Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
6sense is a US-based B2B account intelligence and intent data platform that uses IP-to-company matching, behavioural signals, and third-party data to identify anonymous website visitors and predict purchase intent. From a GDPR perspective, the individual IP address processing constitutes personal data handling. B2B intent profiling at individual level requires a documented legal basis, and the US data transfer requires SCCs. 6sense is one of the more complex GDPR cases in the B2B marketing technology space.
6sense is a B2B revenue intelligence platform that combines account-based marketing, intent data, predictive analytics, and AI to help sales and marketing teams identify in-market buyers. Its core capability is deanonymising website traffic by matching visitor IP addresses to company records, enriching that data with third-party intent signals, and predicting which accounts are most likely to buy. It is widely used by enterprise B2B companies for account-based marketing campaigns.
6sense occupies a complex GDPR space. Pure company-level data (company name, industry, size) is not personal data. However, the IP addresses used to identify companies are personal data under GDPR because they can identify individual employees making the visit. The moment 6sense links an IP address to a company record, it is processing personal data. Third-party intent data tracking individuals across websites is clearly personal data requiring a lawful basis.
Some organisations argue that B2B intent data enrichment at company level is justified by legitimate interest, arguing that contacting a company that has shown interest in your product serves a proportionate business purpose. However, this argument requires a documented Legitimate Interest Assessment, must pass the balancing test, and does not cover individual-level tracking or cross-site behavioural profiling. Consent is the safer and more defensible basis for cookie-based individual tracking.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
All 6sense processing occurs on US infrastructure. SCCs are required for EU personal data transfers. Sign the 6sense DPA and SCCs. Implement a Transfer Impact Assessment if required by your DPA. Disclose the US transfer and legal mechanism in your privacy policy.
Conduct a DPIA before deploying 6sense on EU-facing websites. Document your legal basis: consent for cookie tracking, and a documented LIA for company-level IP matching if relying on legitimate interest. Sign DPA and SCCs. Implement consent-based tag loading. Add 6sense to your privacy policy disclosing IP processing, intent data enrichment, and US transfer.
Websites using 6sense must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is strongly recommended for 6sense deployments on EU-facing websites. The combination of IP-to-account matching, third-party intent data enrichment, and individual-level behavioural profiling constitutes large-scale systematic monitoring of website visitors, triggering Article 35 DPIA requirements.
Sample consent text
This website uses 6sense to identify companies visiting our site and measure purchase intent using your IP address and browsing behaviour. This data is processed in the US. You can opt out of this tracking below.
Third-party domains contacted
6sense.comb2b.6sense.comapi.6sense.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _6s | persistent | 13 months | 6sense visitor tracking cookie for IP-to-account matching and B2B intent data collection |
| __ssid | persistent | 12 months | 6sense session and account intelligence identifier |
6sense places tracking cookies for advertising — comply with GDPR using FlowConsent.
6sense provides a GDPR DPA and SCCs for EU customers. However, deploying 6sense on EU-facing websites is complex under GDPR due to IP address processing and individual-level behavioural tracking. A DPIA is strongly recommended before deployment.
Yes. IP addresses are personal data under GDPR. 6sense processes visitor IP addresses to perform company identification. Cross-site behavioural tracking of individuals via third-party intent data clearly constitutes personal data processing.
Consent for cookie-based individual tracking. A documented Legitimate Interest Assessment may support company-level IP-to-account matching at aggregate level, but individual-level profiling requires consent or another specific basis. Consult your DPO before deploying on EU sites.
Yes, strongly recommended. The combination of IP processing, third-party data enrichment, individual-level profiling, and US data transfers constitutes high-risk processing under GDPR Article 35. A DPIA should be completed before deployment.
Sign the 6sense Data Processing Agreement which includes Standard Contractual Clauses for EU-US data transfers. Complete a Transfer Impact Assessment to document the risks and supplementary measures. 6sense provides these documents via its trust portal.
Not for individual-level cookie tracking. For pure server-side IP-to-company matching without cookies, a legitimate interest basis with a balancing test and clear opt-out mechanism may be arguable, but this is legally uncertain and should be reviewed by a DPO.
Describe: IP address-to-company matching, third-party intent data enrichment, US data transfer via SCCs, the B2B marketing purpose, and how visitors can object. Link to 6sense's privacy policy and opt-out mechanism.
EU-based alternatives with similar capabilities include Leadinfo (Netherlands), Albacross (Sweden), and Clearbit (EU options). These provide company-level website visitor identification with EU infrastructure, simplifying the GDPR compliance picture.