Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Reddit is a US social platform with strong reach in tech, gaming, finance and consumer communities. Advertisers integrate Reddit through the Reddit Pixel for conversion tracking, retargeting and lookalike audiences, and through the Reddit Conversion API for server side events. Reddit Pixel sets first and third party cookies, collects clicks, page views and purchases, and ties them to Reddit user accounts when possible. Every European deployment requires prior opt-in consent and must be properly disclosed in the privacy notice.
Reddit Inc. is a publicly traded US company that operates the social platform reddit.com. For European website operators, Reddit appears mostly through the Reddit Ads advertising stack: the Reddit Pixel (a small JavaScript snippet) and the Reddit Conversion API. The pixel fires page views, signups, purchases and custom events. The Conversion API does the same from your server, enriching the event with hashed email or phone numbers. Reddit then matches the events to Reddit user profiles to build conversion reports, retargeting audiences and lookalike audiences.
On the advertised website, the Reddit Pixel sets the rdt cookie (or _rdt_uuid) on the first party domain, plus third party cookies on .reddit.com such as reddit_session, token_v2 and edgebucket. On reddit.com itself, the pixel may read existing session cookies to match a visitor to a logged in Reddit account. Collected data includes IP address, User-Agent, click identifiers, URL, referrer, time stamps and any custom parameters added by the operator (value, currency, content_id).
The Reddit Pixel is an advertising and profiling tool, which means Article 5(3) ePrivacy requires informed, freely given prior consent before any cookie or local identifier is written. Under the GDPR, the website operator and Reddit Inc. are joint controllers for the pixel events, as confirmed by the CJEU rulings Fashion ID and Wirtschaftsakademie. Both parties must define their responsibilities in a joint controllership arrangement, which Reddit provides as part of its advertising terms.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Reddit Inc. is certified under the EU-US Data Privacy Framework, providing an adequacy basis for transfers to the United States. The Reddit Data Processing Addendum includes the European Commission Standard Contractual Clauses for jurisdictions outside the framework. Reddit relies on AWS infrastructure, mostly in US regions. Following Schrems II, a transfer impact assessment is recommended documenting the scope of US government access risk and the data minimisation measures applied.
Consent under Article 6(1)(a) GDPR is the only realistic legal basis for the Reddit Pixel. Legitimate interest does not apply because the purpose is advertising and profiling, which falls outside the typical legitimate interest test. The consent must be specific to advertising and clearly named Reddit as the recipient. The pixel must only fire after opt-in, controlled through a Consent Management Platform.
Sign the Reddit Data Processing Addendum, configure the pixel through Google Tag Manager (or another tag manager) so it only fires after the advertising consent group is granted, hash email addresses and phone numbers client side before sending to the Conversion API, list Reddit as a recipient in the privacy notice with a link to its privacy policy, document the joint controllership and the transfer impact assessment, and provide an easy mechanism to withdraw consent at any time.
Websites using Reddit (Reddit Pixel / Reddit Ads) must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is required when the Reddit Pixel is deployed at scale, especially when combined with the Reddit Conversion API server side feed of order, lead or revenue data. The DPIA must cover the profiling logic, the link between Reddit user IDs and your CRM data, retention, sub-processors (Cloudflare, AWS), the legitimate interest of advertisers versus the privacy of users and the international transfer mechanism.
Sample consent text
We use the Reddit Pixel and optional Conversion API to measure the effectiveness of our advertising campaigns on Reddit, build retargeting audiences and find lookalike users. These tools set cookies on your device, including rdt and reddit_session, and transfer your interactions to Reddit Inc. in the United States under the EU-US Data Privacy Framework. By clicking Accept, you allow Reddit advertising. You can change your choice at any time in the cookie settings.
Third-party domains contacted
reddit.comredditstatic.comredditmedia.comads.reddit.compixel.reddit.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| rdt | HTTP cookie | 90 days | Reddit Pixel first party cookie that identifies the visitor for conversion tracking and audience building. |
| _rdt_uuid | HTTP cookie | 90 days | Alternative Reddit Pixel identifier used for browser deduplication. |
| reddit_session | HTTP cookie | Session | Third party session cookie set on .reddit.com when the user is logged into Reddit. |
| token_v2 | HTTP cookie | 1 year | Reddit authentication token used to match conversion events to a Reddit account. |
| edgebucket | HTTP cookie | 1 year | Reddit A/B test bucket assignment used to deliver consistent experimental variants. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
The Reddit Pixel sets the first party rdt cookie (90 days) and an alternative _rdt_uuid identifier. On the .reddit.com domain it sets reddit_session, token_v2 (1 year) and edgebucket (1 year) when the user is logged in. All these cookies are used for advertising and require prior consent.
Yes. As an advertising and profiling tool, the Reddit Pixel cannot fire before the visitor has given a freely given, specific and informed opt-in consent through a Consent Management Platform.
Consent under Article 6(1)(a) GDPR is the only viable legal basis. The Reddit Pixel does not fit the legitimate interest test because the purpose is advertising and profiling.
Yes. Reddit Inc. is US controlled. Conversion data flows to Reddit servers in the United States. The transfer relies on the EU-US Data Privacy Framework adequacy decision and Standard Contractual Clauses.
Yes when the pixel is combined with the Reddit Conversion API and ties identifiable visitor data to advertising profiles at scale, especially on sites with sensitive audiences.
Sign the Reddit DPA, configure the pixel through a tag manager controlled by your CMP, only fire after opt-in, hash personal data sent through the Conversion API, document the joint controllership and add a clear cookie banner section for Reddit.
For privacy first measurement, server side conversions through the Reddit Conversion API can be deduplicated with hashed identifiers. Privacy preserving aggregations such as the GA4 conversion linker or custom marketing mix modelling can complement or replace pixel based attribution.
Add a dedicated section listing Reddit Inc. as a recipient, describe the cookies (rdt, _rdt_uuid, reddit_session, token_v2, edgebucket), the purposes (conversion measurement, retargeting), the EU-US Data Privacy Framework certification and a link to the Reddit privacy notice.