Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Flyvi is a cloud based graphic design and marketing creative tool that lets teams produce social posts, presentations, videos and ads from a browser. As a SaaS application it relies on first party cookies and local storage to maintain editor sessions, project state and personalisation, and it loads product analytics and marketing pixels on its public website. When you embed Flyvi inside a customer facing site or share Flyvi designs publicly, you must collect consent for non essential cookies and disclose the international transfer of design assets and metadata to Flyvi cloud regions.
Flyvi is a software as a service product for visual design and marketing creatives. From a single browser based editor, marketers, small business owners and content creators can produce social media graphics, presentations, posters, short videos and ad creatives. Flyvi packages templates, stock assets, AI image generation, brand kits and team collaboration features, and exports finished designs in multiple formats. Like every modern SaaS app, Flyvi relies on a public marketing website and an authenticated application, each with its own cookie footprint.
On the public Flyvi website, the platform typically loads product analytics (Mixpanel, Amplitude or Segment style trackers), marketing cookies for ad platforms and a help chat widget. Inside the editor, Flyvi uses first party cookies and tokens to authenticate the user, plus extensive local storage and IndexedDB to keep the current design, undo history, brand kit and recently used assets available offline. Uploaded images, fonts and design files are stored in object storage with a controller to processor relationship between the customer and Flyvi.
For the public marketing website and for any Flyvi widget embedded on a customer site, non essential cookies trigger Article 5(3) ePrivacy and require prior consent. Inside the authenticated editor, session cookies and storage entries that are strictly necessary to keep the user logged in and to save the current work do not require consent. Product analytics, AB testing tools and marketing pixels that observe how users interact with the editor are not strictly necessary and must be controlled by the consent banner.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
On the public site that promotes Flyvi, present a consent banner that lists analytics and marketing categories, describes each purpose and offers an equally prominent Reject button. When you embed Flyvi inside a portal aimed at end customers, gate the iframe behind a consent placeholder and only initialise it after the visitor opts in. Authenticated users of the editor see a transparency notice explaining which cookies are strictly necessary versus optional, with a settings panel inside the account.
Flyvi runs on cloud infrastructure that typically combines AWS regions in the EU and the United States with CDNs such as Cloudfront. Design files, uploads and account metadata may therefore be processed in the United States. Transfers from the EEA rely on the Standard Contractual Clauses included in the Flyvi DPA, complemented by the EU US Data Privacy Framework certification of the hosting subprocessors. Document these subprocessors and locations in your Article 30 register and in the privacy notice shown to your end users.
Sign the Flyvi DPA, configure your account to keep data in the EU region where available, restrict the upload of personal data of third parties to the strict minimum and train designers on the rule. Block Flyvi marketing cookies through your consent management platform on the public website, document the active subprocessors and review the configuration whenever Flyvi releases a new AI feature, since generative tools may introduce additional processing.
Websites using Flyvi must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is usually not required for an internal Flyvi deployment used by employees to produce marketing creatives. A DPIA becomes appropriate when Flyvi is embedded in a customer facing portal collecting visitor design uploads, when designs contain personal data of third parties (faces, names, contact details) processed at scale, or when the workflow combines Flyvi with marketing automation and behavioural advertising tools.
Sample consent text
This page embeds the Flyvi design tool. Flyvi sets first party cookies to keep your editor session, uses local storage to save your work in progress and loads product analytics that help us improve the editor. We only enable the non essential analytics and marketing components after you click Accept. You can refuse or withdraw consent at any time via the cookie settings link in the footer.
Third-party domains contacted
flyvi.comapp.flyvi.comcdn.flyvi.comapi.flyvi.comstatic.flyvi.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| flyvi_session | Strictly necessary | Session | Authentication session cookie that keeps the user logged in to the Flyvi editor and is required for the SaaS to work. |
| flyvi_csrf | Strictly necessary | Session | Cross site request forgery token used to protect every state changing request made by the authenticated user against CSRF attacks. |
| flyvi_prefs | Functional | 6 months | Stores user preferences such as the chosen language, the editor zoom level, the toggled side panels and the default export format. |
| flyvi_analytics | Analytics | 13 months | Product analytics identifier used to count active users, measure feature adoption and run AB tests on the editor experience. |
| flyvi_mkt | Marketing | 12 months | Marketing attribution cookie set on the public Flyvi website to measure paid acquisition campaigns and to power retargeting on partner ad networks. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
On the public website, Flyvi typically loads a product analytics cookie, marketing cookies for paid acquisition channels and a help chat widget cookie. Inside the authenticated editor, Flyvi uses session cookies and tokens to keep the user logged in, plus extensive local storage and IndexedDB entries to save the design, the undo history and recently used brand assets. The exact list depends on your Flyvi plan and on whether you enable optional integrations.
Consent is required for the non essential cookies on the Flyvi marketing website and for any Flyvi widget embedded on a customer site. Strictly necessary session cookies inside the authenticated editor, which are needed to keep the user logged in and to save the work, can rely on the strictly necessary exemption and do not require consent.
For authenticated users of the Flyvi editor, the legal basis is the performance of the contract under Article 6(1)(b) GDPR. Non essential analytics, marketing and embedded content cookies rely on consent under Article 6(1)(a). Personal data of third parties present in uploaded designs is processed by the customer as controller and by Flyvi as processor under an Article 28 contract.
Yes. Flyvi typically runs on cloud infrastructure that includes United States regions, and parts of the analytics and customer support stack may also be located outside the European Economic Area. Transfers rely on the Standard Contractual Clauses in the Flyvi DPA, complemented by EU US Data Privacy Framework certifications where the subprocessor is established in the United States.
A DPIA is generally not required for a standard internal use of Flyvi by an in house marketing team. Plan a DPIA when you embed Flyvi in a customer facing portal that accepts uploads from visitors, when designs include personal data of third parties (faces, names, contact information) processed at scale, or when Flyvi is combined with marketing automation and behavioural advertising tools.
Sign the Flyvi DPA, configure your tenant to use EU regions if available, restrict uploads of third party personal data to the minimum and train designers accordingly. On your public website, place the Flyvi marketing pixels in a non essential category controlled by your consent management platform, document subprocessors in your Article 30 register and review the configuration after every Flyvi product update.
For comparable in browser design tools, evaluate Canva, Adobe Express, Visme, Piktochart or Crello / VistaCreate. All these tools share similar compliance profiles: they rely on first party cookies, US hosted analytics and EU US transfers. The choice should depend on the feature set, the data residency options and the contractual terms in their DPA.
Add the Flyvi cookies you load on your public website to the cookie table, with names, hosts, durations and purposes. List Flyvi as a processor in your privacy notice, mention the categories of data processed (design assets, account data, telemetry), reference the EU US Data Privacy Framework or Standard Contractual Clauses, link to the Flyvi privacy notice and refresh the page after every Flyvi product release.