Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Peachie is a European website builder and CMS that combines a visual editor, hosting and a small marketplace of integrations. In its default configuration it only writes strictly necessary cookies on the published site, keeps content inside the EEA and lets the operator decide whether to add analytics or marketing tools that require consent.
Peachie is a European website builder and content management system that combines a visual editor, hosted page rendering, asset storage and a small marketplace of integrations. Operators publish brochure sites, landing pages, blogs and light ecommerce flows entirely from the Peachie back office. In the default configuration the site is served from Peachie infrastructure inside the EEA and uses only strictly necessary cookies.
Out of the box Peachie writes a session cookie, a CSRF token and a small cache marker on the published site. The editor itself uses additional cookies for the signed in operator session. None of these cookies track the visitor across other sites. They fall under the strictly necessary exemption and do not require prior consent. Optional integrations enabled by the operator (Google Analytics, Meta Pixel, Hotjar) carry their own consent obligation.
Peachie hosts the CMS and the static assets on European cloud regions. No personal data is transferred outside the EEA in the default configuration. The CDN that caches images and fonts may have edge nodes in several countries, but the origin remains in the EU. Operators who add a US analytics tool, a US payment processor or an external newsletter platform must document those transfers and rely on Article 46 GDPR safeguards.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Article 6(1)(b) GDPR (performance of the service contract) covers the editor and the publication of pages. Article 6(1)(f) GDPR (legitimate interest) covers the aggregated operator analytics shown in the Peachie dashboard. Contact forms published through Peachie collect personal data on the basis of the operator privacy notice, typically Article 6(1)(a) GDPR (consent) for marketing newsletters and Article 6(1)(b) GDPR for service requests.
Sign the Data Processing Agreement provided by Peachie and list the platform in the record of processing as a processor. Publish the privacy notice and cookie policy through Peachie pages, customise the cookie banner only when optional trackers are activated, and use the built in form blocks rather than third party form embeds for low risk lead capture. Map each enabled integration to a lawful basis and document the data flow before going live.
Peachie competes with Webflow, Squarespace, Wix, Strikingly, Carrd and EU oriented builders such as Pixpa or SimpleSite. The choice depends on EU residency requirements, the level of design freedom and the need for integrations. Plan an exit by exporting content as Markdown or HTML, keeping a domain you control and avoiding deep dependence on proprietary Peachie components.
Websites using Peachie must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required for a brochure site or a simple lead capture published with Peachie. A DPIA becomes relevant if the operator adds large scale visitor profiling, an ecommerce checkout that combines payment, identity and behavioural data, or a member area with sensitive content. Document the categories of data collected through forms, the retention period and the third party integrations enabled.
Sample consent text
This site is built with Peachie. We only use strictly necessary cookies to display the site and protect our forms, which do not require your consent. If we add analytics or marketing tools we will ask for your separate consent through the cookie banner.
Third-party domains contacted
peachie.appcdn.peachie.appassets.peachie.appeditor.peachie.appCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| peachie_session | http_cookie | session | Holds the active visitor session for the published site (cart, login state for member areas) |
| peachie_csrf | http_cookie | session | CSRF protection token used on form submissions to prevent cross site request forgery |
| peachie_editor | http_cookie | 30 days | Editor session cookie set when an operator is signed in to the Peachie back office |
| peachie_cache | http_cookie | 1 day | Cache key indicator used to deliver the correct rendered page version after content updates |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
In its default configuration Peachie writes a session cookie, a CSRF token and a small cache marker on the published site. The editor itself also sets cookies for the signed in operator session. None of these cookies track visitors across domains and none are written for advertising purposes. They fall under the strictly necessary exemption and do not require prior consent.
Only if you activate non essential trackers. A vanilla Peachie site uses only strictly necessary cookies and can publish a cookie policy without a banner. Enabling Google Analytics, Meta Pixel, Hotjar or any social media embed turns those trackers into non essential cookies and triggers the obligation to deploy a Consent Management Platform with opt in.
Article 6(1)(b) GDPR (performance of the service contract) covers the editor and the publication of pages. Article 6(1)(f) GDPR (legitimate interest) covers the aggregated analytics displayed in the Peachie dashboard. Forms submitted by visitors collect data under the operator privacy notice, typically consent for newsletters and contract performance for service requests.
No transfer outside the EEA takes place in the default configuration. The CMS and the assets live on European cloud regions. A CDN may serve cached static files from edge locations worldwide but the origin remains in the EU and no personal data is stored at the edge. Operators who add a US analytics tool, payment processor or newsletter platform have to document those downstream transfers themselves.
A DPIA is generally not required for a brochure site, a blog or a simple lead form. A DPIA becomes relevant when the operator adds large scale visitor profiling, an ecommerce checkout that combines payment, identity and behavioural data, or a member area handling sensitive content. The Peachie usage itself remains low risk and infrastructure level.
Sign the Data Processing Agreement Peachie offers and list the platform in the record of processing. Publish the privacy and cookie policies as Peachie pages. Use the native form blocks instead of embedding third party forms for low risk lead capture. Only add a cookie banner when you switch on a non essential integration and map every enabled integration to its lawful basis.
Direct alternatives include Webflow, Squarespace, Wix, Strikingly and Carrd. EU oriented builders include Pixpa, SimpleSite, Jimdo and Hostinger Website Builder. Open source options include Webstudio, Plasmic and headless stacks built on Payload CMS, Strapi or Ghost. Choose based on hosting region, design freedom and the depth of integrations you need.
List each new tracker that the integration introduces, with name, purpose, retention and third party. Update the lawful basis (consent for all non essential cookies), the transfer information (especially for US tools) and the privacy notice. Republish the cookie policy through Peachie, refresh the Consent Management Platform configuration and rerun a cookie scanner to verify the inventory.