Iubenda
VERIFIEDItalian privacy-compliance toolkit (Milan, est. 2010); 150K+ customers; subject to direction of Team.blue NV (Belgium).
Why this score?
Iubenda (Milan IT, founded 2010, 15+ years operational) is ISO 27001 aligned, IAB TCF 2.2 validated, Google-certified CMP, 150K+ customers, supports 27 human-translated languages with in-house legal team monitoring regulations — and crucially its parent Team.blue NV (Belgium) is European-controlled (Hg Capital UK + CPP Investments Canada, no US PE majority); ownership_signal eu_owned, score 4/5 capped only because explicit sub-processor list and DPA URL not surfaced publicly.
- SCORE
- 4.0/5
- CLOUD ACT
- CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor This listing A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
-
- OWNERSHIP
- OWNERSHIP
Where ultimate control over the operating company sits.
-
EU-owned This listing EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
-
- SUB-PROCS
- — not disclosed
JUMP TO
About Iubenda
Sub-processor map · not disclosed
Frameworks & certifications
Capability matrix
Pricing & tiers
Public documents
-
Open ↗Data Processing Addendum (DPA)www.iubenda.com/terms-and-conditions…
-
missingSub-processors list— missing
Alternatives in this category
German-owned CMP with own EU data centres (not hyperscaler); ISO 27001, IAB TCF v2 ID 31, 100K+ websites, from €23/mo.
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
How exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
Paris-based enterprise CMP (founded 2017); ISO 27001, Google-certified CMP; clients include Volvo, Michelin, Yahoo.
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
How exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor This listing A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
Danish cookie consent (Cybot A/S, est. 2012); ISO 27001 + ISO 27701; acquired by Usercentrics 2022 (now Vista Equity-owned).
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
How exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material This listing US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.