Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
WalkMe is a web technology service that provides essential functionality for websites and digital platforms. It delivers core capabilities that support site operations, content delivery, and user experience optimization. WalkMe integrates seamlessly with modern web architectures, ensuring reliable performance and compatibility across browsers and devices. Trusted by businesses worldwide, WalkMe helps organizations maintain robust websites that meet user expectations and technical requirements.
WalkMe, founded in 2011 in Tel Aviv and now headquartered in San Francisco, pioneered the Digital Adoption Platform category. Used by large enterprises to onboard employees on Workday, Salesforce, SAP, ServiceNow and internal applications, it also operates on customer facing websites to guide first time visitors. The platform records every user interaction in detail.
WalkMe injects a JavaScript snippet that overlays SmartWalkThrus (step by step tours), ShoutOuts (in app announcements), Launchers, ActionBots, Resources, Surveys and Validation. WalkMe Workstation extends the experience to the desktop. The Insights module records every click, focus, scroll, form input and navigation event, builds funnels, identifies friction points and ranks the most effective tours.
WalkMe sets first party cookies including WalkMeUUID (anonymous identifier, two years), WalkMeSession (session) and WalkMeFlow (active flow). The platform collects IP, user agent, screen size, click coordinates, form field metadata, page URL, navigation events and dwell time. The Insights module can pseudonymise user IDs from your application for cross session tracking.
On public websites, WalkMe cookies require ePrivacy consent under Art. 5(3). The detailed event recording is similar to session replay and must be carefully scoped, with masking for personal data fields. On internal applications, legitimate interest may apply if employees are informed and the monitoring is proportionate; works councils must be consulted in some jurisdictions (France, Germany).
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Default WalkMe data residency is in the US. Enterprise customers can request Frankfurt or Sydney. Transfers to the US rely on the EU US Data Privacy Framework (WalkMe is certified) or on Standard Contractual Clauses with supplementary measures. Engineering access from Tel Aviv is allowed under the Israel adequacy decision.
Request Frankfurt data residency on Enterprise plans. Mask all sensitive form fields with the WalkMe sensitive data protection settings. Limit the event capture to what is required for the use case. Sign the WalkMe DPA. On public websites, block the snippet behind the marketing or statistics consent category. On internal applications, inform employees and consult the works council where required.
Websites using WalkMe must obtain user consent under GDPR regulations.
Third-party domains contacted
walkme.comcdn.walkme.compapi.walkme.comeu-papi.walkme.comwalkmeapi.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| WalkMeUUID | first_party | 2 years | Anonymous WalkMe visitor identifier used to attribute sessions and Insights events to the same user. |
| WalkMeSession | first_party | Session | Session identifier used by WalkMe to keep state across pages. |
| WalkMeFlow | first_party | 30 days | Stores the WalkMe flow currently in progress for the visitor. |
| WalkMeTeaserCookie | first_party | 30 days | Controls the display frequency of WalkMe teasers and ShoutOuts. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
WalkMe sets first party cookies including WalkMeUUID (anonymous identifier, two years), WalkMeSession (session), WalkMeFlow (current flow) and WalkMeTeaserCookie (display control). All require prior consent in the EEA when used on public websites.
On public customer facing websites, yes. The cookies and the detailed interaction tracking require prior consent under Art. 5(3) ePrivacy and Art. 6 GDPR. On internal employee facing applications, consent is rarely appropriate; legitimate interest plus information and works council consultation is the usual basis.
Consent (Art. 6(1)(a) GDPR) on public websites. Legitimate interest (Art. 6(1)(f)) or contract (Art. 6(1)(b)) on internal employee facing applications, with documentation of proportionality and transparency. Sensitive workflows require additional safeguards.
By default yes. Enterprise customers can request Frankfurt or Sydney. Transfers rely on the EU US Data Privacy Framework (WalkMe is certified) or on Standard Contractual Clauses with supplementary measures. Engineering access from Israel benefits from the Israel adequacy decision.
A DPIA is recommended for large scale deployments, employee monitoring, public facing customer journeys, and sensitive workflows. Document the data centre, the captured interactions, the masking rules, the lawful basis, the transfer mechanism and the retention.
Request Frankfurt data residency. Mask sensitive fields. Limit Insights event capture. Sign the WalkMe DPA. On public sites block the snippet behind a CMP category. On internal apps, inform employees, consult the works council where required and apply purpose limitation.
EU based: Userlane (Germany), Userflow (Denmark), Chameleon (UK). US: Pendo, Appcues, Whatfix, Userpilot, Spekit. Open source: TourGuide JS, Bootstrap Tour. For pure onboarding without analytics: Intro.js.
Subscribe to WalkMe trust centre updates. When sub processors, data centres, or captured events change, update your cookie table, privacy notice and records of processing, and bump the consent banner version.