Usercentrics

VéRIFIé

Consentement cookies · Germany

Founded 2017 · usercentrics.com ↗

Munich-based CMP (founded 2017); 2.4M sites / 8.8B monthly consents; now Vista Equity Partners-owned alongside Cookiebot.

Pourquoi ce score ?

Usercentrics GmbH (Munich DE, founded 2017) is ISO 27001 certified, German-operated, 2.4M websites / 8.8B monthly consents — but was acquired by Vista Equity Partners (US private equity) in 2024 alongside its Cookiebot subsidiary, flipping ownership_signal to eu_hq_us_funded with material CLOUD Act exposure via US PE control; the company now consolidates the DACH cookie-consent market under US PE.

SCORE: 3.0/5
CLOUD ACT
OWNERSHIP
SUB-PROCS: — not disclosed

JUMP TO

OVERVIEW

About Usercentrics

**Usercentrics GmbH** (Munich, Germany, founded 2017) consolidated the DACH cookie-consent market when it acquired **Cookiebot / Cybot** in 2022. Together the group serves 2.4M websites and 600K+ customers. The product line includes **Usercentrics Web CMP** (entry tier ~€10/mo) and **Usercentrics App CMP** for mobile. ISO 27001 certified. The 2024 acquisition by **Vista Equity Partners** (US private equity giant, $100B AUM, Austin TX) means the entire DACH cookie-consent market consolidation is now US-PE-owned at the ultimate-parent level — a structural fact procurement buyers should be aware of when this is positioned as a "European alternative to OneTrust".

SUB-PROCESSORS

Carte des sous-traitants · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.

CERTIFICATIONS

Référentiels & certifications

ISO/IEC 27001

ACTIVE

FEATURES

Matrice de fonctionnalités

INTEGRATION & ACCESS

REST API

SSO (SAML / OIDC)

COMPLIANCE & GOVERNANCE

Audit log

Self-host / on-prem option

PRICING

Tarifs & paliers

FREEMIUM

à partir de €10/mois

Voir la page tarifs ↗

PUBLIC DOCUMENTS

Documents publics

Vendor does not publish a public DPA. Without a publicly accessible Data Processing Addendum, small EU customers cannot self-serve the processor agreement — this caps the compliance score (see How we score).

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.

Data Processing Addendum (DPA)

— missing

missing
Sub-processors list

— missing

missing

ALTERNATIVES

Alternatives dans cette catégorie

ConsentManager

Germany

German-owned CMP with own EU data centres (not hyperscaler); ISO 27001, IAB TCF v2 ID 31, 100K+ websites, from €23/mo.

Didomi

France

Paris-based enterprise CMP (founded 2017); ISO 27001, Google-certified CMP; clients include Volvo, Michelin, Yahoo.

Iubenda

Italy

Italian privacy-compliance toolkit (Milan, est. 2010); 150K+ customers; subject to direction of Team.blue NV (Belgium).

See all consentement cookies alternatives →