Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Nrdevo is a subscription-based SaaS content management system (CMS) offering an intuitive dashboard, user management, role-based permissions, page building, e-commerce functionality, and app integrations. Nrdevo may integrate third-party services such as Google Tag Manager, PostHog analytics, and Google reCAPTCHA. CMS session cookies are used for authentication. Analytics and tracking integrations require consent. Users should verify Nrdevo's hosting location and data processing arrangements.
Nrdevo is a subscription-based SaaS content management system designed as an all-in-one platform for building websites and online stores. It features a comprehensive dashboard, user management with role-based permissions, page building tools, e-commerce capabilities, FAQ management, and an app marketplace for extending functionality. Built with JavaScript, Node.js, and MySQL, Nrdevo uses Bootstrap for frontend styling and supports integrations with third-party services including analytics and marketing tools.
Nrdevo sets session cookies for CMS authentication and user state management. Depending on the site configuration, additional cookies may be set by integrated third-party services such as Google Tag Manager (analytics orchestration), PostHog (product analytics and session recording), and Google reCAPTCHA (bot protection). E-commerce functionality may set additional cookies for cart management and payment processing. The specific cookies depend on which integrations the site operator has enabled.
Nrdevo CMS session cookies for authentication are typically classified as strictly necessary and may be exempt from consent requirements. However, analytics integrations (PostHog, Google Tag Manager) and reCAPTCHA set non-essential cookies requiring consent under the ePrivacy Directive. Site operators using Nrdevo must audit their specific configuration to identify all cookies and data processing activities, then configure their cookie consent management accordingly.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Nrdevo''s hosting infrastructure location is not publicly disclosed. Site operators should request this information directly from Nrdevo before deploying for EU audiences. If hosted outside the EU/EEA, appropriate transfer mechanisms (SCCs, adequacy decisions, or DPF) are required. Third-party integrations like Google reCAPTCHA and Google Tag Manager transfer data to Google''s US infrastructure, requiring their own transfer assessments.
Essential CMS session cookies may be exempt from consent. Analytics, marketing, and reCAPTCHA cookies require consent. Configure a CMP on your Nrdevo-powered site to manage consent for all non-essential cookies and third-party integrations.
Audit all cookies set by your Nrdevo site including third-party integrations. Implement a CMP to manage consent. Request hosting location and DPA from Nrdevo. Assess each third-party integration separately for GDPR compliance. Publish a comprehensive cookie policy listing all cookies by category. Ensure your privacy policy covers Nrdevo as a data processor and discloses all data transfers.
Websites using Nrdevo must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA may be recommended for Nrdevo deployments processing personal data at scale, particularly for e-commerce sites handling payment data, user accounts, and marketing analytics through integrated third-party services.
Sample consent text
This website is powered by Nrdevo CMS. We use essential cookies for site functionality and optional analytics cookies for improving your experience. You can manage your cookie preferences through our settings.
Third-party domains contacted
nrdevo.comapp.posthog.comwww.googletagmanager.comwww.google.comconnect.facebook.netCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| session_id | first_party | Session | Strictly necessary CMS session identifier used to keep the user logged in. |
| csrftoken | first_party | 1 year | Strictly necessary anti CSRF token that protects forms from cross site request forgery. |
| _GRECAPTCHA | third_party | 6 months | Optional Google reCAPTCHA cookie used to detect bots when reCAPTCHA protection is enabled. |
| ph_* | third_party | 1 year | Optional PostHog product analytics cookies set when the PostHog integration is enabled in Nrdevo. |
| _ga | third_party | 2 years | Optional Google Analytics cookie set via the GTM or GA integration in Nrdevo to identify unique users. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
Nrdevo installs strictly necessary session cookies (session ID, CSRF token) to power authentication and security. Optional integrations such as PostHog, Google Tag Manager, Meta Pixel and reCAPTCHA can add further tracking and analytics cookies depending on configuration.
Strictly necessary session cookies do not require consent under the ePrivacy Directive. Any optional analytics, marketing or personalization tracker activated inside Nrdevo requires prior, granular and revocable opt in from the visitor.
Contract performance (Art. 6(1)(b) GDPR) covers user account management, legitimate interest (Art. 6(1)(f)) supports security cookies, and consent (Art. 6(1)(a)) is mandatory for any non essential analytics or marketing trackers loaded by Nrdevo.
Nrdevo does not disclose its hosting region publicly, so verify it contractually. Optional integrations such as Google Tag Manager, Meta Pixel or reCAPTCHA do trigger transfers to the United States, which need Standard Contractual Clauses and a Transfer Impact Assessment.
A DPIA is recommended whenever Nrdevo is used for systematic monitoring of visitors, large scale processing or when third party trackers are activated. For a basic editorial site without optional analytics it can usually be skipped.
Sign a data processing agreement with Nrdevo, disable optional trackers you do not strictly need, plug in a Consent Management Platform that loads scripts only after opt in, document each cookie in your cookie policy and add transfer safeguards if required.
European or self hosted CMS such as Strapi, Directus, Payload CMS, Storyblok or TYPO3 reduce vendor lock in, give finer control over hosting region and avoid bundled third country trackers by default.
List Nrdevo session cookies as strictly necessary and document each optional tracker (PostHog, GTM, reCAPTCHA, embedded widgets) with provider, country, purpose, duration and link to its privacy policy. Refresh the list whenever you toggle a Nrdevo integration.