Termly is committed to helping EU customers comply with data protection requirements, particularly when it comes to visitor (end user) data.
What is Considered Visitor Data?
Visitor data generally refers to any data collected from individuals visiting your website — such as cookie preferences, consent logs, and browser/device identifiers — which may be subject to GDPR and other data transfer regulations.
EU Data Center Option
Termly already implements strict data minimization and anonymization practices across its services, especially for end user data. For customers who want to ensure that their visitors’ data stays within the EU:
- Termly can be configured to store all user consents in an EU-based data center.
- All new accounts created from the EU automatically use the EU data center by default.
- Existing customers who want to migrate to EU-only data storage can request this through customer support.
This setup helps support compliance with GDPR and mitigate cross-border data transfer concerns.
FAQ: Content Security Policy (CSP) and Termly Consent Domains
Why am I seeing a CSP (Content Security Policy) error related to consent.api.termly.io?
If your website uses a restrictive Content Security Policy (CSP), it may block network requests to Termly’s EU or US consent domains unless those domains are explicitly allowed. These errors typically appear in your browser’s developer console or security tools.
Which domain is used for my website?
Termly stores visitor consent data in one of two regions:
- If your account is configured to store visitor data in the EU, consent is stored at:
https://eu.consent.api.termly.io - If your account is configured to store visitor data in the US, consent is stored at:
https://us.consent.api.termly.io.
You can check which domain applies to your account in your Termly dashboard under your profile settings.
What happens if my CSP blocks Termly's consent domains?
If your Content Security Policy blocks the relevant Termly domain, consent data may not be stored correctly.