Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Northbeam is a US based marketing attribution and measurement platform that combines pixel data with server side ingestion to attribute ad spend across Meta, Google and TikTok.
Northbeam is a marketing attribution platform headquartered in the United States. It helps direct to consumer brands measure the performance of their advertising spend across Meta, Google, TikTok and other paid channels by combining browser pixel data with server side ingestion and click identifiers.
Northbeam sets first party cookies prefixed with nb_ on the publisher domain and may rely on third party cookies for cross site attribution. It collects IP addresses, click IDs such as fbclid and gclid, user agent strings, referrer URLs and conversion events. The data is sent to Northbeam servers in the United States, enriched and used to build attribution models.
Because Northbeam reads and writes identifiers on the user terminal and processes personal data for marketing attribution, it falls under Article 5(3) of the ePrivacy Directive and Article 6 of the GDPR. Prior, informed and granular consent is required before the script is loaded or any server side event is sent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Northbeam processes data in the United States, which is a third country under the GDPR. Transfers must be covered by Standard Contractual Clauses or, where Northbeam is certified, by the EU US Data Privacy Framework. A transfer impact assessment is recommended.
Load Northbeam only after explicit opt in via a Consent Management Platform, document the legal basis in your record of processing activities, list Northbeam in your cookie policy and privacy notice, and configure server side conversions to respect the consent signal received from the user.
Websites using Northbeam must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended due to systematic monitoring of online behaviour, combination of pixel and server side data, processing of IP addresses and click identifiers, and transfers to the United States.
Sample consent text
We use Northbeam to measure the performance of our advertising campaigns. Northbeam sets cookies and shares data with servers in the United States. Do you accept?
Third-party domains contacted
northbeam.ioapi.northbeam.ioj.northbeam.ioevents.northbeam.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| nb_session | marketing | 30 minutes | Identifies the current browsing session for attribution. |
| nb_user | marketing | 12 months | Persistent first party identifier used to link visits, conversions and ad clicks. |
| nb_click | marketing | 90 days | Stores the last click identifier (fbclid, gclid, ttclid) for cross channel attribution. |
| _nb_visitor | marketing | 24 months | Long term visitor identifier used to deduplicate users across sessions. |
| nb_consent | necessary | 6 months | Stores the user consent state for Northbeam tracking. |
Northbeam collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Northbeam sets first party cookies on the publisher domain, typically prefixed with nb_, to identify visitors and sessions. It may also rely on third party cookies for cross site attribution and processes click identifiers such as fbclid and gclid. Cookie lifetimes range from session only to several months, depending on the purpose.
Yes. Northbeam reads and writes identifiers on the user terminal and processes personal data for marketing attribution, which requires prior, informed and granular consent under the ePrivacy Directive and the GDPR. The script and any server side events must be blocked until the user opts in via a Consent Management Platform.
The legal basis is the explicit consent of the data subject under Article 6(1)(a) of the GDPR. Legitimate interest is not appropriate because Northbeam performs cross site behavioural tracking and combines several data sources, which the EDPB has consistently considered to require consent.
Yes. Northbeam stores and processes data in the United States. Transfers must be covered by Standard Contractual Clauses and, where applicable, by the EU US Data Privacy Framework. A transfer impact assessment should be performed and documented.
A DPIA is strongly recommended because Northbeam performs systematic monitoring of online behaviour, combines pixel and server side data, processes IP addresses and click identifiers, and transfers data to a third country. Many supervisory authorities consider this combination to be high risk.
Block the Northbeam script and server side events until consent is collected, use a Consent Management Platform that supports IAB TCF or Google Consent Mode, pass the consent signal to the server side endpoint, hash or remove direct identifiers where possible and keep an up to date record of processing activities.
EU based attribution and analytics tools such as Piwik PRO, Matomo, AT Internet (Piano Analytics) or server side first party stacks may reduce transfer risk. Whichever solution you choose, the obligation to obtain consent for non strictly necessary tracking still applies.
List Northbeam as a third party marketing attribution processor, describe the categories of data collected (IP, click IDs, conversion events), specify cookie names and durations, mention storage in the United States and the safeguards in place, and provide a clear opt out path through your CMP.