Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Envoke is a Canadian email marketing and marketing automation platform designed around the strict consent requirements of CASL (the Canadian Anti Spam Law). It manages subscribers, opt in forms, email campaigns, automation and engagement reporting. EU operators benefit from the European Commission's adequacy decision for Canada's commercial sector, which simplifies international transfers. The Envoke web tracking still requires prior cookie consent on the customer website.
Envoke is a Toronto based email marketing and automation platform built with a strong focus on the Canadian Anti Spam Law (CASL). It manages subscriber consent tracking, double opt in flows, segmentation, broadcasts, automations and engagement analytics. It is popular with Canadian universities, non profits and SMEs but is also used by some European operators.
Subscriber email, name, custom fields, segmentation tags, consent proof (CASL friendly), email open and click engagement, IP address at open time, user agent, link destinations, and web tracking data when the optional pixel is embedded on the customer website.
For EU senders, marketing emails need consent or the soft opt in. Web pixel cookies need prior consent under article 5(3) ePrivacy. Envoke''s emphasis on CASL consent tracking is generally helpful to demonstrate GDPR compliance because both frameworks insist on documented, granular and renewable consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Use the Envoke double opt in flow, log consent proof, allow easy unsubscribe and offer a granular preference centre. Gate any Envoke web tracking pixel behind a Consent Management Platform on EU websites.
Canada''s commercial sector has been recognised as adequate by the European Commission, so the core Envoke processing in Canada does not need Standard Contractual Clauses. Any sub processor outside Canada and the EEA (US analytics, AWS US regions if used) still needs proper transfer coverage.
Sign the Envoke DPA, document the Canadian adequacy decision in your records of processing, gate web pixels behind consent, use double opt in, retain consent evidence per subscriber, set a retention policy on inactive contacts, and review sub processor regions.
Websites using Envoke must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required for routine email marketing with Envoke. It becomes appropriate at scale when profiling drives automated decisions or when sensitive segments are processed. Document subscriber sources, consent provenance, retention and the Canadian transfer.
Sample consent text
We use Envoke to send our newsletters and marketing emails. Envoke is a Canadian company whose data processing is covered by the European Commission's adequacy decision for Canada. Tracking cookies set by Envoke on our website are only activated after your consent.
Third-party domains contacted
envoke.comapp.envoke.comlinks.envoke.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| envoke_vid | persistent | 1 year | First party visitor identifier used by the Envoke web pixel to attribute on site behaviour to email subscribers. Requires consent. |
| envoke_sid | session | session | Session identifier used by Envoke web pixel to group page views into one session. Requires consent. |
Envoke collects user analytics data — you legally need a consent banner. Try FlowConsent free.
The Envoke web tracking pixel sets a first party visitor identifier cookie and a session cookie on the customer website. Strictly necessary cookies of the customer's own application are not affected. The Envoke cookies are analytics related and require prior consent.
Yes for web tracking cookies. For marketing emails, EU senders need consent or the soft opt in. CASL requires explicit consent for Canadian recipients; Envoke's opt in flow is designed to capture and store this consent.
Web pixel: consent. Email marketing: consent under GDPR article 6(1)(a) for cold prospects, soft opt in for existing customers. Transactional emails: performance of contract. Engagement analytics: legitimate interest with transparency.
Yes, to Canada. Canada's commercial sector benefits from a European Commission adequacy decision under PIPEDA, so this transfer does not require SCCs. Other sub processors may sit elsewhere and need their own coverage.
Typically not for routine marketing. A DPIA becomes appropriate when Envoke is used to profile EU recipients at scale, drive automated decisions or combine with sensitive segments.
Sign the DPA, gate web tracking behind a Consent Management Platform, use double opt in, store consent evidence per subscriber, allow easy unsubscribe, set retention on inactive contacts and review sub processor regions outside Canada.
Alternatives include Mailchimp, Brevo (Sendinblue), ActiveCampaign, Constant Contact, Mailerlite, GetResponse and EU based platforms like Mailjet. For Canadian compliance specifically, Cyberimpact and Envoke are the two CASL focused options.
List the Envoke pixel cookies with vendor, purposes (email engagement tracking, on site behaviour), retention and legal basis (consent). Add a sentence on Canadian processing under adequacy. Update on sub processor changes.