Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Siteimprove is a Danish SaaS platform that combines web accessibility testing, SEO auditing, content quality control, brand consistency, and privacy-friendly web analytics. Founded in Copenhagen in 2003, it is widely adopted across European public sector and large enterprise customers who need WCAG and EN 301 549 compliance reporting alongside basic visitor analytics. The Siteimprove Analytics module is privacy-friendly by design and offers a cookieless mode.
Siteimprove is a Danish SaaS platform founded in 2003 in Copenhagen. It combines web accessibility testing (WCAG 2.1, EN 301 549, ARRM), SEO auditing, content quality control, brand consistency monitoring, data privacy compliance, and privacy-friendly web analytics. Siteimprove is particularly strong in European public sector and large enterprise markets, where accessibility and quality compliance are mandatory. The platform crawls customer websites on a regular schedule and tracks visitor analytics via an optional JavaScript snippet.
Crawl side: HTML, accessibility issues, dead links, spelling errors, and content metrics. Personal data is limited but can include any personal data published on the website pages. Analytics side: page views, sessions, referrer, device class, browser, country derived from truncated IP, and click events. When the cookieless mode is enabled, Siteimprove relies on aggregated session signals rather than persistent visitor identifiers, reducing the per-visitor traceability.
The crawl module does not interact with the visitor browser and can rely on legitimate interest as a controller-internal QA tool. The analytics module sets cookies and processes IP addresses, and therefore requires either consent (default mode) or qualifies for the consent exemption when run in cookieless mode with sufficient anonymisation (subject to the position of national supervisory authorities). The Danish DPA and the French CNIL have both signalled that strictly anonymous analytics can be exempted from consent, and Siteimprove markets the cookieless mode for that purpose.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
For European customers, Siteimprove keeps the data inside the EU/EEA. North American customers are served from US data centres. Where a subprocessor is located outside the EEA, Siteimprove signs Standard Contractual Clauses. The processor chain is published and reasonably short, which simplifies the Transfer Impact Assessment for EU customers.
Sign the Siteimprove DPA at contract time, confirm EU hosting for European customers, enable the cookieless analytics mode where possible, truncate IP addresses, gate the cookied mode behind your CMP, include Siteimprove in your accessibility statement (WCAG/EN 301 549 audit cadence), and document the platform in your RoPA as a processor for both the crawl and the analytics activities.
Websites using Siteimprove must obtain user consent under GDPR regulations.
DPIA considerations
Siteimprove processes two main data streams: (1) crawl results for accessibility, SEO, and content quality, which include the page content itself but limited personal data, and (2) Siteimprove Analytics, which tracks visitor sessions on customer websites. Key DPIA considerations: (a) Siteimprove Analytics by default uses cookies and tracks IP addresses, although a cookieless mode is available; (b) IP address truncation is configurable; (c) data is hosted in the EU for European customers; (d) the platform is widely used in public sector (Denmark, Sweden, Germany, France), which raises additional sectoral requirements; (e) integration with single sign-on and CMS systems brings administrator personal data into Siteimprove scope.
Sample consent text
We use Siteimprove, a Danish privacy-friendly analytics and accessibility platform, to measure website usage and to monitor accessibility compliance with WCAG 2.1 and EN 301 549. The analytics module may set cookies to count visits and aggregate behaviour; we have configured it in cookieless mode (or with truncated IP addresses) wherever possible. Data is hosted in the European Union. You can decline non-essential cookies via the cookie banner.
Third-party domains contacted
siteimprove.comwww.siteimprove.commy.siteimprove.comsiteimproveanalytics.comsiteimproveanalytics.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| nmstat | Analytics | 1000 days | Unique visitor identifier used by Siteimprove Analytics to count returning visitors and aggregate behaviour. Set only in cookied mode. |
| AWSALB | Strictly necessary / Load balancer | 7 days | AWS Application Load Balancer cookie used to keep the same visitor pinned to the same Siteimprove backend instance for the duration of a session. |
| AWSALBCORS | Strictly necessary / Load balancer | 7 days | Cross-origin variant of the AWS Application Load Balancer cookie, used for the same session affinity purpose in CORS contexts. |
| (no persistent cookie in cookieless mode) | N/A | N/A | When Siteimprove Analytics is configured in cookieless mode, no persistent cookie is stored on the visitor device. Aggregated session signals replace persistent identifiers. |
Siteimprove collects user analytics data — you legally need a consent banner. Try FlowConsent free.
In default cookied mode, the tracker sets nmstat (visitor identifier, 1000 days), AWSALB/AWSALBCORS (load balancer routing), and optional first-party preference cookies. In cookieless mode, no persistent cookies are stored on the visitor device.
The cookied mode requires consent. The cookieless mode can typically run without consent when IP truncation and absence of persistent identifiers are properly configured, in line with the position of the CNIL and Datatilsynet on strictly anonymous analytics.
Crawling and accessibility analysis rely on legitimate interest as an internal QA activity. Analytics relies on consent in cookied mode, or on the absence of any storage in cookieless mode. Customer staff data inside the Siteimprove dashboard is processed under contract performance.
For European customers, Siteimprove hosts data in the EU. North American customers are served from US data centres. Where a subprocessor is outside the EEA, Standard Contractual Clauses are signed.
For analytics with cookies on a large public-sector site, document at least a short DPIA covering the legal basis, the IP truncation, the retention, and the comparison with cookieless mode. For accessibility and SEO crawling alone, a basic Records of Processing Activities entry is usually sufficient.
Sign the DPA, enable EU hosting, switch the analytics module to cookieless mode where the use case allows, truncate IPs, gate the cookied mode behind a CMP, and publish an accessibility statement referencing the Siteimprove audit results.
For accessibility: axe DevTools, Deque, Tenon, Pope Tech. For SEO: Screaming Frog, Sitebulb, Lumar (Deepcrawl). For privacy-friendly analytics: Matomo, Plausible, Fathom, etracker, Piwik PRO.
Add a section for Siteimprove Analytics listing nmstat (purpose, duration), the load balancer cookies, and the operating mode (cookied or cookieless). Specify the controller (Siteimprove A/S, Denmark), the EU hosting and the CMP toggle to opt in or out of the cookied mode.