Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Lit (formerly LitElement) is an open-source library by Google for building fast, lightweight Web Components. It is a developer tool used to create reusable UI components, not a data processor or tracking service. GDPR obligations arise entirely from the application built with Lit and the data it processes, not from the library itself.
Lit is an open-source library by Google for building fast, lightweight Web Components using standard browser APIs. Originally released as LitElement and Lit-html, the project was unified under the Lit brand. It provides a simple base class for defining custom HTML elements with reactive properties, declarative templates, and scoped styles. Lit is used by developers to create reusable UI components that work with any web framework or without a framework at all. It is not itself a data processor.
GDPR obligations arise from the application using Lit components, not from Lit itself. If a Lit component renders personal data, submits a form collecting personal data, or triggers an API call sending personal data, the GDPR obligations lie with the application developer. Lit components are UI building blocks — they are as privacy-neutral as HTML elements themselves.
Lit is available via unpkg.com and other public CDNs. Loading Lit from a CDN causes the CDN to log visitor IP addresses. For GDPR compliance, include Lit in your application bundle (via npm) and serve it from your own infrastructure rather than loading from public CDNs.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Include Lit in your application bundle via npm rather than loading from public CDNs. Apply GDPR compliance measures at the application level. Implement cookie consent management in the overall application. Describe data processed within Lit-built components in your privacy policy.
Websites using Lit must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is not required for Lit itself. It may be required for specific applications built with Lit that process large-scale personal data, perform automated decision-making, or handle special category data.
Sample consent text
This application uses Lit Web Components. Data collection and processing within this application are described in our privacy policy.
Third-party domains contacted
lit.devunpkg.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| lit_session | session | Session | Optional session state managed by Lit component applications — set by application developer, not by Lit itself |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
No. Lit is an open-source library for building Web Components. GDPR applies to the application using Lit components and the personal data it processes, not to the library itself.
No. Lit does not set any cookies. It is a UI component library that manages state entirely within the browser's component lifecycle.
Potentially yes. Public CDNs like unpkg.com log visitor IP addresses. For GDPR compliance, include Lit in your application bundle via npm and serve it from your own infrastructure.
Lit itself does not transfer data. Transfer obligations depend on where the application is hosted and which APIs or services the Lit components connect to.
Not for Lit itself. DPIAs may be required for applications using Lit that process personal data at large scale, perform automated decision-making, or handle special category data.
Bundle Lit via npm. Implement cookie consent at the application level. Apply data minimisation in components rendering personal data. Build data subject rights into the application. Sign DPAs with backend services the components connect to.
Yes. Lit is actively maintained by Google and the open-source community. It is the official successor to LitElement and Polymer and is recommended by Google for building Web Components. It receives regular updates and is widely used in production.
No, the library itself does not need to be disclosed. The data processing within your application's Lit-based components should be described in your privacy policy to the extent it involves personal data.