Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Peraichi is a Japanese no-code landing page builder used by SMEs to publish single-page marketing sites quickly. Pages are hosted on Peraichi infrastructure in Japan, with built-in form modules, basic analytics, and the ability to embed external trackers (Google Analytics, Facebook Pixel, LINE Tag). For European users, the platform processes lead form data and visitor analytics under the EU-Japan adequacy decision, but the embedded third-party tags often raise the typical ePrivacy consent and US-transfer issues.
Peraichi is a Japanese no-code landing page builder very popular with SMBs and freelancers in Japan. Users design and publish single-page websites entirely in the browser, with hosting and DNS provided by Peraichi Inc. Pages can include forms, payment buttons, image galleries and embedded videos, and they can integrate analytics and ad tags from third parties such as Google Analytics, Facebook, and LINE.
Peraichi sets at minimum a session cookie (peraichi_session) and an analytics cookie (peraichi_ga). When publishing a page, the user can paste arbitrary script snippets that load additional cookies. Form submissions are stored against the page identifier in Peraichi''s Japanese infrastructure. Visitor data captured includes IP, User-Agent, page URL, referrer and event timestamps.
Peraichi''s session cookie is strictly necessary. Its analytics cookie and any embedded third-party trackers require prior consent under Art. 5(3) ePrivacy. The page author is the data controller for form submissions; Peraichi acts as a processor. For European users, ensure a clear privacy notice is linked from the landing page, and that any embedded marketing tags are blocked by a CMP until consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Transfers from the EU to Peraichi servers in Japan benefit from the EU-Japan adequacy decision (2019/419), provided Peraichi falls under the Supplementary Rules adopted by the PPC. This removes the need for SCCs for the Peraichi processing. However, embedded GA4, Meta Pixel and LINE Tag run separate transfers (typically to the US), which still require SCCs or DPF coverage and consent.
Peraichi does not include a CMP by default. For a European-facing page, embed a lightweight consent banner (Cookiebot, Axeptio, custom JavaScript) and block embedded tags until consent. Use Google Consent Mode v2 for GA4. Provide a clear privacy notice covering Peraichi, the Japan transfer, and each embedded third-party.
1. Confirm with Peraichi that they fall under the EU-Japan adequacy scope. 2. Add a CMP banner to the landing page. 3. Block all embedded tags (GA4, Meta Pixel) until consent. 4. Minimise form fields to those strictly necessary. 5. Link a privacy notice that mentions Peraichi (Japan) and any third parties. 6. Document the transfer in your Record of Processing Activities. 7. Define a retention period for form submissions and configure Peraichi accordingly.
Websites using Peraichi must obtain user consent under GDPR regulations.
DPIA considerations
Peraichi typically processes form submission data (name, email, phone, free text), analytics events, and basic visitor data (IP, User-Agent). Key DPIA considerations: (1) Japan adequacy decision simplifies the transfer but does not eliminate documentation obligations; (2) embedded third-party tracking (GA4, Facebook Pixel) can introduce US transfers and direct controller relationships separate from Peraichi; (3) Peraichi-hosted forms may collect more data than strictly necessary, raising data minimisation questions; (4) limited transparency about retention periods on the free plan; (5) potential cross-publication of landing page templates that could expose author data. A streamlined DPIA is recommended whenever the landing page collects more than a basic email address.
Sample consent text
This landing page is hosted on Peraichi (Japan) and uses cookies for basic analytics. By submitting the form you agree to the processing of your data by <COMPANY> to respond to your enquiry. Your data is stored on Peraichi servers in Japan, which the European Commission has recognised as offering an adequate level of data protection.
Third-party domains contacted
peraichi.comperaichi.comperaichi.com.cdn.cloudflare.netstatic.peraichi.comapi.peraichi.comstatic.peraichi.comapi.peraichi.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| peraichi_session | first_party | Session | Server side session identifier set by Peraichi to bind the visitor to a server session, used when interacting with forms. |
| peraichi_session | Strictly necessary | Session | Session identifier required for editor authentication and to deliver the published page; cannot be disabled. |
| XSRF-TOKEN | first_party | Session | CSRF protection token required to safely submit forms on a Peraichi page. |
| peraichi_ga | Analytics | 1 year | Internal Peraichi analytics cookie used to count visits and basic page performance. |
| peraichi_visit | first_party | 30 days | Used by the Peraichi built in visit counter to deduplicate visits over short windows. |
| _peraichi_csrf | Strictly necessary | Session | CSRF protection token used on form submissions to prevent cross-site request forgery. |
Peraichi collects user analytics data — you legally need a consent banner. Try FlowConsent free.
