Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
All in one US platform for online courses, coaching, memberships, communities and email marketing for creators, hosted on AWS US infrastructure.
Kajabi is a US all in one platform founded in 2010 and headquartered in Irvine, California. It allows creators, coaches and knowledge entrepreneurs to host online courses, coaching programs, membership sites, communities, podcasts and email marketing under a single brand. Kajabi is operated by Kajabi LLC and runs on Amazon Web Services infrastructure located in the United States.
Kajabi processes student account data (name, email, password hash), payment data through Stripe and PayPal, course progress, video watch time, quiz results, community posts and email engagement events (opens, clicks, unsubscribes). It sets first party cookies such as _kajabi_session for authentication, kjb_visitor for visitor identification, and funnel related cookies that track marketing journeys. Email marketing relies on a tracking pixel that records when messages are opened.
Cookies that are not strictly necessary, including funnel analytics, behavioural email tracking and any Facebook Pixel or Google Analytics integration enabled via Kajabi, require prior informed consent under Art. 5(3) of the ePrivacy Directive as transposed into national law (for example PECR in the UK, the French Data Protection Act and the TTDSG in Germany). The legal basis under Art. 6(1) GDPR is consent for marketing and analytics, and contract performance for course delivery, billing and account management.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
All learner and customer data is transferred to and processed on AWS infrastructure in the United States. Since the Schrems II ruling (CJEU C 311/18), such transfers must rely on a valid Art. 46 GDPR mechanism, in practice Standard Contractual Clauses, accompanied by a Transfer Impact Assessment that considers FISA Section 702 and Executive Order 12333. If Kajabi has self certified under the EU US Data Privacy Framework, that can be used as an alternative transfer mechanism for the relevant data flows.
For EU and UK visitors of a Kajabi storefront or marketing funnel, a compliant Consent Management Platform must collect opt in for analytics, marketing cookies, the Facebook Pixel and behavioural email tracking before the corresponding scripts and pixels load. Students must also be informed of the transfer of their personal data to the United States and of their right to withdraw consent at any time.
Sign a Data Processing Agreement with Kajabi LLC, document the Standard Contractual Clauses and the Transfer Impact Assessment, update the privacy notice and cookie policy with the categories of cookies set by Kajabi, configure a CMP that blocks non essential scripts before consent, offer a one click unsubscribe in every marketing email, and run a DPIA when processing is large scale or involves systematic monitoring of learners.
Websites using Kajabi must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA under Art. 35 GDPR is recommended when Kajabi is used at scale for behavioural email tracking, course progress analytics, marketing funnels or large membership communities. The assessment must cover systematic monitoring of learners, profiling for marketing automation, transfers to the United States under Standard Contractual Clauses with a Transfer Impact Assessment addressing FISA 702 and Executive Order 12333, and the rights of EU data subjects to access, rectify, erase and object.
Sample consent text
We use Kajabi to host our courses, memberships and marketing emails. Kajabi sets cookies for sessions, course progress, funnel analytics and email tracking, and transfers your data to servers in the United States. Do you accept these cookies and this transfer?
Third-party domains contacted
kajabi.comkajabi-app.commy.kajabi.comkajabi-storefronts-production.global.ssl.fastly.netkajabi-cdn.global.ssl.fastly.netCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _kajabi_session | First party, strictly necessary | Session | Maintains the authenticated session of a logged in student or admin on the Kajabi site. |
| kjb_visitor | First party, analytics | 12 months | Identifies unique visitors of a Kajabi storefront or landing page to attribute funnel and marketing activity. |
| kjb_funnel_* | First party, marketing | Up to 12 months | Tracks a contact through a Kajabi marketing funnel (pipeline), recording the steps visited and the source of acquisition. |
| _ga | Third party, analytics (Google Analytics integration) | 13 months | Distinguishes unique users for Google Analytics when the GA integration is enabled in Kajabi. |
| _fbp | Third party, marketing (Facebook Pixel integration) | 3 months | Used by Meta to deliver advertising and measure conversions when the Facebook Pixel is enabled in Kajabi. |
Kajabi uses cookies for user preferences — inform visitors with a consent banner.
Kajabi sets first party cookies such as _kajabi_session for authentication, kjb_visitor for visitor identification (about 12 months), and funnel cookies that follow a contact through marketing journeys. If you enable integrations like Google Analytics or the Facebook Pixel from Kajabi, additional third party cookies (_ga, _gid, _fbp) are dropped.
Yes, for all cookies and trackers that are not strictly necessary, including funnel analytics, the Facebook Pixel, Google Analytics and behavioural email tracking. Art. 5(3) of the ePrivacy Directive requires prior informed consent before such cookies are stored or read, in addition to the consent requirement under Art. 6(1)(a) GDPR for the related processing.
Two bases typically apply: consent (Art. 6(1)(a) GDPR) for marketing emails, behavioural tracking and non essential cookies, and performance of a contract (Art. 6(1)(b) GDPR) for delivering the purchased course, providing access to a membership and processing payment with Stripe or PayPal.
Yes. Kajabi LLC is based in Irvine, California, and hosts learner and customer data on AWS infrastructure in the United States. Transfers from the EU and UK rely on Standard Contractual Clauses under Art. 46(2)(c) GDPR with a Transfer Impact Assessment that takes FISA Section 702 and Executive Order 12333 into account, or on a Data Privacy Framework certification where available.
A Data Protection Impact Assessment under Art. 35 GDPR is recommended whenever Kajabi is used for large scale behavioural email tracking, systematic monitoring of course progress, marketing automation funnels, or sizeable membership communities. The DPIA must cover the US transfers and the rights of data subjects.
Sign a Data Processing Agreement with Kajabi LLC, document the Standard Contractual Clauses and Transfer Impact Assessment, configure a Consent Management Platform that blocks Kajabi marketing scripts, funnel cookies, Facebook Pixel and Google Analytics until consent is given, and provide a one click unsubscribe link in every marketing email.
European or EU friendly alternatives include Teachable and Thinkific (Canada), Podia (US), Systeme.io (France), Kartra (US) and MemberPress (US, WordPress based). None of them removes the GDPR or US transfer obligations by itself; the choice should be driven by EU hosting options, data processing terms and the integrations needed.
Yes. The cookie policy must list the Kajabi cookies by name, purpose and duration, and the privacy notice must mention Kajabi LLC as a processor, the categories of data processed, the US transfer with the relevant safeguards, and the data subject rights (access, rectification, erasure, objection, portability, complaint to a supervisory authority).