Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Segment Consent Manager is the open source library that gates the Segment analytics.js loader behind a consent banner and forwards consent state to all Segment destinations.
Segment Consent Manager is an open source library maintained by Segment, the customer data platform now part of Twilio. It gates the loading of analytics.js and the dispatch of events to Segment destinations behind a customer driven consent banner. The library writes a first party cookie that records which destination categories the visitor has accepted and exposes a programmatic API for inspecting and updating that state.
The library writes a tracking-preferences cookie that stores the visitor''s consent choices and a destination preferences object. It does not by itself collect user behaviour. Once consent is granted, analytics.js loads and the Segment SDK then sets the standard ajs_anonymous_id and ajs_user_id cookies and forwards events to the chosen destinations, each of which may set additional cookies.
The consent manager itself can be classified as strictly necessary because its purpose is to record an explicit consent decision. The destinations it gates remain subject to consent under article 5(3) of the ePrivacy Directive and the GDPR. The implementation must default reject non essential categories and only load analytics.js after the visitor has accepted at least one destination category that requires it.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Configure the destinations as categories that map to your CMP, set defaults to reject, and forward the consent context with every Segment event so destinations can apply server side suppression. For European deployments, route events through the EU workspace, document the destinations that fan out to advertising platforms and review the destination list before each release.
Segment is owned by Twilio and primarily processes data in the United States. EU customers can opt for the Segment EU workspace, which keeps the events in Ireland and Germany. Without that, transfers rely on the EU-US Data Privacy Framework or Standard Contractual Clauses, with all sub processors documented in the Twilio data processing addendum.
Adopt the EU workspace where possible, sign the DPA, configure default reject in the consent banner, ensure the destination preferences are forwarded with every event, document the destination list in your records of processing activities, and review every new destination request through privacy and security gates.
Websites using Segment Consent Manager must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Segment is connected to many destinations, when the consent manager is the only mechanism gating those destinations, when integrations include advertising platforms with cross border transfers, or when audiences are computed inside Segment for personalisation.
Sample consent text
We use Segment to send analytics events to a small set of approved tools. By accepting, you allow Segment to read and write a consent cookie, load analytics.js and forward your interactions to the destinations you have enabled.
Third-party domains contacted
segment.comcdn.segment.comapi.segment.iotwilio.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| tracking-preferences | Strictly necessary | 1 year | First party cookie that records the visitor consent decisions managed by Segment Consent Manager. |
| ajs_anonymous_id | Analytics | 1 year | Segment analytics.js anonymous user identifier set after consent for at least one analytics destination. |
| ajs_user_id | Analytics | 1 year | Segment analytics.js authenticated user identifier set when an identify call has been made. |
Segment Consent Manager is an essential service, but transparency matters. Manage all your consent with FlowConsent.
The library writes a tracking-preferences first party cookie that stores the visitor consent decisions and a destination preferences object. After consent, analytics.js sets ajs_anonymous_id and ajs_user_id, and the chosen destinations may set additional cookies.
The consent manager itself can be loaded as strictly necessary because it records the decision. The destinations it gates require prior consent under the ePrivacy Directive and the GDPR.
The consent record itself relies on legitimate interest or legal obligation depending on jurisdiction. Each destination behind the manager requires its own legal basis, typically consent for analytics and advertising.
Segment is owned by Twilio and processes data primarily in the United States. EU customers can opt for the Segment EU workspace; otherwise transfers rely on the EU-US Data Privacy Framework or Standard Contractual Clauses.
A DPIA is recommended when many destinations are connected, when advertising platforms are part of the chain, when audience segments are computed inside Segment, or when consent forwarding is the only suppression mechanism for downstream destinations.
Configure default reject, map destinations to categories, forward consent context with every event, route through the EU workspace if available, sign the Twilio DPA and document the destination list in the records of processing activities.
For consent management you can use OneTrust, Didomi, Cookiebot, Sourcepoint, Axeptio or open source projects such as Klaro and Orestbida. For event routing, mParticle, RudderStack, Snowplow and Twilio Engage are common alternatives to Segment itself.
List the tracking-preferences cookie alongside the analytics.js cookies, name Segment as a processor and link to its sub processor list, document the destinations enabled, and disclose any US transfer with the safeguards in place.