Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
ZURB Foundation is an open source responsive front end framework that provides a CSS grid, components, and JavaScript helpers to build accessible websites and emails. It runs entirely in the visitor browser and does not write cookies or collect analytics by itself. The privacy footprint depends on how the framework is loaded, with public CDNs exposing the visitor IP address and self hosting keeping all assets on the controller infrastructure.
ZURB Foundation is a mature open source responsive front end framework that ships a CSS grid, a set of reusable UI components, accessibility helpers, and a JavaScript toolkit for navigation and interactivity. It is used by agencies and product teams to build websites, applications, and email templates that adapt to phones, tablets, and desktop browsers.
The framework itself does not write any cookie, does not include analytics, and does not call back to a vendor server when assets are self hosted. Any cookie observed alongside Foundation comes from the site own backend, from a CMS module, or from third party scripts added by the developer.
Because Foundation does not store or read identifiers in the browser by itself, Article 5(3) of the ePrivacy Directive does not require consent for the framework. When the assets are loaded from a public CDN, the visitor IP address is processed by the CDN provider, which falls under the GDPR. This processing is generally based on legitimate interest, provided the CDN provider offers appropriate transfer safeguards.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
No consent is required for the Foundation files themselves, whether self hosted or loaded from a CDN. Consent does come into play only if the developer adds analytics or marketing scripts on top of the Foundation layout. Those scripts must be governed by the consent management platform.
Public CDNs such as jsDelivr or cdnjs route requests through edges located in multiple regions, which can imply a transfer of the visitor IP address outside the EU. Self hosting the Foundation files removes that exposure entirely. Controllers who keep a CDN should document the provider, the safeguards, and the categories of data exposed.
Prefer self hosting of the Foundation CSS and JavaScript files when possible, set up Subresource Integrity hashes if you use a CDN, mention the CDN in the privacy policy, and confirm that any cookies you observe on the site are caused by other components, not by Foundation itself.
Websites using ZURB Foundation must obtain user consent under GDPR regulations.
DPIA considerations
ZURB Foundation does not perform profiling or large scale data processing, so a DPIA is not required for the framework. A short risk note may be enough when assets are loaded from a public CDN to confirm that only the IP address is exposed and that the CDN provider has appropriate transfer safeguards in place.
Sample consent text
This website uses the ZURB Foundation front end framework to render its layout. The framework does not set cookies or collect analytics. Some assets may be loaded from a public CDN which receives your IP address to deliver the file.
Third-party domains contacted
get.foundationcdn.jsdelivr.netcdnjs.cloudflare.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| No framework cookies | first_party | N/A | ZURB Foundation does not write any cookie by itself. This entry documents the absence of cookies set by the framework. |
| CDN cache hint | first_party | Varies | When loaded from a public CDN, the browser may store a cache validator for the asset, which is a technical cache mechanism and not a personal data identifier. |
| SRI fingerprint | first_party | N/A | Subresource Integrity hash used to verify the integrity of the file delivered by the CDN, stored only in the HTML markup, not as a cookie. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
No. The framework itself does not write or read cookies. Any cookies on a Foundation based site come from the backend, the CMS, or other scripts added by the developer.
Consent is not required for the framework files because no information is stored or read in the visitor browser. Consent is required only for analytics or marketing scripts added on top of Foundation.
When the assets are self hosted there is no separate processing of personal data linked to the framework. If a public CDN is used to deliver the files, the legal basis for the IP exposure is legitimate interest under Article 6(1)(f) GDPR.
Not by itself. Transfers can occur if the files are loaded from a CDN with US edges. Self hosting eliminates this exposure, and CDNs with EU presence reduce it significantly.
No. The framework does not perform profiling or large scale data processing, so a DPIA is not required for the framework itself. A DPIA may still be needed for the full application built with Foundation depending on what it processes.
Self host the CSS and JavaScript assets, version them, apply Subresource Integrity for any remote loading, avoid mixing the framework with trackers in the same bundle, and document the chosen delivery method in the privacy policy.
Alternatives include Bootstrap, Tailwind CSS, Bulma, UIkit, and Pure CSS. They differ in component sets and design philosophy, but they share the property of not setting cookies on their own.
Add a short statement that the website uses the ZURB Foundation framework for rendering, that the framework does not set cookies, and, if applicable, that some assets are served via a CDN which receives the visitor IP address.