Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
European A/B testing and conversion optimisation platform from ABLYFT GmbH (Cologne, Germany), with EU hosting and a strong emphasis on GDPR friendly defaults for marketing and product teams.
ABLyft is a German A/B testing and conversion optimisation platform operated by ABLYFT GmbH in Cologne. It lets product, growth and CRO teams build variations of landing pages, run client side and server side experiments, target audiences and measure uplift on conversions and revenue. It positions itself as a privacy first European alternative to US testing tools.
ABLyft loads a JavaScript snippet that sets first party cookies on the merchant domain to remember which variant a visitor has been assigned, plus pseudonymous identifiers for session, conversion and goal tracking. URLs, referrers, viewport, anonymised IP fragments and clicks linked to a test can be transmitted to ABLyft servers.
A/B testing cookies are not strictly necessary, so Article 5(3) of the ePrivacy Directive applies and prior consent is required, unless the test is operated entirely server side with no persistent identifier and falls within the CNIL exemption for audience measurement. Even then, French CNIL guidance demands tight data minimisation and no cross site re identification.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
In the default client side mode, block the ABLyft snippet until consent. List ABLyft in the cookie banner, describe purposes (experimentation, conversion measurement, optional personalisation), and store proof of consent. If you rely on the CNIL exemption (anonymised, short retention, no cross site profiling) document the analysis carefully.
ABLyft hosts the core service in Germany (Frankfurt and Hetzner data centres). No transfer outside the EU is required for the standard product. If you connect ABLyft to a US based analytics or data warehouse, the resulting transfer must be assessed separately and covered by Standard Contractual Clauses.
Sign the DPA with ABLYFT GmbH, list ABLyft in your ROPA and cookie banner, configure the snippet to drop only after consent, restrict editor and admin access by role, set short retention for raw event data, document the legal basis you chose (consent or CNIL exemption) and review the test setup when you start personalising experiences for logged in customers.
Websites using ABLyft must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is not normally required for low risk UI tests. It becomes recommended when ABLyft is combined with personalisation, audience segmentation or third party analytics that build long term behavioural profiles, or when tests are run on sensitive features (health, finance, public service).
Sample consent text
With your consent we use ABLyft (ABLYFT GmbH, Germany, EU hosting) to test different versions of our pages and measure which ones work best. ABLyft sets a first party cookie to remember which variant you saw and analyse anonymised interactions.
Third-party domains contacted
ablyft.comcdn.ablyft.comapi.ablyft.comevents.ablyft.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| ablyft_variant | http | 1 year | Stores the experiment variant assigned to the visitor so the user keeps the same version across visits. |
| ablyft_visitor | http | 1 year | Pseudonymous visitor identifier used to attribute conversions to the right variant. |
| ablyft_session | http | 30 minutes | Session identifier used to group events of the same browsing session. |
| ablyft_goal | http | 30 days | Tracks completion of conversion goals defined for the experiment. |
| ablyft_optout | http | 5 years | Stores the opt out signal when the user refuses A/B testing. |
ABLyft collects user analytics data — you legally need a consent banner. Try FlowConsent free.
ABLyft sets first party cookies such as ablyft_variant (assigned test variant), ablyft_visitor (pseudonymous visitor ID), ablyft_session (session ID), ablyft_goal (conversion tracking) and ablyft_optout (opt out signal).
Yes for the standard client side mode that drops persistent cookies. Server side, anonymised tests with short retention may rely on the CNIL audience measurement exemption, but this must be documented and proven.
Article 6(1)(a) GDPR (consent) for client side tests with persistent identifiers and conversion tracking. Article 6(1)(f) (legitimate interest) may apply to short lived, anonymous server side experiments under strict data minimisation.
No. The core service is hosted in Germany (Frankfurt, Hetzner). Only connectors you explicitly enable to a US analytics or data warehouse generate transfers, and these require their own SCCs.
A DPIA is normally not required for low risk UI tests. It is recommended for personalisation, audience segmentation, or experiments on sensitive features (health, finance, public service).
Sign the DPA, host the snippet behind a consent manager, configure short retention, document the experiment goals, restrict admin and editor access, and avoid combining ABLyft results with personally identifiable data outside what the experiment really needs.
Other A/B testing platforms include AB Tasty (EU), Kameleoon (EU), VWO, Optimizely, Convert, Google Optimize replacement via GrowthBook, Statsig, LaunchDarkly Experimentation and Adobe Target. EU hosted alternatives reduce transfer risk.
List ABLyft as a processor (ABLYFT GmbH, Germany), describe purposes (experimentation, conversion measurement), state durations for each cookie, mention the EU hosting, link to the ABLyft privacy policy and refresh the section if you add personalisation or connect external analytics.