Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Gator is an email marketing and engagement platform that lets businesses design, send and measure email campaigns and tie email engagement back to on site behaviour through pixels, links and cookies. For EU senders, Gator triggers GDPR obligations on lawful basis for marketing, recipient consent management, and ePrivacy obligations on any on site cookies it sets through landing pages.
Gator is an email marketing and engagement platform. Senders compose campaigns in the Gator editor, send to subscribers, and measure deliveries, opens, clicks and downstream conversions. Gator embeds a tracking pixel in each email and rewrites links through its own redirector. An optional JavaScript snippet on the sender''s website ties email engagement back to on site behaviour and conversions.
Subscriber email, name, custom attributes provided by the sender, IP address at open time, user agent, geolocation derived from IP, email open and click events, link destination, on site cookies and conversion events when the JavaScript snippet is deployed.
Sending marketing email to EU recipients requires either consent or the soft opt in for existing customers under recital 47 GDPR and national ePrivacy transpositions. The tracking pixel itself is server side and does not store anything on the device. The on site cookies set by Gator on landing pages do require prior consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Capture explicit consent at subscription with a clear privacy notice. Provide a one click unsubscribe in every email. Manage soft opt in only for existing customers and for similar products. Gate any on site Gator cookie behind a Consent Management Platform.
Gator stores subscriber data and engagement logs on US infrastructure. Transfers rely on SCCs, on the EU US Data Privacy Framework where Gator is certified, and on supplementary measures such as encryption and strict access controls. Review the sub processor list.
Sign a DPA, request the sub processor list, configure double opt in for new subscribers, document the legal basis per audience segment, gate the on site snippet behind consent, set conservative retention, and run a DPIA for profiling. Update the privacy notice and cookie policy to reflect Gator''s activity.
Websites using Gator must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended where Gator profiles EU recipients based on engagement, segments large databases, or imports personal data from third parties. Document necessity, retention of engagement logs, the use of tracking pixels, the on site cookies, transfers to the US and the safeguards.
Sample consent text
We use Gator to send marketing emails and measure their engagement, including open and click tracking. Email engagement data is processed on Gator's US infrastructure under Standard Contractual Clauses. Any cookies dropped by Gator on our website require your consent.
Third-party domains contacted
gator.ioapp.gator.iotrack.gator.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| gtr_visitor | persistent | 1 year | First party visitor identifier used by Gator on site snippet to attribute on site behaviour to a known email recipient. Requires consent. |
| gtr_session | session | session | Session identifier used by Gator on site snippet to group page views into a single session. Requires consent. |
Gator collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Gator does not set cookies through the tracking pixel in emails (it works server side). When the optional on site snippet is loaded, Gator may set a first party visitor cookie and a session cookie to attribute on site behaviour to a known recipient. These on site cookies require prior consent.
For sending marketing emails, you need either consent under article 6(1)(a) GDPR or the soft opt in for existing customers (recital 47 and ePrivacy transpositions). For any cookie Gator sets on your website, prior consent under article 5(3) ePrivacy is required.
Marketing: explicit consent for cold prospects, soft opt in for existing customers and similar products. Service emails (order confirmations): performance of contract. On site cookies: prior consent. Profiling based on engagement: consent if it leads to significant decisions.
Yes. Subscriber and engagement data is processed on US infrastructure. Transfers rely on Standard Contractual Clauses, on the EU US Data Privacy Framework when Gator is certified, and on supplementary measures such as encryption and access controls.
A DPIA is recommended when Gator is used to profile EU recipients based on engagement, to merge external data sources, or to drive automated decisions. Cover purposes, retention, profiling, sub processors and US transfers.
Sign a DPA, configure double opt in for new contacts, document the lawful basis per segment, embed a clear unsubscribe link, gate the on site snippet behind consent, set short retention on engagement logs and limit access to the platform.
EU friendly alternatives include Brevo (Sendinblue), Mailjet, ActiveTrail, Klaviyo (with EU controls), Mailerlite, GetResponse, Sarbacane and Mailing Manager. Several offer EU data residency, which simplifies transfer compliance.
List the Gator on site cookies (visitor and session identifiers), purposes (email attribution, on site engagement), lifetime, and legal basis (consent). Mention the transfer of subscriber and engagement data to the US in the broader privacy notice rather than the cookie policy. Refresh on sub processor changes.