Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Iubenda

VERIFIED
Cookie consent · Italy
Founded 2010 · iubenda.com ↗

Italian privacy-compliance toolkit (Milan, est. 2010); 150K+ customers; subject to direction of Team.blue NV (Belgium).

In short

Iubenda, in the Cookie consent category, is a European service with Ireland as its hosting location and at most minor, transient US exposure under the CLOUD Act.

Assessment notes

Iubenda (Milan IT, founded 2010, 15+ years operational) is ISO 27001 aligned, IAB TCF 2.2 validated, Google-certified CMP, 150K+ customers, supports 27 human-translated languages with in-house legal team monitoring regulations, and crucially its parent Team.blue NV (Belgium) is European-controlled (Hg Capital UK + CPP Investments Canada, no US PE majority); ownership_signal eu_owned, minor CLOUD Act exposure; note: explicit sub-processor list and DPA URL not surfaced publicly.

CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About Iubenda

Iubenda (Milan, Italy, founded 2010) is a 15-year-old privacy-compliance toolkit covering cookie consent, privacy policy generator, terms generator, accessibility widget, and advanced compliance solutions. It has 150,000+ customers across 400,000+ sites and apps. In-house legal team monitors regulations and updates the templates accordingly. Google-certified CMP partner, IAB TCF 2.2 validated, ISO 27001 aligned. Parent company is Team.blue NV (Belgium), a European hosting / SaaS consolidator backed by Hg Capital (UK PE) and CPP Investments (Canada Pension), no material US private-equity majority. For procurement buyers Iubenda is one of the cleanest cookie-consent picks remaining outside the Vista-controlled Usercentrics / Cookiebot consolidation.

SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications

ISO/IEC 27001
ACTIVE
FEATURES

Capability matrix

White-label Yes
IAB TCF v2 Yes
Google Consent Mode Yes
Auto cookie scan Yes
Geo-targeting Yes
Consent logging Yes
Multilingual Yes
Free tier Yes
INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log Yes
Self-host / on-prem option No
PRICING

Pricing & tiers

FREEMIUM
from €2/mo
View pricing page ↗
PUBLIC DOCUMENTS

Public documents

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
  • Data Processing Addendum (DPA)
    www.iubenda.com/terms-and-conditions…
    Open ↗
  • Sub-processors list
    — missing
    missing
ALTERNATIVES

Alternatives in this category

ConsentManager
Germany · Founded 2017
EU-SOVEREIGN

German-owned CMP with own EU data centres (not hyperscaler); ISO 27001, IAB TCF v2 ID 31, 100K+ websites, from €23/mo.

Public DPA Sub-processors Open source
FROM
€23/mo
CLOUD ACT
NONE
Cookiebot
Denmark · Founded 2012
EU-HOSTED

Danish cookie consent (Cybot A/S, est. 2012); ISO 27001 + ISO 27701; acquired by Usercentrics 2022 (now Vista Equity-owned).

Public DPA Sub-processors Open source
FROM
€11/mo
CLOUD ACT
MATERIAL
Didomi
France · Founded 2017
EU-BASED

Paris-based enterprise CMP (founded 2017); ISO 27001, Google-certified CMP; clients include Volvo, Michelin, Yahoo.

Public DPA Sub-processors Open source
FROM
€19/mo
CLOUD ACT
MINOR