Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Melis Platform is a French open source PHP CMS and e commerce platform built on Zend Framework, designed for self hosted, multi site deployments in Europe.
Melis Platform is a French open source PHP CMS and e commerce platform built on Zend Framework. It is designed for multi site deployments and is widely used by European publishers and retailers that prefer self hosted infrastructure. Because Melis is self hosted, the operator chooses the data centre, the database location and the security stack.
In a vanilla configuration Melis Platform sets a PHP session cookie that maintains the editor session and any logged in customer area, plus a CSRF token cookie that protects forms. The bundled e commerce module adds a cart cookie when a visitor places an item in the basket. No third party tracking is shipped by default.
Strictly necessary session, security and cart cookies fall under the legitimate interest exception of article 5(3) of the ePrivacy Directive. As soon as the operator adds analytics, marketing automation, retargeting, embedded videos or social plugins, those modules become subject to consent and must be blocked until the visitor has accepted the relevant categories.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Document the Melis cookies in your privacy notice, integrate a CMP for additional modules, store editor and customer data in EU regions, and audit the modules and templates installed during a CMS migration to confirm none of them silently load third party scripts.
Because Melis Platform is self hosted, third country transfers only occur if the operator selects a non EU host, uses an external CDN or integrates US based modules. Choosing an EU hosting region and hosting fonts and assets locally keeps the deployment inside the EEA by default.
Choose an EU host, configure session and CSRF cookies as strictly necessary, integrate a CMP for any non essential module, restrict editor accounts to least privilege, and run a quarterly tag review to detect new third party scripts introduced through modules or templates.
Websites using Melis Platform must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required for a vanilla Melis Platform installation that only uses session and CSRF cookies. It becomes appropriate when the operator adds analytics, marketing automation, e commerce profiling, or hosts large amounts of customer data through the e commerce module.
Sample consent text
This site is powered by the open source Melis Platform CMS. Strictly necessary session and security cookies are set so the site can function. Tracking or marketing cookies are only loaded if you accept them in the cookie banner.
Third-party domains contacted
melisplatform.comgithub.com/melisplatformpackagist.orgCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| PHPSESSID | Strictly necessary | Session | Maintains the editor and customer session in Melis Platform. |
| melis_csrf | Strictly necessary | Session | Anti CSRF token cookie used to validate form submissions in Melis Platform. |
| melis_cart | Strictly necessary | 30 days | Stores the cart identifier on Melis e commerce sites so the visitor can resume the order. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
A vanilla Melis Platform installation only sets a PHP session cookie that keeps editors and customers signed in, an anti CSRF token cookie and, when the e commerce module is active, a cart cookie. No analytics or advertising cookies are dropped.
No for the strictly necessary session, security and cart cookies. Consent is required as soon as the operator adds analytics, marketing automation or third party embeds.
Legitimate interest, article 6(1)(f) GDPR, covers the strictly necessary cookies and editorial workflow. Customer accounts and orders are processed under article 6(1)(b) for contract performance, and added analytics or marketing modules require consent.
Not by itself. Melis is self hosted and stores data wherever the operator chooses. Transfers only occur if the operator selects a non EU host, a US CDN or US sub processors for added modules.
A DPIA is usually not required for an editorial only installation. It becomes appropriate when Melis hosts large customer accounts via the e commerce module, when added modules profile users, or when the deployment relies on providers outside the EEA.
Use an EU host, host fonts and assets locally, document the session, CSRF and cart cookies, integrate a CMP for any non essential module and apply least privilege to editor accounts.
Other self hostable European or French CMS and e commerce options include TYPO3, Drupal, PrestaShop, Sylius, Spip, eZ Platform now Ibexa and Statamic.
List the strictly necessary session, CSRF and cart cookies with their purpose and lifetime, name the operator as controller and the hosting provider as processor, and update the policy each time you add an analytics or marketing module.