Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Hostinger Website Builder is a hosted, drag and drop site builder, formerly known as Zyro, that lets users publish responsive websites, blogs, and small ecommerce stores from a single dashboard with built-in analytics, forms, and optional marketing integrations.
Hostinger Website Builder is the hosted no code editor offered by Hostinger International, the Lithuanian web hosting provider. It evolved from the Zyro product, which Hostinger acquired and merged into its main control panel. Users sign up, pick a template or use the AI generator, customise pages with a drag and drop editor, and publish to a Hostinger subdomain or a custom domain. The platform handles hosting, certificates, image optimisation, and basic SEO. It also bundles modules for blog, contact forms, newsletter sign-ups, simple ecommerce, online booking, and live chat, often with optional integrations to Google Analytics 4, Google Tag Manager, and Meta Pixel.
A baseline Hostinger Website Builder site sets a small number of strictly necessary cookies to maintain the session, the cart on ecommerce pages, CSRF protection, language preference, and the consent banner state. As soon as integrations are enabled, additional cookies appear, including the GA4 _ga family, Meta Pixel _fbp, Google Tag Manager identifiers, embedded YouTube or Vimeo cookies, third-party live chat identifiers, and any custom code added through the integrations panel. The builder also uses local storage for editor previews on the staff side, but for visitors the main artefacts remain HTTP cookies and the occasional pixel.
Even though the builder is hosted in the EU by an EU established provider, the site operator remains the data controller for visitor data. GDPR applies to forms, ecommerce orders, comments, and any analytics. ePrivacy Article 5(3) applies to all non strictly necessary cookies and similar storage. The CNIL, the AEPD, and the German DSK have made it clear that the convenience of a builder does not exempt operators from showing a clear consent banner, refusing tracking by default, and providing genuine opt out mechanisms once tracking is enabled.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Most compliance risk on Hostinger Website Builder comes from optional third-party integrations rather than the platform itself. GA4 sends event data and IP based identifiers to Google in the United States, Meta Pixel transmits browsing and conversion events to Meta, embedded YouTube videos load Google cookies, and live chat or booking widgets may host their data outside the EEA. Each integration must be assessed against Standard Contractual Clauses, the EU: US Data Privacy Framework, and a transfer impact assessment, and disclosed clearly in the privacy notice.
Hostinger ships a basic cookie banner that operators can enable and customise, but for a serious site the recommended setup is a dedicated consent management platform. Configure it to block GA4, Meta Pixel, embedded videos, and live chat scripts until the visitor opts in for the corresponding categories. Use Google consent mode v2 if you keep GA4, restrict ecommerce identifiers to what is needed for fulfilment, and ensure that the builder's own forms and newsletter sign-ups capture consent for marketing communications separately.
Map every cookie and integration in your site, including those added through custom HTML. Update the privacy notice and cookie policy to list each purpose, controller, retention, and transfer mechanism. Sign Hostinger's data processing addendum, plus separate addenda for each third-party integration. Set retention on GA4, disable signals you do not need, and document a DPIA for ecommerce or sensitive forms. Test the site with consent denied to verify that no analytics or advertising cookie is dropped before opt in.
Websites using Hostinger Website Builder must obtain user consent under GDPR regulations.
DPIA considerations
A full DPIA is not always required for a basic showcase site, but it is recommended whenever the builder is used with ecommerce, contact forms processing sensitive data, GA4 with extended retention, or advertising pixels such as Meta Pixel. Document the categories of personal data, the cookies and storage used, the legal basis for each purpose, the transfers triggered by integrations, and the retention. The CNIL, BfDI, and AEPD all expect this analysis to be available before activating tracking integrations.
Sample consent text
This site is built with Hostinger Website Builder. We use strictly necessary cookies to keep the site, login, and cart working, and, with your consent, additional cookies for analytics, marketing pixels, and embedded widgets that may transfer data to the United States. You can accept, refuse, or change your choice at any time from the cookie settings link in the footer.
Third-party domains contacted
hostinger.combuilder.hostinger.comzyro.comcdn.zyrosite.comcdn.hostinger.comwww.google-analytics.comconnect.facebook.netCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| hostinger_session | first_party | Session | Strictly necessary session cookie used by Hostinger Website Builder to keep the visitor logged in to member areas and to maintain CSRF protection. |
| cart | first_party | 30 days | Strictly necessary ecommerce cookie that stores the contents of the shopping cart while the visitor browses the site. |
| lang | first_party | 1 year | First-party cookie that remembers the visitor language preference selected on the site. |
| consent_state | first_party | 6 months | First-party cookie that stores the visitor cookie banner choices so the banner is not shown again on each page view. |
| _ga | third_party | 2 years | Optional Google Analytics 4 cookie used to distinguish users when the GA4 integration is enabled in the builder. |
| _fbp | third_party | 90 days | Optional Meta Pixel cookie used to identify visitors for advertising attribution when the Meta Pixel integration is enabled. |
Hostinger Website Builder collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Yes, but only a small number of strictly necessary cookies for the session, security, language, and the consent banner. Tracking and marketing cookies are only set when the operator activates integrations such as GA4, Google Tag Manager, Meta Pixel, embedded videos, or live chat. Those non essential cookies require prior consent under ePrivacy Article 5(3).
If you enable Google Analytics 4 or any third-party analytics through the builder, consent is required before the cookies are set. Hostinger's built-in basic analytics also rely on identifiers stored on the visitor device, so they should be configured to either run in an anonymous, identifier free mode or be gated behind consent. The CNIL, AEPD, and BfDI all consider general purpose audience analytics as non essential.
Order processing relies on Article 6(1)(b) GDPR for the performance of the contract, since the data is necessary to deliver and invoice the order. Strictly necessary cart cookies fall under the Article 5(3) ePrivacy exemption. Marketing emails, abandoned cart sequences, and personalised retargeting need a separate Article 6(1)(a) consent and an opt in moment in the checkout flow.
Hostinger hosts the publishing layer in EU regions, but Cloudflare delivers cached assets globally and most optional integrations route data to the United States. Transfers should be covered by Standard Contractual Clauses and, where applicable, the EU: US Data Privacy Framework certification of the recipient. A transfer impact assessment is recommended for GA4, Meta Pixel, and live chat.
A DPIA is not always required for a small showcase site, but it becomes recommended for ecommerce, sensitive contact forms, GA4 with long retention, or advertising pixels. Document the data flows, the legal basis, the integrations, the retention, and the residual risk after consent gating, and review the DPIA whenever you enable a new module or integration.
Either configure Hostinger's built-in banner to block scripts before opt in, or install a dedicated consent management platform via the integrations panel. Make the refuse choice as easy as the accept choice, group cookies by purpose, and ensure the banner blocks GA4, Meta Pixel, embedded videos, and live chat until consent is granted. Log the proof of consent and offer a link to change preferences.
When consent is refused, keep the site fully functional through strictly necessary cookies and offer aggregated, identifier free reporting. You can switch to a privacy first analytics tool like Matomo configured without cookies, embed videos in privacy enhanced mode where supported, and rely on contextual marketing rather than retargeting pixels. Forms still work, but should not pre fill from analytics signals.
List Hostinger International Ltd as the hosting provider and processor of the publishing layer, mention Cloudflare for content delivery, and detail every cookie set, its duration, and purpose. Add separate entries for each enabled integration such as GA4, Meta Pixel, or live chat, including the controller, the legal basis, the transfer mechanism, and the contact details for exercising data subject rights.