Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Tealium AudienceStream is the customer data platform and identity resolution engine that complements the Tealium iQ tag manager. It collects events from web, mobile and offline sources, resolves identities across devices, builds enriched visitor profiles in real time, and distributes audiences to more than 1300 marketing, advertising and analytics destinations through Tealium Connectors. On a European website, AudienceStream sets a first party visitor identifier (utag_main), streams events to Tealium EU or US clusters, and requires a robust consent strategy because it sits at the centre of marketing personalisation.
Tealium AudienceStream is the customer data platform (CDP) tier of the Tealium suite. It plugs into Tealium iQ Tag Management (the universal tag JavaScript utag.js), collects web, mobile, server side and offline events through Tealium EventStream, resolves identities across sessions and devices, builds visitor profiles in real time and triggers actions through Connectors (over 1300 ready made destinations) to marketing, advertising, analytics, customer support and warehouse tools. On the website, AudienceStream appears as utag.js plus optional payload extensions.
The default Tealium iQ snippet sets the first party utag_main cookie (1 year), which encodes a visitor identifier, session start, last activity, time on site and a few other operational values. AudienceStream stores the corresponding profile on the Tealium backend, keyed by that visitor identifier and any other identifier the operator configures (hashed email, customer ID, IDFA, GAID). The event payload typically includes page URL, referrer, IP, User-Agent, viewport, scroll depth, custom variables and any e-commerce data sent through utag.data.
AudienceStream is a profiling tool. Article 5(3) ePrivacy requires prior consent for the utag_main cookie. Article 6 GDPR requires consent for the profiling itself. Tealium provides the Consent Manager module, which integrates with IAB TCF 2.x and any custom Consent Management Platform, blocking the utag.js execution until the user has granted the relevant consent categories. Joint controllership may arise with the downstream destinations that receive audiences from AudienceStream.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Tealium Inc. is certified under the EU-US Data Privacy Framework. EU customers can pin their AudienceStream account to the Frankfurt or Dublin cluster, which contractually keeps the visitor profiles in the EU. Tealium Inc. remains subject to US extraterritorial laws because the parent company is American. Standard Contractual Clauses are signed for any sub-processor outside the framework.
Consent (Article 6(1)(a) GDPR) is the principal basis for the AudienceStream profile, the marketing destinations and the cross device identity stitching. Legitimate interest (Article 6(1)(f)) is acceptable only for narrowly defined operational uses such as performance monitoring or fraud detection. The granularity of the consent must match the granularity of the Tealium consent categories, so that each AudienceStream destination respects the visitor choice.
Sign the Tealium DPA, pin the account to Frankfurt or Dublin, enable the Tealium Consent Manager and connect it to your Consent Management Platform, map each destination to a consent category, hash identifiers before they enter AudienceStream, configure retention policies, document the joint controller relationships with downstream destinations and list Tealium in the privacy notice with a clear explanation of the profile and the segments it creates.
Websites using Tealium AudienceStream must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is required when AudienceStream profiles visitors, resolves identities across devices, ingests offline data such as CRM or POS, or distributes audiences to advertising destinations. The DPIA must cover the regional cloud choice, the identity stitching logic, the retention of profiles, sub-processors (typically AWS), the EU-US transfer mechanism and the integration with the Consent Management Platform via the Tealium Consent Manager.
Sample consent text
Our website uses Tealium AudienceStream to build a unified profile of your interactions across our pages. AudienceStream sets a first party identifier (utag_main) and streams event data to Tealium servers in the European Union. Some integrations may transfer pseudonymous identifiers to third party marketing destinations under your consent. By clicking Accept, you authorise this personalisation. You can also Reject and only strictly necessary measurement will run.
Third-party domains contacted
tealiumiq.comtiqcdn.comtealium.comcollect.tealiumiq.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| utag_main | HTTP cookie | 1 year | First party Tealium visitor identifier encoding session start, last activity and pseudonymous ID used to build the AudienceStream profile. |
| utag_idc | HTTP cookie | 1 year | Identity sync cookie used by Tealium Identity Service to coordinate cross device profile resolution. |
| CONSENTMGR | HTTP cookie | 1 year | Tealium Consent Manager record of the categories accepted or refused by the visitor. |
Tealium AudienceStream collects user analytics data — you legally need a consent banner. Try FlowConsent free.
The Tealium iQ tag manager that powers AudienceStream sets utag_main (1 year, visitor identifier), utag_idc (1 year, cross device identity sync) and CONSENTMGR (1 year, Consent Manager state). Other cookies are added by the downstream destinations Tealium triggers (Google Analytics, Meta Pixel, etc.).
Yes. AudienceStream is a profiling and identity resolution tool. Prior opt-in consent is required for utag_main and for each downstream marketing destination. Tealium Consent Manager helps enforce this consent flow.
Consent (Article 6(1)(a) GDPR) for profiling and marketing destinations. Legitimate interest (Article 6(1)(f)) only for narrowly defined operational uses such as performance monitoring or fraud detection.
By default, EU customers can pin the account to the Frankfurt or Dublin cluster, keeping profiles in the EU. Tealium Inc. is a US company certified under the EU-US Data Privacy Framework, and US extraterritorial laws still apply.
Yes. AudienceStream is a CDP that profiles visitors, links sessions across devices and orchestrates many destinations. A DPIA is required to document the risks and safeguards.
Sign the Tealium DPA, pin to an EU cluster, enable Tealium Consent Manager and connect it to your CMP, hash identifiers, document the destinations and retention, and integrate with the CMP for fine grained consent control.
Other major CDPs include Segment (Twilio), Adobe Real-Time CDP, Salesforce Data Cloud, Bloomreach Engagement and mParticle. EU based alternatives include Commanders Act, Piwik PRO Audience Manager, Mapp Customer Engagement and Tealium itself when pinned to the EU cluster.
List Tealium Inc. as a processor for the CDP, name the EU cluster, list the cookies (utag_main, utag_idc, CONSENTMGR), describe the profiling and link to the Tealium privacy notice and DPA.