Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Leadpages is a cloud based landing page builder and lead generation platform developed by Avenue 81 Inc. (US). It enables users to create landing pages, pop ups, alert bars, and opt in forms with built in A/B testing and analytics. The platform collects form submission data, sets tracking cookies, and integrates with third party marketing tools, requiring GDPR compliance including consent management and a DPA.
Leadpages is a cloud based landing page builder and lead generation platform developed by Avenue 81 Inc., headquartered in Minneapolis, Minnesota. It enables marketers, entrepreneurs, and small businesses to create conversion optimised landing pages, pop up forms, alert bars, and complete websites without coding. Key features include drag and drop page building, A/B split testing, real time analytics, and integrations with popular email marketing platforms, CRMs, and payment processors. Leadpages landing pages are hosted on Leadpages'' infrastructure or can be published to custom domains.
Leadpages sets first party cookies for session management, form state tracking, and A/B test assignment. Landing pages built with Leadpages typically also load third party tracking scripts configured by the user, including Google Analytics, Meta Pixel, Google Ads conversion tags, and other marketing pixels. The platform collects form submission data (any fields the user configures: email, name, phone number, company, custom fields), visitor analytics (page views, conversion rates, traffic sources), and A/B test variant assignments. Leadpages also integrates with email service providers and CRMs, forwarding collected lead data to these third party platforms automatically.
Leadpages raises important GDPR considerations as landing pages are specifically designed to collect personal data from visitors. Every form submission constitutes personal data processing, and the third party marketing integrations create multiple data controller and processor relationships. Leadpages provides a DPA for customers subject to GDPR. As a US based company with US hosted infrastructure, all form data and analytics are processed outside the EEA. The platform does not currently offer EU data residency. Organisations using Leadpages must implement consent mechanisms for both cookie tracking and form data collection, particularly when targeting EU audiences.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Consent is the primary legal basis for Leadpages data processing. Landing page form submissions from EU visitors should be based on freely given, specific, informed consent (Art. 6(1)(a)). Forms should include clear privacy notices explaining what data is collected, how it will be used, which third parties receive the data, and the visitor''s rights. Cookie consent under the ePrivacy Directive is required before loading any analytics or marketing cookies on landing pages. A/B testing cookies should also be included in the consent mechanism. Double opt in for email marketing lists is recommended for GDPR compliance.
Leadpages is US based with all infrastructure hosted on AWS in the United States. All form submission data, analytics data, and page content is stored in the US. No EU data residency option is available. International transfers are covered by SCCs in the Leadpages DPA. Additionally, the third party integrations connected to Leadpages (email platforms, CRMs, advertising networks) may each involve separate international transfers that must be assessed independently. Organisations should document all data flows from Leadpages forms to downstream systems in their Records of Processing Activities.
To achieve GDPR compliance with Leadpages: execute the Leadpages DPA. Implement a cookie consent banner on all landing pages before loading analytics and marketing scripts. Add clear privacy notices to all forms explaining data collection purposes and third party sharing. Implement double opt in for email marketing sign ups. Minimise form fields to only collect necessary data. Audit all third party integrations connected to Leadpages and verify each has a DPA. Review A/B testing practices to ensure variants do not process unnecessary personal data. Configure data retention and regularly purge old lead data. Include a link to your privacy policy on every landing page. Document all Leadpages data flows in your Records of Processing Activities.
Websites using Leadpages must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA may be needed for Leadpages deployments collecting personal data at scale via landing page forms. Key areas: types of personal data collected through forms (email, name, phone, custom fields), third party integrations receiving form data (email marketing platforms, CRMs), tracking cookies and pixels deployed on landing pages (Google Analytics, Meta Pixel), A/B testing involving personal data, US hosted infrastructure with no EU data residency, and the volume of EU visitor data processed.
Sample consent text
This page is powered by Leadpages and may set cookies for analytics, form functionality, and marketing tracking. Form submissions are processed on Leadpages servers in the United States. By submitting your information, you consent to this data processing. You can withdraw consent at any time by contacting us.
Third-party domains contacted
www.leadpages.comapp.leadpages.comapi.leadpages.compages.leadpages.comcdn.leadpages.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _lp_session | functionality | Session | Maintains session state for the landing page visitor including form progress and page view tracking. |
| _lp_ab_variant | functionality | 30 days | Stores the assigned A/B test variant to ensure consistent experience across return visits. |
| _lp_lead_id | functionality | 1 year | Identifies returning leads to prevent duplicate form submissions and personalise content. |
| _ga | analytics | 2 years | Google Analytics cookie tracking visitor behaviour on Leadpages hosted landing pages. |
| _fbp | marketing | 90 days | Meta Pixel cookie for advertising attribution and retargeting from Leadpages landing pages. |
| _lp_consent | functionality | 1 year | Stores the visitor cookie consent preference for the landing page. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
Leadpages sets session cookies, form state tracking cookies, A/B test variant assignment cookies, and analytics cookies. Landing pages also typically include user configured third party scripts (Google Analytics, Meta Pixel, Google Ads) that set their own cookies. Cookies originate from the landing page domain and from third party tracking domains.
Yes. Consent is required for analytics and marketing cookies under the ePrivacy Directive, and for form data collection from EU visitors under GDPR. All landing pages targeting EU audiences should have a cookie consent banner and clear privacy notices on forms explaining data usage and third party sharing.
Consent (Art. 6(1)(a)) is the primary basis for form submissions and marketing cookies. Legitimate interest (Art. 6(1)(f)) may apply for essential functionality cookies. Each third party integration receiving lead data requires its own legal basis assessment. Double opt in is recommended for email marketing.
Yes. Leadpages is US based with all infrastructure on AWS in the US. No EU data residency is available. Transfers covered by SCCs in the DPA. Third party integrations may involve additional transfers. Document all data flows in your Records of Processing Activities.
Recommended if collecting personal data at scale via landing pages, particularly when combined with third party marketing integrations that create extensive visitor profiles. Assess form data types, tracking pixels deployed, downstream data recipients, and the volume of EU visitor data processed.
Execute the DPA. Add cookie consent banners to all landing pages. Include privacy notices on forms. Implement double opt in. Minimise form fields. Audit third party integrations. Configure data retention. Add privacy policy links. Document data flows in processing records.
EU based alternatives include Systeme.io (France based marketing platform), Landingi (Poland based landing page builder). Self hosted options include WordPress with Elementor or Thrive Architect. For maximum data control, static site generators (Hugo, Astro) with self hosted forms eliminate third party data processing entirely.
List all cookies set by Leadpages landing pages including session, analytics, A/B testing, and any third party marketing cookies. Specify each cookie's name, purpose, duration, and originating domain. Describe the form data collected and third party recipients. Reference Leadpages' processor role and the DPA with SCCs. Provide consent management controls and withdrawal instructions.