ToolkitSuitePopupGDPR Compliance
Setup

GDPR Compliance

Live · Purchase Now

This article covers how to make your use of Popup compliant with the General Data Protection Regulation (GDPR). This is provided for informational purposes only and does not constitute legal advice. For specific legal guidance, consult a qualified attorney.

Step 1: Sign the Data Processing Agreement

Popup provides a built-in Data Processing Agreement (DPA) to formalize how subscriber data is handled.

To sign the DPA:

  1. Open your Popup dashboard
  2. Go to Site Settings
  3. Locate the Data Processing Agreement section
  4. Fill in the required fields (your company name, address, and contact details)
  5. Click Generate and Sign DPA

The signed agreement is stored in your account and available for download at any time.

Step 2: Update Your Privacy Policy

Your website's privacy policy should describe what data Popup collects and how it is used. The following categories of data may be collected through Popup widgets:

  • Contact details -- email address, name, phone number, and any other fields included in your widget forms
  • Technical data -- IP address, browser type and version, operating system
  • Behavioral data -- widget views, widget closes, form submissions
Sample privacy policy snippet:
We use an on-site messaging tool to display opt-in forms, promotional offers, and targeted messages. This tool may collect your email address, name, and other information you voluntarily provide through these forms. Technical data such as your IP address, browser type, and interaction data (form views and submissions) may also be collected. This data is processed to deliver relevant content and manage our email communications. You can withdraw your consent at any time by contacting us.

Adapt this language to match your specific data collection practices and legal requirements.

GDPR requires that you obtain clear, informed consent before collecting personal data. There are three recommended approaches:

Option A: Mandatory Agreement Checkbox

Add a Checkbox element to your widget form with a label such as:

"I agree to receive emails and accept the Privacy Policy."

Make the checkbox required so the form cannot be submitted without consent.

Option B: Double Opt-In via Your Email Service

Configure your connected email service provider (ESP) to send a confirmation email after form submission. The subscriber must click a confirmation link before being added to your list. See How to Set Up Double Opt-In for setup details.

Option C: Clear Form Design

Design your widget form so the call-to-action button text and surrounding copy make it explicitly clear what the visitor is agreeing to. For example, a button labeled "Subscribe to our newsletter" paired with text stating "We'll send you weekly updates. Unsubscribe anytime."

Need more help?

If you've worked through this and still need a hand, contact support -- we'll dig in with you.

Contact support