Does your website use third-party services? Get GDPR compliant in minutes.

Makeswift

What does Makeswift do?

Makeswift is a US visual builder for Next.js sites that lets non technical users edit React components in a drag and drop interface; the editor is admin only, and the published site does not require visitor consent unless analytics or personalisation are added.

What is Makeswift

Makeswift is a US visual page builder designed for Next.js applications, acquired by BigCommerce in 2024. It allows marketers and content authors to edit React components and pages through a drag and drop interface while developers control the underlying code base. The Makeswift backend runs in the United States and stores the page schemas, asset library and editor sessions. The public site itself, deployed on Vercel or another host, only ships static HTML and the React runtime, which means most published pages do not call Makeswift at runtime.

What data and cookies does Makeswift use

In the editor (admin) context, Makeswift stores authentication cookies such as makeswift_session, makeswift_csrf and edge cookies for the editor host. These are first party cookies bound to the editor domain. On the published public site there is generally no Makeswift cookie unless a custom React component is configured to call Makeswift APIs at runtime, for example for personalisation or A/B testing. The platform does not embed third party advertising trackers by default.

GDPR and ePrivacy implications

For end users browsing the public site there is no need for consent if the page does not load Makeswift at runtime. The editor cookies are processed under Article 6(1)(b) GDPR (contract with the editor user) and the data flow stays inside the admin perimeter. If you embed analytics, video or personalisation through a Makeswift component, the underlying tag (for example Google Analytics, Meta Pixel) keeps its own consent obligation under Article 5(3) ePrivacy and must be controlled by your CMP.

Get GDPR compliant in 10 minutes

Free plan available · No credit card required

Try FlowConsent free

International data transfers

Makeswift backend services run on US cloud infrastructure. Transfers from the EEA covering editor sessions and asset uploads must be governed by Standard Contractual Clauses with BigCommerce as the controller of last resort, supplemented by EU US Data Privacy Framework certification when available, and a transfer impact assessment. The end user perimeter usually stays in the EEA when the public site is rendered statically and hosted on EU infrastructure.

Practical compliance steps

Restrict the Makeswift editor to authorised marketers and developers. Sign SCCs with BigCommerce, run a transfer impact assessment focused on editor sessions and asset uploads, and document Makeswift in your record of processing activities. Audit each Makeswift component you publish to check whether it embeds analytics, video or personalisation tags. If it does, ensure those third party tags are blocked behind your CMP and aligned with your cookie policy.

GDPR consent category

Analytics

Websites using Makeswift must obtain user consent under GDPR regulations.

Legal basisArticle 6(1)(b) GDPR (contract) for the editor user accounts. Article 6(1)(f) GDPR (legitimate interest) for product analytics. Article 6(1)(a) GDPR (consent) is required for any optional analytics or personalisation feature added on the public site.

Risk levellow

Applicable regulationsGDPR, ePrivacy Directive (Article 5(3)), CNIL France, BfDI Germany, AEPD Spain, ICO UK PECR

DPIA considerations

Low risk for the public site as long as no tracking is added through the editor. Document the use of the Makeswift editor (admin only) and review any third party integration enabled inside a Makeswift component.

Sample consent text

Makeswift is the visual editor used by our team to build pages. It does not track you on the public website. Any analytics or third party tool added through Makeswift is listed separately and respects your cookie choices.

Technical details

Tracking methodJavaScript visual editor SDK loaded into Next.js or React applications, first party cookies for editor sessions, optional integrations with web analytics

Server locationUnited States (Vercel and AWS US infrastructure for the visual editor backend); customer Next.js sites can be deployed in any region

Cookieless tracking availableYes

Data transferred outside the EUMakeswift is a US vendor (acquired by BigCommerce) running its visual editor backend on US cloud infrastructure. Editor sessions for marketers and developers fall under transfer rules. The published Next.js website itself does not necessarily transfer end user data to Makeswift unless personalisation features are used.

Third-party domains contacted

makeswift.comapp.makeswift.comcdn.makeswift.com

Cookies placed

Name	Type	Duration	Purpose
makeswift_session	first_party	session	Editor authentication session cookie that identifies the logged in editor user inside the Makeswift admin domain.
makeswift_csrf	first_party	session	CSRF protection cookie used to harden editor requests against cross site request forgery.

Makeswift collects user analytics data — you legally need a consent banner. Try FlowConsent free.

Get started free Scan your site

Frequently asked questions

Which cookies does Makeswift set?

In the editor context Makeswift sets first party cookies such as makeswift_session, makeswift_csrf and edge cookies bound to the editor domain. On the public site there is generally no Makeswift cookie unless a custom component calls Makeswift APIs at runtime.

Is consent required to use Makeswift in the EU?

Not for the public visitor when the published site is statically rendered and does not call Makeswift at runtime. Editor cookies rely on the contract with the authenticated user. Any third party tag added through a Makeswift component keeps its own consent obligation under Article 5(3) ePrivacy.

What is the legal basis for processing through Makeswift?

Article 6(1)(b) GDPR (contract) for editor accounts and asset management. Article 6(1)(f) (legitimate interest) for product analytics. Article 6(1)(a) (consent) is required for any optional analytics or personalisation feature deployed through a Makeswift component on the public site.

Does Makeswift transfer data to the United States?

Yes. Makeswift backend services run on US cloud infrastructure under BigCommerce. Transfers from the EEA covering editor sessions and asset uploads must be governed by SCCs and a transfer impact assessment, supplemented by EU US Data Privacy Framework certification when available.

Do I need a DPIA for Makeswift?

A formal DPIA is generally not mandatory for the standard editor and statically rendered public site. A targeted DPIA is recommended if you publish Makeswift components that perform personalisation, A/B testing or behavioural tracking on a large public audience.

How do I implement Makeswift in a GDPR compliant way?

Restrict editor access to authorised users, sign SCCs with BigCommerce, run a transfer impact assessment for editor sessions and asset uploads, document Makeswift in your record of processing activities, audit each Makeswift component for embedded analytics or personalisation, and route those tags through your CMP.

Are there alternatives to Makeswift?

Other Next.js or React friendly visual builders include Builder.io (US, EU residency available), Plasmic (US), TakeShape (US), Storyblok (Austria), DatoCMS (Italy) and Sanity Studio (Norway). For EU residency, Storyblok, DatoCMS and Sanity are the strongest privacy first options.

How should I update my cookie policy for Makeswift?

Mention that Makeswift is the visual editor used by your team to build pages and that the editor itself is admin only. List any third party tag embedded through a Makeswift component (analytics, video, personalisation) under its own purpose with a cookie disclosure and a consent withdrawal mechanism.

Get compliant — Try FlowConsent free

Free plan · 10-min setup