Does your website use third-party services? Get GDPR compliant in minutes.

Bynder

PreferencesWebsite

What does Bynder do?

Bynder is a Dutch Digital Asset Management platform headquartered in Amsterdam. It hosts brand assets and serves them through HTTPS endpoints without setting cookies on website visitors. European customers are deployed on AWS Ireland, keeping content inside the EEA.

What Bynder is and how it serves assets

Bynder is a Digital Asset Management (DAM) platform founded in 2013 by Bynder B.V. in Amsterdam, Netherlands. Marketing and brand teams use Bynder to store, organize and distribute photos, videos, logos and templates. Each customer has a subdomain (customer.bynder.com) and a public asset delivery via CloudFront. Frontend pages can embed asset URLs directly to load images, videos and PDFs from the DAM.

Cookies and identifiers set on visitors

When a website embeds an asset hosted on Bynder, the visitor browser fetches the asset over HTTPS without receiving any cookie. Cookies only appear inside the Bynder web application for logged in customer users (session, antiforgery, locale) and on the corporate site bynder.com for marketing analytics. These two contexts do not propagate to the websites that consume Bynder assets.

GDPR and ePrivacy implications

Because the public Bynder asset delivery does not place identifiers on the visitor terminal, Article 5(3) of the ePrivacy Directive does not require prior consent for the assets themselves. Article 6(1)(f) GDPR (legitimate interest) covers the limited request metadata at the CDN edge. Bynder B.V. acts as processor under Article 28 GDPR when storing customer assets. The DPA is part of the customer agreement and includes Standard Contractual Clauses for any residual non EU transfer.

Get GDPR compliant in 10 minutes

Free plan available · No credit card required

Try FlowConsent free

Data transfers and Schrems II

European customers are provisioned by default on the AWS EU West 1 region (Ireland), keeping asset storage and the application stack inside the EEA. CloudFront edges are global so a visitor in Asia will be served from the nearest edge, however cached assets are content, not personal data. Bynder corporate operations, support tooling and product analytics may include US based providers (HubSpot, Intercom, Zendesk) but they are scoped to bynder.com communications with the customer, not to the customer brand portal.

Practical compliance steps

Confirm the AWS EU West 1 region on your Bynder contract. Sign the Bynder DPA, document the processor in your record of processing activities with hosting region and asset CDN. Enable SSO and 2FA on portal accounts. Manage rights and licenses for assets containing identifiable persons (model releases). Avoid storing customer or employee personal data in metadata fields unless necessary. Audit any custom integration that publishes assets via the Bynder API to your website.

GDPR consent category

Preferences

Websites using Bynder must obtain user consent under GDPR regulations.

Legal basisArticle 6(1)(f) GDPR (legitimate interest) for asset delivery and abuse prevention. Strictly necessary cookies are used in the Bynder web application for logged in customer users.

Risk levellow

Applicable regulationsGDPR, ePrivacy Directive, DSGVO, RGPD, LSSI, Dutch Implementation Act AVG (UAVG)

DPIA considerations

A DPIA is generally not required for the public Bynder asset delivery because no personal data is processed on visitors beyond standard CDN logs. A DPIA should be considered if the DAM stores assets containing identifiable individuals (model releases, employee photography, customer testimonials), if the Brand Guidelines portal collects identifiable feedback, or if Bynder is integrated with personalization features. Document the EU region selection and the DPA with Bynder B.V.

Sample consent text

This website loads brand assets from Bynder. Bynder does not set cookies on visitors when serving assets. No consent is required. Authentication cookies only apply to internal users of the Bynder portal.

Technical details

Tracking methodDigital Asset Management platform that hosts and serves brand assets (images, videos, logos, marketing collateral) on a customer subdomain (customer.bynder.com) and through the CDN endpoints d2csxpduxe849s.cloudfront.net and assets.bynder.com. Public assets are fetched by HTTPS without setting cookies on visitors. The Bynder web application uses session cookies for logged in users.

Server locationBynder B.V. (Amsterdam, Netherlands). The platform is hosted on Amazon Web Services with primary region EU West 1 (Ireland) for European customers and US East 1 (Virginia) for US customers. Asset delivery uses Amazon CloudFront with global edge locations.

Cookieless tracking availableYes

Third-party domains contacted

bynder.comassets.bynder.comd2csxpduxe849s.cloudfront.netd3l21ahgsxs2qg.cloudfront.netapi.bynder.com

Cookies placed

Name	Type	Duration	Purpose
PHPSESSID	first-party (customer.bynder.com portal)	Session	Standard PHP session cookie used to authenticate logged in customer users on the Bynder portal. Strictly necessary, never set on the public website that embeds assets.
bynder_csrf	first-party (customer.bynder.com portal)	Session	Anti CSRF token used by the Bynder portal to protect state changing operations. Strictly necessary.
_ga	third-party (marketing site only)	2 years	Google Analytics cookie used on bynder.com marketing site. Not set on customer asset URLs.

Bynder uses cookies for user preferences — inform visitors with a consent banner.

Get started free Scan your site

Frequently asked questions

Does Bynder set cookies on website visitors?

No. When a website embeds an asset hosted on Bynder (image, video, PDF), the visitor fetches the asset over HTTPS without receiving any cookie. Cookies are only set on the Bynder customer portal for logged in users and on the bynder.com marketing site for analytics.

Do I need consent for Bynder under GDPR and ePrivacy?

No consent is required to embed Bynder hosted assets because no identifier is stored on the visitor terminal. The Bynder portal cookies are strictly necessary for logged in customer users.

What is the legal basis for processing visitor data with Bynder?

Article 6(1)(f) GDPR (legitimate interest) covers the request logs needed for asset delivery and abuse prevention. Bynder B.V. acts as processor under Article 28 GDPR for asset storage, with a DPA part of the customer agreement.

Does Bynder transfer data to the United States?

European customers are provisioned on AWS EU West 1 (Ireland), keeping assets in the EEA. The CloudFront CDN edges are global but cached assets do not contain personal data. Bynder corporate communication tools (HubSpot, Intercom, Zendesk) may include US providers but are scoped to bynder.com communications.

Is a DPIA required for Bynder?

A DPIA is generally not required for the public asset delivery. It should be considered if the DAM stores assets containing identifiable individuals, if the Brand Guidelines portal collects identifiable feedback, or if Bynder is integrated with personalization features.

How do I implement Bynder compliantly?

Confirm the AWS EU West 1 region on the contract, sign the DPA, document the processor in your RoPA, enable SSO and 2FA on portal accounts, manage rights and licenses for assets containing people, avoid storing personal data in metadata fields and audit API integrations.

What are the alternatives to Bynder?

Other Digital Asset Management platforms include Aprimo, Adobe Experience Manager Assets, Acquia DAM (Widen), Brandfolder, Frontify (Switzerland), Cloudinary, Canto, MediaValet and Wedia (France).

How do I update the cookie policy for Bynder?

No specific cookie disclosure is needed for the embedded assets. List Bynder as a content processor in your privacy policy with hosting region, purpose and DPA reference. Document any custom integration that publishes assets to your site through the Bynder API.

Get compliant — Try FlowConsent free

Free plan · 10-min setup