Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Colibri WP is a WordPress theme and visual website builder developed in Romania that lets users design responsive sites with a live drag and drop editor. It offers a free version on WordPress.org plus a premium Pro plan with additional templates, sections and styling options. The platform loads fonts, scripts and editor assets that can set cookies and contact third party domains, including Google Fonts and the Colibri cloud editor. Site owners using Colibri WP must therefore manage consent for non essential cookies and disclose third party data flows in their privacy notice.
Colibri WP is a WordPress theme and visual website builder developed by ExtendThemes in Romania. It ships in a free edition available on the WordPress.org repository and a Pro edition with additional templates, color palettes, sections and animation options. The product is designed for small businesses, freelancers and agencies that want to build responsive marketing sites without writing code. Once installed, Colibri WP loads a live drag and drop editor that connects to vendor servers to fetch templates, fonts and graphic assets.
On the public site, Colibri WP itself sets only a small number of first party cookies and local storage entries used to remember layout preferences and editor state for logged in administrators. However the default templates often include Google Fonts, Font Awesome icons and YouTube or Vimeo embeds. These third party assets can set their own cookies and log the visitor IP address. Pro features delivered through the Colibri cloud editor may also store a session identifier in local storage to keep the editing session alive.
Under the ePrivacy Directive and Article 5(3) of the European framework, any storage on the visitor device that is not strictly necessary requires prior consent. Theme cookies that remember a closed cookie banner or a chosen language can usually rely on the strictly necessary exemption. Embedded fonts, videos and analytics loaded by Colibri WP templates do not qualify and trigger consent obligations. The site operator acts as data controller and must document these flows in the records of processing activities.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Before loading Google Fonts from fonts.googleapis.com, YouTube iframes or any analytics script added to a Colibri WP site, the operator must collect a freely given, specific, informed and unambiguous opt in. The consent banner should list each third party purpose, mention that data may leave the European Economic Area, and offer an equally prominent Reject button. Pre ticked boxes and implicit consent through continued browsing are not valid under GDPR.
Many Colibri WP sites rely on Cloudflare as a content delivery network and on Google for fonts. Both providers can route requests to data centers in the United States. Following the Schrems II ruling and the EU US Data Privacy Framework, controllers must verify that each recipient is certified under the framework or covered by Standard Contractual Clauses with supplementary measures. Site owners should document these transfers in their privacy notice and Article 30 register.
To use Colibri WP in a compliant way, host Google Fonts locally, gate YouTube and Vimeo embeds behind consent, and disable any analytics integrations until the visitor opts in. Use a consent management platform that blocks scripts by category, document third party recipients in the privacy notice, and review the configuration whenever you change a template. Keep records of consent and offer a simple withdrawal mechanism through a persistent footer link.
Websites using Colibri WP must obtain user consent under GDPR regulations.
DPIA considerations
A full DPIA is generally not required for a standard marketing site built with Colibri WP, because the theme itself does not perform large scale profiling. A DPIA becomes appropriate when Colibri WP is combined with analytics, advertising pixels or visitor session recording tools, when the site processes special category data, or when it targets children. In those cases assess the combined data flows from the builder, third party fonts, embedded videos and analytics.
Sample consent text
This website uses Colibri WP as its WordPress theme and visual builder. Some Colibri WP components, including web fonts, embedded videos and analytics integrations, may set cookies or transfer data to third parties such as Google and Cloudflare. We only load these components after you click Accept. You can refuse or withdraw consent at any time via the cookie settings link in the footer.
Third-party domains contacted
colibriwp.comextendthemes.comfonts.googleapis.comfonts.gstatic.comcloudflare.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| colibri_visited | Functional | 1 year | First party cookie set by Colibri WP to record that the visitor has already loaded the site and to skip first visit animations on subsequent page views. |
| colibri_editor_state | Functional | Session | Local storage entry used by logged in administrators to keep the visual builder state, the selected device preview and the last opened panel during an editing session. |
| wp-settings-{user_id} | Functional | 1 year | Standard WordPress cookie kept by Colibri WP for admin users to remember the admin interface customisation, including last visited builder section. |
| __cfduid / __cf_bm | Strictly necessary | 30 minutes to 1 month | Set when Colibri WP assets are delivered through Cloudflare. Used by Cloudflare to identify trusted web traffic and protect the site against bots. |
| NID | Marketing | 6 months | Set by Google when the site uses Google Fonts or other Google services loaded by Colibri templates. Stores user preferences and enables personalisation across Google sites. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
Colibri WP itself sets a few first party cookies and local storage entries to remember layout preferences and editor state for logged in administrators. Default templates often add third party cookies from Google Fonts, Font Awesome, YouTube and Vimeo. The Colibri cloud editor used by Pro features may also store a session token. Audit every Colibri template you publish to confirm the exact list of cookies actually loaded.
Consent is required for any non essential storage triggered by Colibri WP templates, including Google Fonts loaded from Google servers, embedded YouTube videos, Font Awesome CDN icons and any analytics or marketing scripts added on top. Theme cookies that store the layout choice or the closed banner state can rely on the strictly necessary exemption and do not require consent.
Strictly necessary cookies that keep the site usable rely on legitimate interest or contractual necessity. Non essential cookies set by templates and third party assets rely on consent under Article 6(1)(a) GDPR combined with Article 5(3) ePrivacy. Hosting and CDN delivery handled by the site owner rely on a controller to processor agreement under Article 28.
A typical Colibri WP install transfers data to the United States when it loads Google Fonts, embedded videos or uses Cloudflare. These transfers must be covered by the EU US Data Privacy Framework certification of the recipient or by Standard Contractual Clauses with a documented transfer impact assessment.
A standalone marketing site built with Colibri WP usually does not require a DPIA. Conduct a DPIA when you combine the theme with analytics, advertising pixels or session recording, when you process special category data, or when your site targets children. The DPIA should look at the combined processing, not the theme in isolation.
Self host Google Fonts and Font Awesome, gate YouTube and Vimeo embeds behind a consent placeholder, and add a consent management platform that blocks scripts by category. Disable demo content that loads external services, document the active third parties in your privacy notice, and keep proof of consent for at least the duration required by your supervisory authority.
For a similar visual building experience without WordPress, evaluate Webflow or Squarespace. For WordPress alternatives with comparable footprints, consider Astra with Spectra, Kadence or GeneratePress with GenerateBlocks. Always check the cookies and third party calls of any builder you choose before deployment.
List Colibri WP and ExtendThemes as a processor for any cloud editor connections you keep enabled, then disclose every third party recipient triggered by the templates you use, such as Google for Fonts and YouTube, Cloudflare and Vimeo. Indicate cookie names, durations and purposes, link to each provider privacy notice and refresh the page after each template change.