Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
SALESmanago is a Polish customer data and marketing automation platform from Benhauer sp. z o.o., used by over 3 000 mid market brands in Europe for email, SMS, push, web personalisation, predictive scoring and 1:1 customer experiences. Its tracking tag (smsmtag.js) sets multiple cookies, builds visitor profiles based on browsing behaviour and is one of the most cookie heavy marketing automation tools in the EU. Hosted entirely in the EU, making it a GDPR friendly alternative to US based platforms.
SALESmanago is a Customer Data Platform and marketing automation suite from Benhauer (Poland), pitched at mid market e-commerce, retail and B2C brands. The product covers email marketing, SMS, web push, on-site personalisation, mobile messaging, segmentation, predictive scoring and a built in CDP. Publishers deploy SALESmanago by adding the smsmtag.js script to their pages, after which the platform automatically begins tracking page views, form submissions, scroll depth, search queries and product interactions.
SALESmanago sets multiple cookies including smclient (persistent contact identifier, often 10 years), smvr (visitor record), smuuid and __smRevisit, plus various session and consent cookies. It collects IP address, user agent, full URL of every page viewed, scroll behaviour, time on page, form fill data (even before submit, depending on configuration), product views, cart additions, search terms, hashed email when matched and integration data from CRM, e-commerce and ad platforms.
SALESmanago tracking falls squarely under Article 5(3) of the ePrivacy Directive (cookies, terminal device access) and Article 6 of the GDPR (profiling, marketing communications). Consent is required before any SALESmanago cookies are written, and separate consents are needed for email, SMS and push channels. Polish data protection authority UODO and the EDPB have flagged extensive behavioural profiling as a high risk activity requiring a DPIA and strict purpose limitation. The platform also exposes hashed email matching for cross device tracking, which deserves explicit disclosure.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Treat SALESmanago as a Marketing or Analytics & Marketing category in your consent management platform and block the smsmtag.js script until the visitor opts in. Use granular consents per channel (web personalisation, email, SMS, push) so users can refuse one channel without losing others. Document the categories of data collected, the retention period and the recipients (your team, SALESmanago, integrated ad platforms). SALESmanago provides built in consent management features, but they only manage opt outs; cookie consent must be handled by your CMP.
One of SALESmanago''s main selling points is EU only hosting (AWS Frankfurt, OVHcloud). Personal data does not leave the EU by default. However, optional integrations to US providers (Twilio for SMS, Mailgun, Facebook CAPI, Google Ads) create transfer chains that should be documented in your record of processing activities. Sub-processor changes are notified by Benhauer; subscribe to their updates and propagate changes to your privacy notice.
Sign the SALESmanago DPA with Benhauer, block smsmtag.js until consent, configure granular consent per channel, run a DPIA before launch (mandatory at scale), reduce cookie lifetimes where the platform allows it, redact sensitive form fields from auto tracking, disable cross device hashed email matching unless you have a documented basis, list all sub-processors in your privacy notice, and configure data retention to align with your purpose limitation.
Websites using SALESmanago must obtain user consent under GDPR regulations.
DPIA considerations
SALESmanago builds extensive behavioural profiles by tracking page views, scroll depth, form interactions, email engagement, SMS responses, purchase history and predictive scores (engagement score, churn probability, lifetime value). Key DPIA considerations: (1) the platform aggregates data from multiple channels into a single customer profile, which is high risk under Art. 35 GDPR; (2) predictive scoring and AI based audience selection may amount to automated decision making under Art. 22 GDPR when used to deny offers or services; (3) cross device tracking through hashed email identifiers raises additional profiling concerns; (4) integration with paid media platforms (Facebook CAPI, Google Ads) creates onward transfer chains; (5) email and SMS communications require separate consents under the ePrivacy Directive. A DPIA is mandatory for any large scale deployment.
Sample consent text
We use SALESmanago to deliver personalised content and marketing communications. When you load this page, SALESmanago places multiple cookies on your device, tracks your browsing behaviour and builds a customer profile to send you relevant offers via email and SMS. You can withdraw your consent at any time via our cookie settings.
Third-party domains contacted
salesmanago.comsalesmanago.plapp2.salesmanago.comapp3.salesmanago.comweb1.salesmanago.comsm.app.salesmanago.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| smclient | Marketing | 10 years | Persistent contact identifier used by SALESmanago to link visits to a single customer profile across sessions and devices. Core identifier driving the customer data platform. |
| smvr | Marketing | 1 year | Visitor record storing the visit history (URLs, timestamps, scroll depth, form interactions) for behavioural profiling. |
| smuuid | Marketing | 10 years | Unique anonymous visitor identifier set on first contact, used to track new (uncontacted) visitors until they identify themselves. |
| __smRevisit | Marketing | 1 year | Stores the timestamp of the last visit so SALESmanago can compute recency, frequency and trigger time based automations. |
| smtoken | Functional | Session | Session token used during AJAX exchanges between the visitor browser and the SALESmanago tracker. |
SALESmanago collects user analytics data — you legally need a consent banner. Try FlowConsent free.
SALESmanago writes multiple cookies including smclient (persistent contact identifier, up to 10 years), smvr (visitor record), smuuid (unique visitor identifier), __smRevisit (revisit timestamp) and various session and consent cookies. These cookies are used to build a longitudinal behavioural profile of each visitor across sessions and devices.
Yes, unequivocally. The smsmtag.js script writes non strictly necessary cookies and starts behavioural tracking immediately on page load, which makes it a clear case of Article 5(3) ePrivacy and Article 6 GDPR consent. You also need separate consents for the email, SMS and push channels operated through SALESmanago.
Consent (Art. 6(1)(a) GDPR) is the standard basis for tracking, profiling and marketing communications. For purely transactional CRM functions (order confirmations, post purchase support), legitimate interest (Art. 6(1)(f)) or contract performance (Art. 6(1)(b)) may apply, but these must be clearly separated from marketing flows.
By default, no. SALESmanago is hosted entirely in the EU (AWS Frankfurt, OVHcloud). However, optional integrations with Twilio (SMS), Mailgun (email), Facebook Conversions API and Google Ads can route data to the US under SCCs and the EU, US Data Privacy Framework. Review and document each integration before activation.
Yes, in almost all cases. SALESmanago combines large scale behavioural profiling, multi channel marketing, predictive scoring and integration with paid media platforms, which triggers Art. 35 GDPR (DPIA mandatory). The Polish UODO and EDPB guidelines explicitly list this type of processing as high risk.
Block smsmtag.js until consent in your CMP, use granular consents per channel, sign the Benhauer DPA, run a DPIA, document all sub-processors, limit form auto tracking to non sensitive fields, set short retention where possible, disable cross device email hashing without an explicit basis, and provide a clear unsubscribe and data access experience.
EU based alternatives include Brevo (France), Klaviyo (with EU residency option), ActiveCampaign (with EU hosting), Mautic (open source, self hosted) and Splio (France). For lighter use cases, Sendinblue or Customer.io with EU residency are common choices. Self hosted Mautic is the strongest option when you cannot accept any third party processor.
List SALESmanago by name and identify Benhauer sp. z o.o. as the processor. List the cookies (smclient, smvr, smuuid, __smRevisit and others), the data collected (IP, behaviour, form data, email, hashed identifiers, integration data), the retention period (10 years for smclient unless reduced), the hosting region (EU only), the sub-processors and a link to the SALESmanago privacy notice.