Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Clerk.io is a Danish e-commerce personalisation platform from Clerk.io ApS, used by over 2 500 European retailers to deliver product recommendations, on site search, email personalisation and abandoned cart flows. The clerk.js SDK loads on product pages, captures behavioural data and serves personalised content. Hosted in AWS European regions, Clerk.io positions itself as a GDPR friendly alternative to US e-commerce personalisation providers.
Clerk.io is a Danish e-commerce personalisation platform from Clerk.io ApS, headquartered in Copenhagen. The product covers four main pillars: product recommendations (you may also like, frequently bought together, trending now), on site search with semantic understanding, email personalisation (product blocks injected into newsletters) and audience automation (cart recovery, post purchase flows). Retailers connect their product feed and order webhook, install the clerk.js SDK, and Clerk.io starts learning from visitor behaviour.
Clerk.io writes first party cookies on the publisher domain (typically clerk-visitor, clerk-session and clerk-consent) and collects IP address, user agent, full URL of every page viewed, scroll behaviour, time on page, product views, cart additions and removals, search queries, completed purchases and (when the email feature is enabled) the hashed email address of subscribers to link offline and online behaviour.
Clerk.io writes non strictly necessary cookies and builds a behavioural profile per visitor, both falling under Article 5(3) ePrivacy and Article 6 GDPR. Prior consent is required for tracking cookies and for the marketing flows that follow. The Danish Data Protection Authority (Datatilsynet) and the EDPB consider behavioural personalisation to be in scope of consent, particularly when correlated with subscriber identity. EU hosting reduces transfer concerns but does not remove the consent requirement.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block clerk.js until the visitor opts in to the Marketing category in your consent management platform. Treat email personalisation as a separate consent (marketing emails) and only correlate cookies with email subscribers when consent allows. Treat cart abandonment flows as a third consent for marketing communications. Granular consents give visitors meaningful control and align with the Datatilsynet guidance on layered consent.
Clerk.io is hosted on AWS European regions and run by Clerk.io ApS in Denmark. No systematic third country transfer by default. Limited sub-processors (CDN, error reporting) may operate in the US and should be reviewed in the Clerk.io sub-processor list. Integration with Klaviyo, Mailchimp, ActiveCampaign or other ESPs may forward data to those providers, often based in the US, requiring SCCs and documentation.
Sign the Clerk.io DPA, gate clerk.js behind consent, use granular consents per channel, list Clerk.io in your cookie policy and record of processing activities, document any ESP integrations and their transfer mechanisms, set retention to align with the personalisation purpose, redact sensitive product categories from auto tracking, and inform email subscribers when behavioural data influences their newsletter content.
Websites using Clerk.io must obtain user consent under GDPR regulations.
DPIA considerations
Clerk.io processes visitor IP address, user agent, full URL of every page viewed, time on page, scroll depth, product views, cart additions, search queries, completed purchases (when integrated with the order webhook) and a persistent visitor identifier. Key DPIA considerations: (1) the recommendation engine builds a behavioural profile per visitor, which is profiling under GDPR; (2) email personalisation correlates the visitor cookie with the email subscriber identity, requiring an additional consent layer; (3) cart abandonment flows imply marketing communications and require their own consent; (4) all processing happens in the EU, which limits transfer concerns; (5) integration with Klaviyo, Mailchimp or similar may forward data to US providers, requiring SCCs and a Transfer Impact Assessment.
Sample consent text
We use Clerk.io to provide personalised product recommendations and search. Clerk.io places cookies on your device, processes your browsing and purchase behaviour on EU based servers and uses this data to surface relevant products. You can withdraw your consent at any time via our cookie settings.
Third-party domains contacted
clerk.ioapi.clerk.iocdn.clerk.iojs.clerk.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| clerk-visitor | Marketing | 1 year | Persistent visitor identifier used by Clerk.io to build a behavioural profile for product recommendations and search personalisation. |
| clerk-session | Marketing | Session | Session identifier used to group page views and product interactions within a single browsing session. |
| clerk-consent | Functional | 1 year | Stores the visitor consent state so Clerk.io respects the choices made via the publisher consent management platform. |
Clerk.io uses cookies for user preferences — inform visitors with a consent banner.
Clerk.io writes first party cookies on the publisher domain, typically clerk-visitor (persistent visitor identifier), clerk-session (session identifier) and clerk-consent (consent state). The visitor identifier is used to build a behavioural profile for personalisation.
Yes. The clerk.js SDK writes non strictly necessary cookies and starts behavioural profiling immediately, which falls under Article 5(3) ePrivacy and Article 6 GDPR. Granular consents are recommended per channel (web personalisation, email, cart recovery).
Consent (Art. 6(1)(a) GDPR) for tracking cookies and behavioural personalisation. For fully anonymised, aggregated recommendations that do not profile the individual visitor, legitimate interest may apply with a documented balancing test, but this is rarely how Clerk.io is deployed in practice.
By default, no. Clerk.io is hosted in AWS European regions and operated by Clerk.io ApS in Denmark. Limited sub-processors (CDN, error reporting) may be in the US. Integrations with US based ESPs (Klaviyo, Mailchimp) introduce US transfers that should be documented.
A DPIA is recommended for any large scale e-commerce deployment because of the behavioural profiling and multi channel marketing combination. For small shops with basic recommendations only, a documented assessment is usually sufficient.
Sign the Clerk.io DPA, gate clerk.js behind consent, use granular consents per channel, list Clerk.io in your cookie policy and record of processing activities, document any ESP integrations and their transfer mechanisms, set retention to align with the personalisation purpose and consider running a DPIA.
EU based e-commerce personalisation alternatives include Nosto (Finland), Algolia (France, also offers recommendations), Constructor.io (with EU residency option), Bloomreach (Netherlands acquisition Exponea, with EU residency) and on the open source side, Recombee or self hosted Algolia derivatives.
List Clerk.io by name as a Marketing service, identify Clerk.io ApS as the processor, the cookies set (clerk-visitor, clerk-session, clerk-consent), the data collected (IP, behaviour, product views, search, hashed email), the EU only hosting, the retention period, any ESP integrations and a link to the Clerk.io privacy notice.