Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Dorik AI is an AI powered website builder by Dorik Inc. that generates full websites from natural language prompts, with hosting and analytics handled in the United States.
Dorik AI is the artificial intelligence layer added to the Dorik no code website builder. From a short natural language prompt it generates a full multi page website, including copy, layout, images and basic SEO metadata, that the user can then refine inside the visual editor and publish on a Dorik subdomain or a custom domain.
Dorik AI is a feature of the Dorik SaaS platform operated by Dorik Inc., a company with Bangladeshi roots and US business operations. The product is positioned as an all in one builder where prompt based generation, drag and drop editing, hosting, CDN delivery and form handling are bundled in a single subscription. Sites built with Dorik AI are served from Dorik infrastructure on Amazon Web Services, most commonly in the us-east-1 region.
Inside the builder, Dorik sets session cookies to keep the user logged in and to preserve unsaved work. On published sites Dorik can inject its own analytics tags as well as third party scripts that the site owner enables (for example Google Analytics, Meta Pixel or HubSpot). The platform also stores account data, billing information, prompts submitted to the AI and the generated content itself. IP addresses and User Agent strings are processed for security, abuse prevention and basic audience measurement.
For EU visitors of a website built with Dorik AI, GDPR applies to all personal data collected through the site and the ePrivacy Directive applies to every non essential cookie or similar identifier. The site owner is the controller, Dorik Inc. acts as a processor for hosting and for the AI generation features. Analytics cookies, marketing cookies and any tracking pixel embedded on the published site require informed consent collected before the script runs.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Strictly necessary cookies that keep a logged in editor session or remember a shopping cart are exempt from consent. Everything else, including Dorik audience analytics, embedded social widgets and any pixel added through the integrations panel, must be blocked until the visitor gives an explicit opt in. A compliant consent banner must offer a refuse option that is as visible as the accept option, must log the choice and must allow the visitor to withdraw consent at any time.
Because Dorik AI is hosted on AWS in the United States, personal data of EU visitors is transferred outside of the European Economic Area as soon as a page is requested. The site owner must rely on a valid transfer mechanism, typically the EU US Data Privacy Framework if Dorik is certified, or Standard Contractual Clauses combined with a transfer impact assessment. The privacy notice on the published site should explicitly mention the United States as a destination country and describe the safeguards in place.
Sign a Data Processing Agreement with Dorik Inc., complete a transfer impact assessment for the US flow, enable a Consent Management Platform on every published site, block all non essential scripts until consent is granted, document the cookies and trackers active on the site, and update the privacy notice with the categories of data, the retention periods and the contact details of the controller. Keep an internal record of processing activities and review it whenever the site evolves or new AI features are activated.
Websites using Dorik AI must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Dorik AI is used to build sites that collect customer personal data at scale, when AI prompts may contain personal data of third parties, or when the published site uses analytics and marketing cookies in combination with US hosting.
Sample consent text
We use Dorik AI to host this website and to measure audience. With your consent, analytics and functional cookies are set and some data is transferred to the United States. You can accept, refuse or set your preferences at any time.
Third-party domains contacted
dorik.comdorik.iocdn.dorik.comapp.dorik.comapi.dorik.comd2f3dnusbnmpf2.cloudfront.netwww.googletagmanager.comwww.google-analytics.comjs.intercomcdn.comjs.hs-scripts.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| dorik_session | http | Session | Maintains the authenticated builder session for users editing a Dorik AI website. |
| dorik_auth_token | http | 30 days | Stores the authentication token that keeps the site owner signed in across Dorik subdomains. |
| _ga | http | 13 months | Google Analytics 4 client identifier used to measure audience on the published site when analytics is enabled. |
| _ga_DORIK | http | 13 months | Google Analytics 4 session cookie attached to the Dorik measurement property. |
| intercom-id | http | 9 months | Intercom visitor identifier used by Dorik for in app messaging and customer support in the dashboard. |
| hubspotutk | http | 6 months | HubSpot tracker installed by Dorik users who enable the HubSpot integration on their published site. |
Dorik AI places tracking cookies for advertising — comply with GDPR using FlowConsent.
By default Dorik sets a few first party cookies for session management and basic site analytics. When the site owner enables integrations, additional cookies from Google Analytics, Meta Pixel, HubSpot or other tools can be installed. Only strictly necessary cookies are exempt from consent, every other cookie must be loaded after the visitor accepts.
Yes for everything beyond strictly necessary cookies. The Dorik builder itself runs in the back office with a logged in user under a contractual basis, but on the published site, analytics, advertising and embedded social scripts always require prior consent under the ePrivacy Directive and the GDPR.
Two bases coexist. The contract with Dorik covers hosting, AI generation and account management for the site owner. Consent is the legal basis for analytics and marketing cookies fired on the published site. Legitimate interest can apply to security logs and fraud prevention.
Yes. Dorik AI runs on AWS in the United States, mostly in us-east-1. As soon as an EU visitor opens a page, IP address, request metadata and any data submitted through forms are processed in the US. The site owner must rely on the EU US Data Privacy Framework when Dorik is certified, or on Standard Contractual Clauses with a transfer impact assessment otherwise.
A DPIA is not automatic but it is strongly recommended when the published site collects sensitive data, processes large volumes of customer information, profiles visitors, or combines AI generated content with US hosting and advertising trackers. The combination of these factors usually triggers the high risk threshold under article 35 of the GDPR.
Sign a DPA with Dorik, integrate a certified Consent Management Platform on every published site, block all non essential scripts until consent is granted, list every cookie in the cookie notice, mention the United States as a destination country in the privacy policy, keep a register of processing activities and review them when the site evolves or new AI features are activated.
EU friendly alternatives include builders hosted in the European Union such as Webflow Cloud regions in Europe, Framer, Wix Studio with EU data residency where available, or self hosted stacks based on WordPress, Strapi or Payload on European cloud providers like OVHcloud, Scaleway or Hetzner. AI generation can be reproduced through Mistral or other EU based AI models.
List every first party Dorik cookie, every integration cookie enabled in the dashboard and every third party domain contacted by the page. Indicate the purpose, the duration, the data controller and the destination country. Refresh the policy whenever a new integration is enabled, whenever Dorik updates its trackers, and whenever the consent log shows new vendors.