Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Wistia is a US-based video hosting and marketing platform designed for business video. It provides detailed viewer analytics (engagement heatmaps showing exactly which parts of a video are watched, replayed, or skipped), email capture forms within videos, CRM integrations, and A/B testing for video thumbnails. Wistia's marketing analytics capabilities make it more GDPR-complex than simple video embeds. Consent is required for tracking cookies, viewer analytics, and email capture. All data is processed in the US requiring SCCs.
Wistia is a video hosting and marketing platform designed for business and brand video. It differentiates from YouTube and Vimeo with its marketing-focused features: detailed viewer engagement analytics (heatmaps showing exactly which parts of a video viewers watch, skip, or rewatch), Turnstile email capture gates, CTA overlays, A/B testing of video thumbnails, and native integrations with HubSpot, Marketo, and other marketing platforms.
Wistia''s marketing analytics capabilities create more GDPR complexity than simple video hosting. When Wistia identifies a viewer (via email captured through Turnstile or Mailchimp/HubSpot integration), it links all their viewing behaviour to their profile. This constitutes individual-level marketing profiling. Consent is required for the tracking cookies, email capture, and marketing-integrated viewing analytics.
Wistia''s Turnstile feature gates video content behind an email capture form. This is a marketing lead capture mechanism. Under GDPR, collecting an email via Turnstile requires a valid legal basis — typically consent with a clear opt-in for marketing communications. Pre-filling or hard-requiring email before playing a video that''s not clearly marked as marketing may be challenged as conditioning access to content on consent, which GDPR considers non-freely-given.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block Wistia embeds via CMP until media/analytics consent. Sign the Wistia DPA. Disclose Wistia viewer analytics in your privacy policy. For Turnstile: use it for optional content gating with clear GDPR-compliant consent language, not as a condition for accessing essential content. Configure CRM integrations so viewer data only syncs for known contacts with documented consent.
Websites using Wistia must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended for Wistia deployments using viewer engagement analytics combined with CRM integration, as this enables building detailed individual profiles of video engagement behaviour linked to known contacts.
Sample consent text
This page contains an embedded Wistia video. Wistia uses cookies to track your viewing behaviour and may transfer data to the US. By accepting media cookies, you allow Wistia to load and record your engagement with this video.
Third-party domains contacted
fast.wistia.comfast.wistia.netembedwistia-a.akamaihd.netCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _wt2 | persistent | 2 years | Wistia visitor tracking identifier for linking video engagement analytics to individual viewer profiles |
Wistia uses cookies for user preferences — inform visitors with a consent banner.
Yes. Wistia sets tracking cookies for viewer analytics and engagement measurement. These require consent under the ePrivacy Directive before the Wistia player loads. Block via CMP until media/analytics consent is given.
Wistia collects play events, pause events, percentage watched, rewatch behaviour, skip patterns, and time-stamped engagement data for each viewer session. For identified viewers (via Turnstile or CRM integration), this data is linked to individual contact profiles.
Turnstile is Wistia's email capture feature that gates videos behind a form. For GDPR compliance, Turnstile must include explicit consent language for marketing use of the captured email. Do not use Turnstile as a condition for accessing non-marketing content — this may constitute conditioning access on consent, which GDPR prohibits.
Yes. All Wistia data is processed on US infrastructure. SCCs are required. Sign the Wistia Data Processing Agreement from wistia.com/privacy.
Wistia sets _wt2 (viewer tracking, 2 years), wistia-video-progress (playback progress, session), and various analytics cookies. These require consent under the ePrivacy Directive.
Sync Wistia viewer data to CRM only for known contacts who have consented to marketing communications. Do not sync anonymous viewer data to CRM profiles. Configure the integration to only share engagement data for contacts with documented consent.
Recommended when Wistia is used for marketing analytics with CRM integration. The combination of individual-level video engagement profiling linked to marketing automation constitutes systematic monitoring of individual behaviour.
Vidyard (Canada) provides similar marketing video analytics. For EU-hosted video, Dacast (US-hosted) and Spotlightr (US-hosted) are alternatives. Truly EU-hosted professional video platforms with marketing analytics are limited — most organisations use Wistia with appropriate consent management.