Never miss an episode!  Subscribe to the podcast on iTunes.


Unbounce: a fully GDPR compliant platform

On May 25, 2018, a new data privacy law called the General Data Protection Regulation (GDPR) came into force, impacting how businesses collect and process data from individuals who live in the European Union (EU).

This is what we've done to be GDPR compliant as a platform

Need a Data Processing Addendum?

We take your privacy and security seriously, which is why we offer a Data Processing Addendum (DPA) to all of our customers, in addition to our publicly posted Privacy Policy.

Complete this form to get your DPA

More Resources

Official Publications Office of the European Union

Learn more  

Data Protection Reform infographic

Learn more  

An overview of the General Data Protection Regulation

Learn more  

Reform of EU data protection rules

Learn more  

Data transfers outside the EU

Learn more  

Check out our Security page

Learn more  

“More than 90% of Europeans say they want the same data protection rights across the EU – and regardless of where their data is processed.”

Here’s what our Chief Product Officer said:

Carter Gilchrist

Chief Product Officer at Unbounce

“Our goal at Unbounce is to deliver industry-leading conversion tools to professional marketers  in the European Union (EU), and marketers who conduct business with EU-based individuals, so that they can grow their companies as fast as possible—being compliant with the GDPR will be integral to how we support this goal and ensure our customers’ success.”

Never miss an episode!  Subscribe to the podcast on iTunes.


The GDPR Basics

What’s the gist of the GDPR?

It gives people who are based in the EU greater privacy rights—and means that there will be new rules to follow when it comes to collecting, tracking, or handling EU-based prospects’ and customers’ personal data.

Does the GDPR affect me?

If you have customers in the EU, plan to have customers in the EU, or process any form of EU data, this one’s for you.

So… what Unbounce is doing about the GDPR?

Quite a few things: from moving all lead data to Europe to give you the tools you need to make your landing pages compliant. For more, check out the details above!

Why it matters?

Unbounce has moved all lead data into the EU.

No form submission data will be transferred out of the EU.

Data Storage

Data Protection Officer

We've designated a DPO here at Unbounce. 

If you would like an introduction reach out to our CS team and they will introduce you!

Why it matters?

If someone reaches out to you with a valid right to be forgotten request, you can contact our Support team to have that lead deleted across multiple pages or accounts within 30 days.

Right to Erasure

Why it matters?
Why it matters?

Unbounce gives you the ability to add a sticky bar, using our cookie bar template, to inform your customers that you are using tracking cookies.


Lawful Basis of Processing

If you collect lead data through an Unbounce form, or a 3rd party form embedded on your landing page, you must obtain consent from the the data subject. 

Why it matters?

You can delete individual leads within your Unbounce account. If you need lead data deleted for an entire page or account, our Support team can lend you a hand! Check out Deleting Your Leads for more details.

If you cancel your Unbounce account, all lead data will be automatically deleted within 12 months.


Why it matters?

Lead Data Security: You can force and redirect incoming traffic to the secure HTTPS version of your page. This will ensure proper encryption, both in transit and at rest, of the lead data collected on your Unbounce pages, using the latest protocols and ciphers.

Secure connections to all 3rd party services from native 3rd party integrations.


Why it matters?

Sub-processor DPAs: We have taken steps to ensure that Unbounce’s customer data is secure by signing data processing agreements with each of our sub-processors. A list of sub-processors can be provided upon request.

Data processor DPA: To obtain a DPA from Unbounce, complete this form to receive  your DPA by email.

Data Processing Agreement (DPA)

Why it matters?


This page isn’t the be-all-and-end-all on EU data privacy, nor should you consider it legal advice. This is meant to provide background information and help you better understand Unbounce’s strategy to comply with the GDPR.

Read our FAQ

More questions?

Read our FAQ

More questions?

How can I make my landing pages GDPR compliant?

Before collecting someone’s data, the GDPR states you must first have a legal basis to do so. There are six lawful bases of processing under the GDPR, but if you’re a digital marketer, your use case will most likely fall into one of the following three:

  • Consent (i.e. opt-in)
  • Performance of a contract (eg. sending an invoice to a customer)
  • “Legitimate interest” (eg. Someone is an existing customer and you want to send them information related to a product or service they already have.)

If you are using Unbounce for lead gen, then you must gather consent via opt-in to collect, use, or store someone’s data. When building your landing pages in Unbounce, you can easily add an opt-in field to your forms with the Unbounce form builder

Read how to make your landing pages compliant >>>

Data privacy protection by design with Unbounce

Unbounce takes data privacy very seriously, and we view the GDPR as an opportunity to enhance our commitment to data protection for the benefit our customers.

As a trusted partner, our top priority is ensuring that our customers have confidence in our platform, and that the data they collect with Unbounce is processed securely and in accordance with GDPR requirements.

Unbounce also complies with world-wide data privacy and security standards, namely CASL and PCI-DSS.

Click to know what "privacy by design" means >>>

Show your prospects their privacy is your priority

Get started building your first landing page.


All Unbounce plans are fully compliant with GDPR requirements. We've got you covered.