Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Business Catalyst was Adobe's hosted website builder for small businesses, retired in March 2021; legacy snippets and BC subdomains can still be found on long lived sites.
Business Catalyst (BC) was an Adobe hosted website builder and small business CRM, originally acquired in 2009. Adobe retired the service in March 2021 and instructed customers to migrate to other platforms. Many sites built on BC were never properly migrated and still load BC scripts, fonts and admin panels from Adobe subdomains.
Where the BC integration is still active, the page sets BC session and admin cookies, BC analytics cookies and loads scripts from worldsecuresystems.com, businesscatalyst.com and adobebc.com. Forms still target BC endpoints, which can result in 404 responses or in data flowing to Adobe US until the integration is fully removed.
BC residuals are non essential and route data to a US infrastructure. Article 5(3) of the ePrivacy Directive and the Schrems II case law apply, so either the cookies and subdomains must be removed or, in practice, the site must be migrated. Asking visitors to consent to a defunct service is poor practice.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Adobe documented several migration paths to Magento, Adobe Experience Manager and third party platforms such as WordPress, Webflow, Shopify and Squarespace. Treat the migration as a full site relaunch: replatform the CMS, export the customer database, replace forms with EU friendly equivalents and verify that no BC subdomain is still referenced in the code.
Adobe Inc. is incorporated in the United States. Even residual BC traffic therefore qualifies as a third country transfer that must be terminated through migration rather than legitimised through consent on a non functional service.
Inventory all BC subdomains and cookies in the codebase, plan a full migration, communicate the change to customers, archive any remaining BC data, and document the cleanup in your records of processing activities.
Websites using Business Catalyst must obtain user consent under GDPR regulations.
DPIA considerations
A formal DPIA is moot for a discontinued product, but the residual cookies and BC subdomains create a real risk of leaking EU visitor data to Adobe US. Operators should treat any detection as a tag and content migration incident, not as ongoing processing.
Sample consent text
Legacy Business Catalyst code was detected on this page. The Adobe service has been discontinued, but the page may still set Adobe cookies and contact BC subdomains. By accepting, you allow these residual cookies; the safer option is to migrate the site away from Business Catalyst.
Third-party domains contacted
businesscatalyst.comworldsecuresystems.comadobebc.comadobe.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| BC_SI | Strictly necessary | Session | Business Catalyst session identifier still set by legacy BC integrations. |
| BC_OBSCURE_VISITOR | Analytics | 1 year | Long lived BC visitor cookie used by the BC analytics module before the service was retired. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
Legacy BC integrations can still set BC session cookies (BC_SI), admin cookies and BC analytics cookies. Scripts also load from worldsecuresystems.com, businesscatalyst.com and adobebc.com.
Yes if any cookie or third party script remains. Because the service is discontinued, the right answer is migration, not collecting consent for a defunct platform.
Consent is the only realistic basis if any BC code remains. Legitimate interest is unsupportable when the destination service no longer exists.
Yes. Adobe Inc. is US based, and any residual BC traffic flows to US infrastructure. Migration is the cleanest way to terminate the transfer.
In practice no, because the service is dead. The expected response is migration and tag cleanup, not a DPIA on a non functional product.
Inventory BC subdomains and cookies, migrate the site to a supported CMS, export the BC customer database, replace forms, and remove every reference to worldsecuresystems.com or adobebc.com.
Adobe officially recommended Magento and Adobe Experience Manager. EU friendly alternatives for small businesses include WordPress, Webflow, Squarespace, Shopify, Wix, IONOS MyWebsite and Strikingly with EU hosting.
Remove every reference to BC, confirm that no Adobe BC cookies are still set, replace the section with the documentation of your new platform, and add a periodic dead tag audit.