Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Mailjet is an EU based email marketing and transactional email platform owned by the Sinch group. It is used to design newsletters, send transactional emails through SMTP or REST API, capture subscribers via on site forms and measure opens and clicks. Production data is hosted in France, which makes Mailjet one of the most GDPR friendly email service providers, but the open tracking pixel and on site signup widgets are still subject to GDPR and ePrivacy obligations.
Mailjet is an EU based email service provider used to send marketing campaigns, transactional emails and SMS through a single API and a drag and drop editor. The platform is operated by the Sinch group, with infrastructure primarily in France, and is widely adopted across Europe for its strong privacy posture.
Mailjet processes recipient lists (email addresses, first and last names, optional custom fields), email content, and engagement metrics computed from a 1x1 tracking pixel and a click redirect served from mjt.lu and mailjet.com. The optional on site signup widget loads a JavaScript snippet from app.mailjet.com that records form submissions and may set first party functional cookies.
Sending marketing emails to natural persons requires prior consent under Article 6(1)(a) GDPR and the ePrivacy Directive (transposed in PECR, French Code de la consommation, German UWG, Spanish LSSI). The open tracking pixel triggers Article 5(3) ePrivacy because it stores or accesses information on the recipient device when the email client renders the image. Tracking that occurs purely server side, without storage on the device, can rely on legitimate interest with a documented LIA.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
For B2C marketing, double opt in is strongly recommended and required in some EU jurisdictions (Germany). For B2B, the soft opt in regime allows companies to email contacts about similar products and services if their email was collected during a sale and they did not object. Every email must include a clear, one click unsubscribe link and the sender identification.
Production data is stored in France. Some Sinch group functions (support, anti abuse) may transfer data to Sweden, the United States, India or Singapore. Mailjet relies on the EU/US Data Privacy Framework certification of its US affiliates and Standard Contractual Clauses for non DPF jurisdictions. Sub processor lists are published and updated regularly.
Sign the Mailjet/Sinch DPA, document the legal basis for each list (consent for marketing, contract for transactional), implement double opt in where appropriate, configure the open tracking pixel to be disabled when consent is denied, set retention rules on lists and bounces, list sub processors in the privacy policy and process data subject requests within the GDPR deadlines.
Websites using Mailjet must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required for transactional emails sent through Mailjet. It can become relevant for large scale marketing programmes that include behavioural scoring, profiling, large recipient lists with sensitive data (health, finance) or systematic combination with offline CRM data.
Sample consent text
I would like to receive newsletters and promotional emails from this site, sent through Mailjet. Mailjet, part of Sinch, will process my email address in the European Union to deliver the messages and to measure opens and clicks. I can withdraw my consent at any time using the unsubscribe link in every email or by contacting the site.
Third-party domains contacted
mailjet.comapp.mailjet.commjt.luapi.mailjet.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| mj.preferences | persistent | 6 months | First party cookie set by the on site Mailjet signup widget to remember whether a visitor has already submitted the form and which preferences were selected. |
| mj_session | session | Session | Functional session cookie used by the Mailjet dashboard. Set when a logged in user navigates the back office, not on the public website. |
Mailjet collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Mailjet does not set persistent advertising cookies on the publisher site. The on site signup widget loaded from app.mailjet.com may set short lived first party cookies (mj.preferences) used to remember the form state. The open tracking pixel itself does not set cookies, but it can store an ID in cached resources of the email client.
Yes, for B2C marketing emails. Consent must be specific, informed and opt in, and ideally collected through a double opt in flow. Transactional emails directly tied to a purchase or service can rely on contract performance. B2B emails to similar professional roles can rely on the soft opt in regime where the recipient did not object and was contacted previously about similar products.
Consent (Art. 6(1)(a) GDPR) for marketing newsletters and the open/click pixel. Contract performance (Art. 6(1)(b) GDPR) for transactional confirmations, password resets, and order updates. Legitimate interest (Art. 6(1)(f) GDPR) only in narrow B2B soft opt in cases with a documented Legitimate Interest Assessment.
Mailjet hosts production data in France. Sinch group support and anti abuse functions may transfer data to Sweden (EU), the United States, India or Singapore. Transfers to the US rely on the EU/US Data Privacy Framework, transfers to other countries rely on Standard Contractual Clauses. The full list is published in the Mailjet sub processor list.
Not for transactional emails or small newsletters. A DPIA may be required for large scale marketing programmes that include behavioural scoring, profiling, sensitive data or systematic combination with offline data sources.
Sign the Mailjet/Sinch DPA, document the legal basis for each list, implement double opt in, include a one click unsubscribe in every email, disable the open pixel for users who did not consent to engagement tracking, set retention rules for inactive subscribers and process data subject requests through the platform.
Other EU based ESPs include Brevo (formerly Sendinblue, France), MailerLite (Lithuania), GetResponse (Poland), Sarbacane (France) and CleverReach (Germany). For developer focused transactional sending, Postmark, Resend and AWS SES Frankfurt are also widely used. The choice often depends on hosting region and the level of marketing automation needed.
List Mailjet (Sinch) as a processor with the purpose (email service provider), the legal basis depending on the email type, the storage location (France), the sub processors (Sweden, US, India, Singapore), the safeguards (DPF, SCC) and the retention periods. Mention the open and click tracking pixel separately if your privacy notice covers in email tracking.