A Peraichi page sets a session cookie and a CSRF token cookie when the visitor interacts with a form. Additional cookies appear if the page owner enables Google Analytics, ad pixels or other marketing tags, in which case the cookies of these tags also become part of the page.
Peraichi sets peraichi_session (session, strictly necessary) and peraichi_ga (basic analytics, requires consent). Any embedded third-party tag (GA4, Meta Pixel, LINE Tag) sets its own cookies separately and requires its own consent and disclosure.
Consent is not required for the strictly necessary session and CSRF cookies. Consent is required for the optional analytics or marketing tags that the page owner adds, and the operator must inform visitors about the form data processing and the transfer of data to Japan.
You do not need consent for the strictly necessary session cookie. The built-in analytics cookie and any embedded third-party trackers require prior consent under Art. 5(3) ePrivacy. Block third-party tags behind a CMP until the visitor accepts.
Hosting and basic visit counting rely on legitimate interest under Article 6(1)(f) GDPR. Form data processing relies on the lawful basis chosen by the operator (consent, contract or legal obligation). Analytics and marketing tags rely on consent under Article 6(1)(a) GDPR.
If the form supports a service the visitor explicitly requested (e.g. a contact form, demo request, newsletter signup), the basis is contract or pre-contract performance. For marketing communications you need separate, granular consent. Peraichi acts as your data processor for submitted form data.
Yes, to Japan. The transfer is covered by the EU Japan adequacy decision (Implementing Decision (EU) 2019/419), so Standard Contractual Clauses are not required. The privacy notice must still disclose the transfer, name Peraichi Inc. as the recipient and cite the adequacy decision as the transfer mechanism.
Yes, to Japan. The transfer is covered by the EU-Japan adequacy decision of 23 January 2019, provided Peraichi falls within scope. Embedded third-party tags may add separate US transfers (Google, Meta) requiring SCCs or EU-US DPF coverage.
Not generally for a simple landing page. A DPIA becomes relevant when the page collects sensitive form data, runs paid acquisition with extensive remarketing or hosts high traffic campaigns targeting EU audiences.
A streamlined DPIA is recommended whenever the page collects more than a basic email address, especially for lead-generation campaigns, marketing automation, or pages targeting children. Standard contact forms with minimal data often do not require a full DPIA.
Sign the Peraichi DPA, mention Peraichi Inc. as a processor in the privacy notice and cite the adequacy decision. Limit form fields to what is strictly necessary, gate any analytics or marketing tag behind a CMP, configure retention to delete form data within a defined period and provide a clear way to exercise data subject rights.
Add a CMP banner, block embedded tags before consent, minimise form fields, link a clear privacy notice covering Peraichi (Japan) and third parties, configure retention for form submissions, and document the processing in your Record of Processing Activities.
EU-based alternatives include Webflow (with EU hosting), Carrd (UK, simple LPs), Strikingly (EU options), Tilda (Latvia and EU regions), and Unbounce (US but enterprise EU options). For maximum simplicity and EU hosting, Tilda is a frequent choice; for advanced analytics integration without leaving EU, self-hosted on a French or German provider.
For hosted landing page builders, alternatives include Carrd, Unbounce, Instapage, Leadpages, Webflow and the free Google Sites. EU based alternatives include Tilda Publishing (Latvia) and Strikingly (US). For EU only data residency, self hosting on a static site generator is the simplest path.
List the strictly necessary cookies (session, CSRF) with names and durations. Add a clear note about Peraichi Inc. as a processor in Japan and the EU adequacy decision. If you enable analytics or marketing tags on top of the page, list those cookies separately with their own purpose, retention and recipient.
List peraichi_session, peraichi_ga, and any embedded third-party cookies with purpose, duration and category. In the linked privacy notice, identify Peraichi Inc. as a data processor, mention the Japan transfer with the EU adequacy decision, list each embedded third party, and describe data subject rights and retention.