Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Weezbe is an online store builder used by small and medium businesses to create, manage and grow an eCommerce site without writing code. The platform handles the catalog, the cart, the checkout, the order management, payment integrations and shipping connectors from a single dashboard. As an integrated SaaS solution, Weezbe sets first party cookies for the storefront session, the cart and the customer account, and exposes optional analytics, marketing and personalisation tools that load their own non essential cookies. Merchants deploying a Weezbe storefront in Europe must therefore collect consent for non essential cookies and document the third party data flows their integrations create.
Weezbe is an online store builder aimed at small and medium businesses that want to launch and operate an eCommerce site without managing infrastructure. From a single dashboard, merchants design the storefront, manage the product catalog, configure shipping and tax rules, connect payment gateways, send transactional emails and run marketing campaigns. The platform combines a no code site builder, a back office and integrated checkout, and ships with optional analytics, marketing and personalisation tools that the merchant activates as needed.
On a Weezbe storefront, strictly necessary cookies are set for the visitor session, the cart, the checkout funnel, the chosen language and currency, the CSRF token and the customer account when authenticated. The platform also captures the order, the billing and shipping addresses and the payment status. Optional integrations bundled with the platform (Google Analytics, Meta Pixel, Klaviyo style email tools, Trustpilot widgets, embedded YouTube videos) load their own cookies and pixels that fall outside the strictly necessary exemption.
Cookies that keep the cart, the session and the checkout running are strictly necessary and benefit from the Article 5(3) ePrivacy exemption. Optional analytics, marketing, personalisation and embedded third party content require prior, freely given, specific, informed and unambiguous consent. The merchant is the data controller for customer accounts and orders and uses Weezbe as a processor through an Article 28 contract. Any sale of customer lists or syndication of data to advertising partners requires a separate consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Activate the consent management features inside Weezbe or integrate a dedicated consent management platform. Block analytics, marketing and personalisation cookies until the visitor opts in, list each third party in the cookie banner and provide a Reject button as visible as the Accept button. For double opt in newsletters, store the proof of consent inside the Weezbe customer record so that subscribers can later access, rectify or erase their data on request.
The Weezbe platform itself hosts data on cloud infrastructure inside the European Union. International transfers happen mainly through optional integrations: US analytics tools, US advertising pixels, US payment providers or non EU shipping carriers. These transfers must be covered by the EU US Data Privacy Framework certification of the recipient, by Standard Contractual Clauses or by another valid Chapter V mechanism, with a Transfer Impact Assessment for high risk recipients.
Sign the Weezbe DPA, review the list of subprocessors and disable optional integrations you do not need. Apply data minimisation to the customer account creation flow, separate marketing consent from the terms of sale acceptance, set retention rules for orders, abandoned carts and inactive accounts and configure a tokenised PCI DSS compliant payment integration. Maintain a record of processing activities, publish a clear privacy notice and review the configuration each time you add a new app from the Weezbe marketplace.
Websites using Weezbe must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required for a basic Weezbe store with a small product catalog and a tokenised payment integration. A DPIA becomes appropriate when the merchant activates large scale personalisation, when the store collects sensitive product preferences (health, religion, political opinions), when it processes children data, or when it onboards data from external sources into the Weezbe customer database to feed advertising tools.
Sample consent text
This online store is powered by Weezbe. Strictly necessary cookies keep your cart, your account and your checkout working. With your consent, we also enable analytics, personalisation and marketing cookies that help us understand how the store is used and to deliver personalised offers. You can refuse or withdraw consent at any time via the cookie settings link in the footer.
Third-party domains contacted
weezbe.comcdn.weezbe.comapi.weezbe.comcheckout.weezbe.comassets.weezbe.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| wz_session | Strictly necessary | Session | Session cookie used by the Weezbe storefront to bind the visitor to a server side session, required for navigation and purchase. |
| wz_cart | Strictly necessary | 30 days | Persists the cart contents between visits so that the shopper can return and complete the order without losing the selected products. |
| wz_csrf | Strictly necessary | Session | Cross site request forgery token used to protect every state changing request, including login, checkout and account updates. |
| wz_locale | Functional | 1 year | Stores the language and currency selected by the shopper to display the storefront in the chosen locale on subsequent visits. |
| wz_customer | Functional | 1 year | Long lived identifier used to recognise an authenticated customer and populate the wishlist, the order history and the saved addresses. |
| wz_consent | Strictly necessary | 6 months | Records the consent choices made by the visitor in the Weezbe cookie banner so that they are applied across the storefront and refreshed at the configured interval. |
Weezbe uses cookies for user preferences — inform visitors with a consent banner.
Weezbe sets strictly necessary first party cookies for the visitor session, the cart, the checkout funnel, the language and currency, the CSRF token and the customer account when logged in. Optional integrations enabled by the merchant (Google Analytics, Meta Pixel, email marketing, embedded reviews and videos) load their own non essential cookies. The exact list depends on which apps you have installed from the Weezbe marketplace.
Consent is required for non essential cookies activated on a Weezbe storefront, including analytics, marketing, personalisation and embedded third party content. Strictly necessary cookies for the cart, the session and the checkout benefit from the Article 5(3) ePrivacy exemption. Newsletter signups and any direct marketing also require their own consent, ideally collected with a double opt in mechanism.
The legal basis is the performance of the contract under Article 6(1)(b) GDPR for order management, delivery and customer accounts. Legal obligation applies to invoicing, accounting and consumer protection retention rules. Consent under Article 6(1)(a) covers marketing communications, newsletters and non essential cookies. Legitimate interest can support fraud prevention, subject to a documented assessment.
The Weezbe platform hosts the storefront and the back office data in the European Union. Transfers to the United States happen mainly through optional integrations such as Google Analytics, Meta Pixel, US based payment providers or shipping carriers. The merchant must list each US recipient in the privacy notice and rely on the EU US Data Privacy Framework certification or Standard Contractual Clauses, with a Transfer Impact Assessment for high risk recipients.
A DPIA is generally not required for a basic Weezbe store with a small catalog, a guest or simple account checkout and a tokenised payment integration. Conduct a DPIA when you enable large scale personalisation, when the catalog reveals sensitive preferences (health, religion, political opinions), when the store targets children or when you onboard external data into the Weezbe customer database for advertising purposes.
Sign the Weezbe DPA, review subprocessors, deactivate unused integrations and only enable apps you actually need. Configure a tokenised payment provider, set retention rules for orders, abandoned carts and inactive accounts, separate marketing consent from terms of sale acceptance and connect a consent management platform to control all non essential cookies. Maintain a record of processing activities and publish a clear privacy notice with the list of subprocessors.
For comparable all in one online store builders, evaluate Shopify, Wix Stores, Squarespace Commerce, BigCommerce, Ecwid, PrestaShop Cloud, WooCommerce or Magento Open Source. Each one has its own data residency, marketplace of apps and pricing. The compliance profile depends mostly on the integrations and marketing tools you activate, rather than on the platform itself.
List the strictly necessary cookies set by Weezbe (session, cart, checkout, CSRF, language, currency, customer account) and explain their role. Add a separate section for the analytics, personalisation and marketing cookies enabled by your installed apps, with names, hosts, durations and purposes. Mention Weezbe and its subprocessors in the privacy notice, document the lawful bases and refresh the page each time you add or remove a marketplace app.