Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Marketing attribution and revenue analytics SaaS that tracks visitor journeys and funnel events across CRMs such as Infusionsoft and HubSpot.
SegMetrics is a marketing attribution and revenue analytics SaaS used to connect website visits, advertising touchpoints and CRM data into a unified customer journey. It is widely used with Infusionsoft (Keap), HubSpot, ActiveCampaign, Ontraport, Drip and other marketing automation systems.
A JavaScript tracking snippet sets first party and third party cookies to identify visitors, attaches UTM parameters and posts pageview and funnel events to SegMetrics servers. The platform then matches these visitor identifiers to CRM contacts via server side integrations, producing attribution and revenue reports.
SegMetrics performs cross system identification of identified or identifiable customers, which qualifies as marketing tracking. Prior consent is required under the ePrivacy Directive Art. 5(3) and GDPR Art. 6(1)(a), and transfers to the United States must be covered by appropriate safeguards.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Because SegMetrics combines pseudonymous web identifiers with CRM personal data (email, name, purchase history), it creates a detailed marketing profile. Mitigations include strict consent gating, signing a data processing agreement with SegMetrics, limiting the contact fields shared via CRM integrations, and applying retention policies.
Load the SegMetrics tag through a consent management platform, in the marketing category, and pause CRM webhook ingestion for unconsented contacts where feasible. Maintain a record of processing, ensure your CRM integration is configured under the same legal basis, and update the cookie policy and privacy notice accordingly.
Websites using SegMetrics must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended given the systematic cross system profiling, identification of customers and US data transfers. Document the data flows from the website tag and from each CRM integration, retention, transfer safeguards, and risks of re identification and profiling.
Sample consent text
We use SegMetrics to understand which marketing actions lead to sales. This service sets cookies, combines them with our CRM data and transfers information to the United States. You can accept or refuse from our consent banner.
Third-party domains contacted
segmetrics.comapp.segmetrics.comcdn.segmetrics.comtracking.segmetrics.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| sm_uid | marketing | 2 years | Persistent visitor identifier used by SegMetrics to recognise returning visitors and match them with CRM contacts. |
| sm_sid | marketing | 30 minutes | Session identifier used by SegMetrics to group page and funnel events within a single visit. |
| sm_first | marketing | 2 years | Stores the UTM parameters and referrer of the first visit for attribution. |
| sm_last | marketing | 90 days | Stores the UTM parameters and referrer of the most recent visit for attribution. |
| sm_visitor | marketing | 2 years | Third party identifier on segmetrics.com used for cross site identification when integrated with multiple properties. |
SegMetrics collects user analytics data — you legally need a consent banner. Try FlowConsent free.
SegMetrics sets first party cookies on the publisher domain (typically with sm_ prefix) to store a visitor identifier and the UTM and referrer of the first and last visit. It may also set third party cookies on segmetrics.com to enable cross site identification when integrated with multiple properties. These cookies are not strictly necessary and require consent.
Yes. SegMetrics performs marketing attribution that combines pseudonymous identifiers with CRM personal data, so prior, specific and informed consent is required under Article 5(3) of the ePrivacy Directive and the GDPR. The script and CRM ingestion of unconsented contacts should be blocked until consent is granted.
The legal basis is the data subject consent under Article 6(1)(a) of the GDPR, in combination with Article 5(3) of the ePrivacy Directive for the storage and reading of cookies. The same consent must cover the CRM integration when CRM data is enriched in SegMetrics.
Yes. SegMetrics is a US company and processes data on US infrastructure, so transfers from the EU to the US occur. They must rely on the EU US Data Privacy Framework where applicable, or on Standard Contractual Clauses with documented supplementary measures.
A DPIA is strongly recommended because SegMetrics enables systematic profiling of identified individuals, combines several data sources and involves transfers to a third country. The DPIA should describe each integrated CRM, the data shared, retention and risk mitigation measures.
Load the SegMetrics tag only after marketing consent through a CMP, sign a data processing agreement, and limit the contact fields shared via the CRM integration to what is necessary. Configure cookie durations sensibly, apply retention policies and document data flows in your records of processing.
Alternatives include server side attribution with EU hosted tools such as Matomo or Piwik PRO, native CRM reporting, or EU based attribution platforms. Choosing tools with EU hosting and minimal personal data sharing helps reduce risks tied to third country transfers.
List SegMetrics in your cookie policy under marketing or attribution, with cookie names, durations and purposes. Explain that data is combined with CRM information and transferred to the United States, mention the transfer mechanism (DPF or SCCs) and provide a link to SegMetrics privacy notice.