Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
MudBlazor is an open source Material Design component library for Blazor, the .NET framework that lets developers build interactive web user interfaces with C#. It ships as a NuGet package, runs inside the application, and provides ready to use components for forms, layout, navigation, and data visualization. The library itself does not write cookies or call external services by default, so its privacy impact is limited to how the host Blazor application is configured.
MudBlazor is a popular open source Material Design component library for Blazor, the Microsoft framework that allows developers to build web user interfaces in C# either on the server with Blazor Server or in the browser with Blazor WebAssembly. The library provides hundreds of components such as buttons, dialogs, data tables, date pickers, navigation drawers, and theming utilities. It is distributed as a NuGet package and runs entirely within the application.
MudBlazor itself does not set cookies and does not call external services. Cookies observed on a Blazor application typically come from ASP.NET Core middleware, such as authentication cookies, the anti forgery token, and the SignalR negotiation cookie in Blazor Server. The library uses the standard browser local storage only when the developer explicitly opts in to features such as theme preference persistence.
Since the library itself does not store or read identifiers in the browser, Article 5(3) of the ePrivacy Directive does not require consent for MudBlazor. Strictly necessary cookies set by ASP.NET Core, such as anti forgery and authentication, can also be set without consent. The GDPR principles apply to the data processed by the host application, in particular lawfulness, purpose limitation, and minimization.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
No consent is required to use MudBlazor or to set ASP.NET Core technical cookies. Consent is required only if developers add analytics, advertising, third party embeds, or persistent preference cookies that are not strictly necessary, in which case those cookies must be governed by a consent management platform.
MudBlazor is a library shipped as code, not a hosted service, so it does not transfer data anywhere by itself. Transfers depend entirely on where the Blazor application is hosted, on whether Azure SignalR is used, and on the regions configured in the cloud provider. Controllers should pick EU regions when EU data residency matters and document the choice.
Document the ASP.NET Core technical cookies in the cookie policy as strictly necessary, configure secure cookie flags, restrict the use of browser local storage to non sensitive preferences, host the application in EU regions when data residency matters, and audit any third party module before adding it to the Blazor project.
Websites using MudBlazor must obtain user consent under GDPR regulations.
DPIA considerations
MudBlazor does not perform profiling or large scale data processing, so a DPIA is not required for the library. The host Blazor Server or Blazor WebAssembly application may need a DPIA depending on the categories of data processed, the use of authentication, the persistence layer, and the hosting choices made by the controller.
Sample consent text
This application uses the MudBlazor Material Design library for its user interface. The library does not set cookies or collect analytics. If the underlying application uses cookies for authentication or anti forgery purposes, those are documented separately as strictly necessary.
Third-party domains contacted
mudblazor.comwww.nuget.orgcdn.jsdelivr.netCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| .AspNetCore.Antiforgery | first_party | Session | Anti CSRF token set by ASP.NET Core to protect forms used by MudBlazor components against cross site request forgery. |
| .AspNetCore.Session | first_party | Session | Server side session identifier used by ASP.NET Core when session state is enabled in the Blazor application. |
| .AspNetCore.Identity.Application | first_party | 30 days | Authentication cookie set by ASP.NET Core Identity when the user signs in to the Blazor application. |
| mud-theme | first_party | 1 year | Local storage entry used to remember the user theme preference, only set when the developer enables theme persistence. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
No. The library itself does not set cookies. Cookies on a Blazor application come from ASP.NET Core, for example for authentication or anti forgery protection, and from optional features explicitly enabled by the developer.
No. The library does not store or read identifiers in the browser, so the ePrivacy Directive does not require consent. Consent is required only if non essential cookies or trackers are added on top of MudBlazor.
The legal basis is legitimate interest under Article 6(1)(f) GDPR for the standard operation of the library and contract performance under Article 6(1)(b) when the host application manages authenticated user sessions.
MudBlazor itself does not transfer data. Transfers depend on the host Blazor application, in particular the cloud region chosen for the .NET hosting and the use of Azure SignalR. EU regions and EU based services keep data within the EEA.
No DPIA is required for the library itself. A DPIA may be needed for the host application if it processes large volumes of personal data, sensitive data, or performs automated decision making.
Document the ASP.NET Core technical cookies as strictly necessary, use secure cookie flags, limit local storage to non sensitive preferences, host the application in EU regions when relevant, and audit any third party component added to the project.
Alternatives include Telerik UI for Blazor, Syncfusion Blazor, Radzen Blazor, DevExpress Blazor, and Blazorise. They differ in licensing, feature scope, and pricing, but they share the property of being client side libraries with limited privacy footprint.
State that the application uses the MudBlazor library, that the library itself does not set cookies, and list the cookies set by ASP.NET Core as strictly necessary, with their purpose and lifetime.