Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Usercentrics is a German Consent Management Platform headquartered in Munich and a leading enterprise CMP in the DACH region. ISO 27001 certified, hosted in Germany and Belgium, certified IAB TCF v2.2, with Google Consent Mode v2 support and a privacy proxy for server side consent enforcement. Usercentrics acquired Cookiebot in 2021.
Usercentrics is a German Consent Management Platform founded in 2017 and headquartered in Munich. It is one of the leading enterprise CMPs in the DACH region (Germany, Austria, Switzerland) and acquired its main European competitor Cookiebot in 2021, making the combined group the largest EU based consent vendor. Usercentrics is ISO 27001 certified, supports the IAB TCF v2.2 framework and Google Consent Mode v2, and offers a privacy proxy for server side consent enforcement.
Usercentrics stores the consent record in the localStorage entry usercentrics under your domain. A small set of first party cookies (uc_settings, uc_session) is optionally used to track the consent state across subdomains and to retain UI preferences. When the IAB TCF integration is active, the euconsent v2 string is also stored. The full consent proof is sent to the Usercentrics servers in Germany and Belgium and is accessible from the dashboard for audit. No browsing behaviour, IP address or device fingerprint is collected.
Usercentrics is designed for privacy by design under Article 25 GDPR. The CMP blocks non essential scripts before the accept click, offers granular category and per service controls (necessary, functional, analytics, marketing), provides a reject button with equal visual weight, and is certified for IAB TCF v2.2. The Smart Data Protector technology pre blocks vendor scripts based on a database of more than 2000 known trackers, which is particularly important for compliance with the German TDDDG and the CNIL guidelines.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Usercentrics processes data exclusively in the European Union on servers located in Germany and Belgium, operated by Usercentrics GmbH (Munich). There is no transfer to the United States or other third countries, which removes the need for SCCs and Schrems II analysis. The ISO 27001 certification provides additional guarantees for organisations subject to BSI Grundschutz, ANSSI SecNumCloud or the EU NIS2 directive.
Load the Usercentrics CMP script in the head before any other tag, enable Smart Data Protector so non essential scripts are blocked before the user clicks accept, activate granular category and per service controls and the equal weight reject button. Enable Google Consent Mode v2 in the integrations tab, configure the consent log retention to 12 to 24 months, and pair the CMP with the Usercentrics policy generator. For TCF v2.2 sites, activate the TCF add on.
Websites using Usercentrics must obtain user consent under GDPR regulations.
DPIA considerations
Usercentrics is a low risk processor and an ISO 27001 certified enterprise CMP. A full DPIA is generally not required, but document the legal basis (Article 6(1)(f) and 7(1) GDPR), the EU only data flow (Germany and Belgium) and the 12 to 24 month retention of the consent record in the record of processing activities.
Sample consent text
This website uses Usercentrics, a German Consent Management Platform certified IAB TCF v2.2. Usercentrics processes your data exclusively in the European Union (Germany and Belgium, ISO 27001) and stores your consent record for 12 to 24 months as proof under Article 7(1) GDPR.
Third-party domains contacted
app.usercentrics.euapi.usercentrics.euprivacy-proxy.usercentrics.euCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| usercentrics | first_party | localStorage | Stores the consent record for the Usercentrics CMP: categories and per service decisions, timestamp, consent version, controller ID. Required to apply the user choice on every page load. |
| uc_settings | first_party | 12 months | Stores UI preferences and the consent state shared across subdomains. Optional, used only on multi domain deployments. |
| euconsent-v2 | first_party | 12 months | Standard IAB TCF v2.2 consent string, set when the TCF integration is active for programmatic advertising interoperability. |
Usercentrics is an essential service, but transparency matters. Manage all your consent with FlowConsent.
Usercentrics primarily uses the localStorage entry usercentrics to store the consent record. Optional first party cookies uc_settings and uc_session may be set for cross subdomain state and UI preferences. When the IAB TCF integration is active, the euconsent v2 string is also stored. No browsing or fingerprint data is collected.
No. The Usercentrics consent storage is strictly necessary under Article 5(3) ePrivacy: it is required to record and prove the consent choice. The CMP loads before the user clicks accept, in line with German DSK, CNIL, AEPD and TTDSG guidance.
Usercentrics relies on the legitimate interest of the controller under Article 6(1)(f) GDPR combined with the legal obligation to demonstrate consent under Article 7(1) GDPR. The website operator is the controller, Usercentrics GmbH the processor.
No. Usercentrics processes data exclusively in the European Union on servers in Germany and Belgium. There is no transfer to the United States or other third countries, which removes the need for SCCs and Schrems II analysis. Usercentrics is one of the strongest options for German enterprises subject to the BSI Grundschutz.
No. Usercentrics is a low risk processor and is ISO 27001 certified. A full DPIA is not required; document the legal basis, the EU only data flow (Germany and Belgium) and the 12 to 24 month retention of the consent record in the record of processing activities.
Load the Usercentrics CMP script in the head before any other tag, enable Smart Data Protector, activate granular category and per service controls and the equal weight reject button, enable Google Consent Mode v2 and pair the CMP with the Usercentrics policy generator. Activate the TCF v2.2 add on if required.
EU based alternatives include Cookiebot (also owned by Usercentrics), Iubenda (Italy), Didomi (France), Axeptio (France), CookieFirst (Netherlands), CookieYes (UE) and Klaro (open source). For French public sector sites the CNIL recommends Tarteaucitron or Axeptio.
Usercentrics includes an automatic vendor database with more than 2000 known trackers and an integrated scanner that updates the cookie policy. Enable the email notification, review the categorisation and reflect changes in the privacy notice whenever a new processor or purpose is added.