementor.comelementor-pages.comgo-elementor.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| elementor_* | Strictly necessary (admin only) | Session | Set in the WordPress admin while a user edits a page with Elementor. Stores editor preferences, expanded panels and recently edited templates. Not present on the public website. |
| wp-elementor | Strictly necessary (admin only) | 1 year | Stores Elementor admin user interface preferences (panel size, last opened tab) for authenticated editors only. |
Elementor collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Elementor itself does not set tracking, analytics or marketing cookies on the visitor browser. Some Elementor widgets that embed external content (Google Maps, YouTube, Facebook, Twitter, Mailchimp) trigger cookies from those third party services, which must be handled separately.
Consent is not required for Elementor as a page builder. Consent is required for any widget that loads third party content or sets non essential cookies (Google Maps, YouTube, Facebook embeds, marketing forms) and for any tracking pixel placed on top of an Elementor page via the Site Settings or a custom HTML widget.
For Elementor Pro Forms, the legal basis is typically consent under Article 6(1)(a) GDPR for marketing leads, or performance of a contract under Article 6(1)(b) GDPR for service related submissions. For Elementor license activation and updates, the lawful basis is the performance of the contract with Elementor Ltd.
Israel benefits from a European Commission adequacy decision under Article 45 GDPR, allowing transfers to Elementor Ltd. without additional safeguards. Elementor Cloud is hosted on Google Cloud with EU regions available. US flows (license servers, support tooling, Elementor AI sub processors) rely on the EU Standard Contractual Clauses under Article 46(2)(c) GDPR and the EU US Data Privacy Framework.
A DPIA is not required for a small Elementor based marketing site. A DPIA is recommended when Elementor Pro Forms is used to collect health, financial or other sensitive data at scale, when Elementor AI processes personal data or when popups and dynamic content target identified visitors in regulated sectors.
Disable optional usage tracking in Elementor, review forms and add explicit consent checkboxes where needed, decide whether Elementor AI is allowed for sensitive content, replace third party embeds (YouTube, Google Maps) with no cookie alternatives or load them only after consent through a consent management platform compatible with WordPress, and document Elementor as a processor in your record of processing activities.
European or open source alternatives include Bricks Builder (Germany), Breakdance (US), Brizy (Cyprus), Oxygen Builder (US), Cwicly (UK), Gutenberg with the WordPress core block editor and FullSiteEditing, or moving to a different stack (Webflow, Framer, Astro). The right choice depends on team skills, performance budget and design freedom.
Mention Elementor Ltd. (Israel) as a processor for the page builder, state that Elementor itself does not set tracking cookies, list any embedded service used on the site (Google Maps, YouTube, Facebook, Mailchimp) together with its own cookies and explain that Elementor Cloud, if used, hosts the site in a Google Cloud region with EU options.