Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentComplianz is a Consent Management Platform (CMP) for WordPress, developed by Really Simple Plugins B.V. in the Netherlands. It scans cookies on your website, generates cookie policies and privacy statements, displays a consent banner, and stores consent records to demonstrate GDPR and ePrivacy compliance. Unlike tracking services, Complianz itself does not collect behavioural data and transfers no data outside the EU.
Complianz is a Consent Management Platform (CMP) for WordPress, developed and maintained by Really Simple Plugins B.V., a Dutch company based in the Netherlands. It is one of the most widely used cookie consent solutions in the WordPress ecosystem, with over one million active installations. Its purpose is to help website operators comply with the GDPR, the ePrivacy Directive, and other privacy regulations by managing cookie consent, generating legal documents, and maintaining auditable consent records.
Complianz provides a complete cookie compliance workflow: automated cookie scanning to detect and categorise all cookies and scripts on the website; a customisable consent banner with geo-targeting (different banners for EU, US, and other regions); category-based consent management (functional, statistics, marketing, preferences); automatic blocking of third-party scripts until consent is granted; consent record storage with timestamp, IP address, and banner version; auto-generated cookie policy and privacy statement updated when new cookies are detected; and support for the IAB Transparency and Consent Framework (TCF 2.2) for advertising ecosystems.
Complianz is installed as a WordPress plugin. On the front end, it injects a JavaScript banner and intercepts the loading of third-party scripts tagged with Complianz categories. When a visitor makes a consent choice, the decision is stored in first-party cookies (cmplz_consent, cmplz_id) on the visitor browser and optionally sent to the Complianz API for cloud-based consent record storage. All data processed by Complianz remains in the EU. The plugin integrates natively with Google Tag Manager, WooCommerce, and major WordPress page builders.
Complianz has a fundamentally different privacy risk profile from tracking or advertising services. It does not collect behavioural data, does not build user profiles, has no advertising purpose, and does not transfer data outside the EU. The data it does process consists of consent records (IP address, timestamp, banner version, consent choices), which are required by GDPR Art. 7(1) to demonstrate that valid consent was obtained. These records are stored either in the WordPress database or on Complianz EU servers. The cookies Complianz sets are strictly necessary for consent management and are generally exempt from prior consent requirements under the ePrivacy Directive.
Websites using Complianz must obtain user consent under GDPR regulations.
DPIA considerations
Complianz is a consent management tool, not a tracking service. Its privacy risk profile is fundamentally different from advertising or analytics trackers. Key considerations: (1) Complianz stores consent records that include visitor IP addresses, consent timestamps, and banner version identifiers; these are personal data under GDPR and must be protected accordingly; (2) consent records are stored either in the WordPress database (self-hosted, no third-party transfer) or optionally in the Complianz cloud on EU servers (Netherlands); (3) Complianz itself does not transfer any data to the United States or outside the EU; (4) the cookies Complianz sets (cmplz_*) are strictly necessary for the functioning of the consent mechanism and do not themselves require prior consent; (5) if the Complianz Statistics add-on is enabled, additional anonymised visitor data may be collected for banner performance analysis. Overall DPIA risk is low; a full DPIA is generally not required unless the consent records are used for secondary purposes or combined with other high-risk processing.
Third-party domains contacted
api.complianz.iocookiedatabase.orgcomplianz.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| cmplz_consent | Strictly Necessary | 1 year | Stores the visitor consent choices per category (functional, statistics, marketing, preferences). Set on the operator domain after the visitor interacts with the consent banner. |
| cmplz_id | Strictly Necessary | 1 year | Stores a unique anonymous identifier to link consent choices to a consent record. Used to provide proof of consent as required by GDPR Art. 7(1). |
| cmplz_consent_status | Strictly Necessary | 1 year | Records whether the visitor has actively interacted with the banner or dismissed it without making a choice. Prevents the banner from reappearing unnecessarily. |
| cmplz_policy_id | Strictly Necessary | 1 year | Stores the version identifier of the cookie policy the visitor accepted. If the policy is updated significantly, this triggers a new consent request on the next visit. |
Complianz is an essential service, but transparency matters. Manage all your consent with FlowConsent.
Get started freeComplianz is a Consent Management Platform (CMP) plugin for WordPress. It helps website operators comply with the GDPR, ePrivacy Directive, CCPA, and other privacy regulations by automatically scanning cookies on the site, displaying a customisable consent banner, blocking third-party scripts until consent is given, storing consent records as proof of compliance, and generating cookie policies and privacy statements. With over one million active installations, it is one of the most widely used consent management solutions in the WordPress ecosystem.
No. The cookies that Complianz sets (cmplz_consent, cmplz_id, and related cmplz_* cookies) are strictly necessary for the functioning of the consent mechanism itself. Under the ePrivacy Directive, cookies that are technically required to implement a user choice are exempt from prior consent requirements. Visitors do not need to consent to Complianz cookies before the banner is shown, as these cookies exist solely to store and apply the consent decision the visitor is about to make.
Complianz sets several first-party cookies, all stored on the operator domain: cmplz_consent (1 year) stores the visitor consent choices per category (functional, statistics, marketing); cmplz_id (1 year) stores a unique anonymous identifier to link consent records; cmplz_consent_status (1 year) records whether the visitor has actively interacted with the banner or dismissed it; and cmplz_policy_id (1 year) stores the version of the cookie policy the visitor accepted, allowing consent to be re-requested if the policy changes significantly.
Yes. Complianz is designed specifically to help operators achieve and demonstrate GDPR compliance. It is developed by a Dutch company (Really Simple Plugins B.V.) subject to EU law, stores all data in the EU, acts as a data processor under a Data Processing Agreement, and provides the consent records required by GDPR Art. 7(1) to demonstrate valid consent. Using Complianz does not guarantee full GDPR compliance for your site, as compliance also depends on how you configure and use the other services Complianz manages.
By default, Complianz stores consent records in your WordPress database on your own server. No data is sent to Complianz or any third party in this default configuration. Optionally, operators with a Complianz Premium subscription can enable cloud-based consent record storage on Complianz servers located in the Netherlands (EU). In either case, no consent data is transferred outside the European Union. Records include the visitor IP address (or a hashed version), timestamp, banner version, and consent choices per category.
Yes. Complianz supports multiple privacy regulations through geo-targeting. It can detect the visitor location and display a regulation-specific banner: a GDPR consent banner for EU visitors, a CCPA opt-out notice for California visitors, and customised notices for other regions (Brazil LGPD, Canada PIPEDA, etc.). Each regulation requires a different compliance approach, and Complianz handles the logic automatically based on the visitor IP. Premium users can customise banners and flows for each region independently.
The main difference is the deployment model. Complianz is a self-hosted WordPress plugin: all data stays on your server and no data is sent to a third-party CMP platform by default. Cookiebot and OneTrust are SaaS CMPs: consent records and banner configuration are managed on their cloud platforms, which involves a data transfer to their servers (located in the EU or US depending on the provider). Complianz is generally more privacy-friendly by default and less expensive, but offers fewer enterprise features than OneTrust. Cookiebot and OneTrust are platform-agnostic and do not require WordPress.
A full Data Protection Impact Assessment (DPIA) is generally not required for Complianz alone, as the processing it performs is low-risk: it stores consent records in the EU, has no advertising purpose, and does not profile users. However, operators should document the processing of consent records (including IP addresses) in their Record of Processing Activities (RoPA) as required by GDPR Art. 30. A DPIA may become relevant if consent records are combined with other high-risk processing, or if the Complianz Statistics add-on is used at large scale.