Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Yoast SEO is the most popular WordPress SEO plugin, published by the Dutch company Yoast BV (now part of Newfold Digital). It runs entirely server side on the WordPress backend and does not set any tracking cookie on visitor browsers. Yoast SEO improves on page SEO, structured data and XML sitemaps without privacy impact for site visitors.
Yoast SEO is the most installed SEO plugin for WordPress, developed by Yoast BV from Wijchen in the Netherlands and now part of Newfold Digital. It powers on page SEO meta tags, structured data, XML sitemaps, readability scoring and content analysis for millions of European WordPress sites. The plugin runs server side on the publisher infrastructure with no visitor tracking layer.
Yoast SEO does not set any cookie on visitor browsers. It only adds meta tags, structured data and XML sitemaps to the page output. The plugin admin interface may store editor preferences in WordPress user meta, but no tracking cookie is delivered to visitors. The optional usage telemetry feature is opt in only and disabled by default.
Yoast SEO does not process personal data of visitors. It relies on legitimate interest under Article 6(1)(f) GDPR for the content analysis and site audit features which operate only on the publisher backend. Yoast BV processes only the WordPress administrator email and licence information through the MyYoast portal, under Article 6(1)(b) GDPR contract.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
No visitor consent is required because Yoast SEO does not access the visitor terminal. ePrivacy does not apply to server side meta tag generation and sitemap building. If you activate the optional AI suggestions in Yoast SEO Premium, the publisher consents to share article content and keywords with OpenAI at the admin level; visitor consent remains irrelevant.
No visitor data is transferred outside the EEA by Yoast SEO. Yoast BV is established in Wijchen, the Netherlands. Licence checks and the MyYoast portal are hosted on EU infrastructure. The optional AI suggestions feature in Yoast SEO Premium does transfer content and keywords to OpenAI in the United States; in that case the EU US Data Privacy Framework adequacy decision for OpenAI applies plus Standard Contractual Clauses in the OpenAI DPA.
Keep Yoast SEO up to date, leave the optional usage telemetry feature opted out (default), use the AI suggestions premium feature only when needed (and disclose the OpenAI processing in your privacy notice), and continue to deploy a consent management platform for the other plugins on your WordPress site that do require visitor consent.
Websites using Yoast SEO must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is not required for Yoast SEO. The plugin does not process personal data of website visitors and runs entirely on the publisher backend. A short risk note is enough when activating the optional AI suggestions feature in Yoast SEO Premium because it sends keyword and content data to OpenAI for processing.
Sample consent text
Our website uses Yoast SEO (Yoast BV, Netherlands) to optimise on page SEO, structured data and XML sitemaps. Yoast SEO runs entirely on the WordPress backend and does not set any tracking cookie on your browser. No visitor data is collected by Yoast SEO.
Third-party domains contacted
yoast.comyoast.commy.yoast.commy.yoast.comkb.yoast.comyoa.stCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| No cookies set | first_party | N/A | Yoast SEO is a server side WordPress plugin and does not set any cookie on visitor browsers in default configuration. It only adds SEO meta tags, structured data and XML sitemaps to the page output. |
Yoast SEO collects user analytics data — you legally need a consent banner. Try FlowConsent free.
None. Yoast SEO is a server side WordPress plugin and does not set any cookie on visitor browsers. It only adds SEO meta tags, structured data and XML sitemaps to the page output.
No. Yoast SEO does not access the visitor terminal and does not require visitor consent. The optional usage telemetry feature is opt in only at the admin level and disabled by default.
Legitimate interest under Article 6(1)(f) GDPR for the content analysis and site audit operating on the publisher backend. The MyYoast portal processing for licence checks relies on Article 6(1)(b) GDPR (contract).
No visitor data is transferred. Yoast BV is established in the Netherlands. The optional AI suggestions feature in Yoast SEO Premium does transfer content and keywords to OpenAI in the United States, covered by the EU US Data Privacy Framework and the OpenAI DPA.
No DPIA is required for Yoast SEO. A short risk note is enough when activating the optional AI suggestions feature in Yoast SEO Premium because it shares article content and keywords with OpenAI.
Keep Yoast SEO and WordPress core up to date, leave the optional usage telemetry feature off, document the OpenAI AI suggestions feature in your privacy notice if you activate it, and run a separate cookie audit and consent management platform for the other plugins on the same WordPress site.
EU based WordPress SEO plugin alternatives include Rank Math (India, often considered an EU SaaS friendly option), SEOPress (France), All in One SEO (US, similar profile to Yoast) and The SEO Framework (Netherlands, minimal and lightweight).
A cookie policy entry is usually not necessary for Yoast SEO because it sets no cookies. Mention Yoast BV as a processor in the privacy notice if you use the MyYoast portal, and disclose the OpenAI AI suggestions feature if activated.
No. The Yoast SEO plugin does not set any tracking, analytics or marketing cookies on visitors. Yoast SEO operates entirely on the WordPress server and only outputs metadata in the HTML response.
No. Because Yoast SEO does not write information to the visitor device and does not transfer personal data to third parties, the ePrivacy consent rule is not triggered and no GDPR consent is required for the SEO functionality itself.
Legitimate interest under Article 6(1)(f) GDPR is the appropriate basis for generating SEO metadata to improve search visibility. License activation and Premium support data exchanged with Yoast BV rely on performance of the contract under Article 6(1)(b) GDPR.
Yoast BV is established in the Netherlands and operates its infrastructure inside the European Union. The plugin does not transfer visitor data outside the EU, so cross border transfer mechanisms are generally not required for Yoast SEO itself.
No DPIA is required for the standard plugin. A DPIA may be considered if Yoast SEO Premium Local SEO publishes detailed information about real natural persons at scale, or if structured data exposes sensitive attributes (medical professionals, recruits).
Disable the optional anonymous usage tracking, review the author archive settings to avoid exposing personal data of contributors, audit Local SEO blocks to limit the exposure of phone numbers and addresses and keep the plugin and its add ons up to date. Document Yoast BV as a processor in your record of processing activities.
Other WordPress SEO plugins include Rank Math (India), All in One SEO Pack (US), SEOPress (France), The SEO Framework (Netherlands) and SEO by Yoast competitors. All are GDPR friendly if you keep them on the WordPress server and disable optional tracking. The right choice depends on the editorial workflow and the depth of structured data needed.
No specific cookie entry is needed because Yoast SEO does not set cookies on visitors. You can simply list Yoast BV as a processor responsible for the SEO plugin in the privacy notice, mention the EU based hosting of Yoast servers and link to the Yoast Privacy Policy.