Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Web and mobile analytics platform that captures pageviews, events and visitor identifiers through a JavaScript SDK with first-party cookies.
Stack Analytix is a web and mobile analytics platform that captures pageviews, custom events and visitor identifiers through a JavaScript SDK embedded on a website or mobile application. The product has historically been part of the Stackla ecosystem and continues to operate as a user behaviour analytics tool used by marketing and product teams.
The SDK reads and writes first-party cookies on the publisher domain to persist a visitor identifier and a session identifier. It transmits event payloads (URL, referrer, viewport, user agent, IP address, custom events) to Stack Analytix backend servers hosted in the United States.
Because Stack Analytix sets non essential cookies and processes personal data (including IP address and persistent identifiers), prior consent is required under Article 5(3) of the ePrivacy Directive and Article 6(1)(a) of the GDPR. Data transfers to the United States require appropriate safeguards such as the EU US Data Privacy Framework certification or Standard Contractual Clauses.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Main risks include unconsented tracking, international data transfers, and lack of granular data subject rights. Mitigations include blocking the script until consent is granted, anonymising IP addresses, limiting custom event payloads to non sensitive information, and configuring a short cookie lifetime.
Load the Stack Analytix tag through a consent management platform, in the analytics category, only after the user has accepted the analytics purpose. Document the purposes and retention in your records of processing, and update your cookie policy with the cookie names, durations and third country information.
Websites using Stack Analytix must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Stack Analytix is combined with other identifiers or used at large scale, due to persistent tracking and US data transfers. Document the purposes, retention, recipients and transfer safeguards, and assess risks for data subjects (profiling, re identification).
Sample consent text
We use Stack Analytix to measure how visitors use our website. This service sets cookies and transfers data to the United States. You can accept or refuse these cookies at any time from our consent banner.
Third-party domains contacted
stackanalytix.comcdn.stackanalytix.comapi.stackanalytix.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| sa_uid | analytics | 1 year | Persistent visitor identifier used by Stack Analytix to recognise returning users across sessions. |
| sa_sid | analytics | 30 minutes | Session identifier used by Stack Analytix to group events within the same browsing session. |
| sa_ref | analytics | 90 days | Stores the referrer information for attribution in Stack Analytix reports. |
| sa_ses | analytics | Session | Short lived cookie indicating that a session is currently active. |
Stack Analytix collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Stack Analytix sets first party cookies on the publisher domain to store a persistent visitor identifier and a session identifier, typically named with a Stack Analytix specific prefix. These cookies enable cross visit and cross page deduplication of users and events. They are not strictly necessary for the website to function and therefore require consent.
Yes. Because Stack Analytix stores non essential information in the user terminal and processes personal data, prior, free, specific, informed and unambiguous consent is required under the ePrivacy Directive and the GDPR. The script must be blocked until the user accepts the analytics purpose.
The legal basis is the data subject consent under Article 6(1)(a) of the GDPR, combined with Article 5(3) of the ePrivacy Directive for the storage and reading of information in the user terminal. Legitimate interests cannot generally be used because of the non essential nature of the cookies.
Yes, Stack Analytix operates servers in the United States, so personal data of EU visitors is transferred outside the EEA. Such transfers must rely on the EU US Data Privacy Framework if the vendor is certified, or on Standard Contractual Clauses with supplementary measures.
A DPIA is not automatically mandatory, but it is recommended when Stack Analytix is combined with other identifiers, used to profile users, or deployed at large scale. The DPIA should document the data flows, retention, transfer mechanisms and risks for data subjects.
Load the Stack Analytix script through a consent management platform in the analytics category, with the tag blocked until consent is granted. Configure IP anonymisation where possible, limit custom event payloads to non sensitive data, set short cookie durations, and document the processing in your records.
Yes. Privacy oriented alternatives include Matomo with EU hosting and IP anonymisation, Plausible, Fathom and Piwik PRO. These tools typically offer reduced data collection, EU hosting and configurations that may exempt them from consent under certain national guidance.
Add a dedicated entry for Stack Analytix in your cookie policy that lists the cookie names, types, durations and purposes. Indicate that the publisher is the controller, that data is processed by Stack Analytix as a processor, and that data is transferred to the United States with the relevant transfer mechanism.