Didomi

Name: Didomi
Rating: 8.2 (1 reviews)

🇫🇷

Enterprise consent and preference management platform built for global privacy regulation

8.2/10

EU-BuiltGDPREU Data

Didomi is a Paris-based enterprise consent and preference management platform covering cookie consent, data subject requests, and preference centres across web, mobile, and connected TV. It supports TCF 2.2 and GPP frameworks and processes consent signals from over 100 countries for regulated enterprises managing data privacy at scale.

Headquarters

Paris, France

Founded

2017

Pricing

Custom

EU Data Hosting

Yes

Employees

201-500

consent-managementgdpr-compliantcookie-consentprivacy-regulationenterprisetcf-2-2

Ratings

Ease of Use7.0

Feature Depth9.0

Value for Money7.0

EU Compliance9.5

Support Quality8.0

Integration Ecosystem8.5

Features

Core Features

✓GDPR and ePrivacy cookie consent banner
✓Preference Centre for granular user choice
✓TCF 2.2 (IAB Europe) compliance
✓Global Privacy Platform (GPP) support
✓Consent API for mobile and connected TV
✓Vendor management and IAB vendor list
✓A/B testing for consent banners
✓Multi-language support (100+ languages)
✓Data Subject Request (DSR) workflow management
✓Real-time consent event forwarding

Standout Features

★Preference Centre enabling subscription and communication preference management beyond cookie consent
★Headless consent API for non-browser surfaces including iOS, Android, and CTV
★Consent String forwarding to downstream ad tech partners via TCF signal propagation
★Privacy regulation auto-detection by visitor geolocation with jurisdiction-specific banner display
★Did App — no-code consent configuration tool with visual preview across device types

Compliance

☖GDPR and ePrivacy compliant
☖TCF 2.2 certified Consent Management Platform
☖CCPA and CPRA compliant
☖ISO 27001 certified
☖SOC 2 Type II certified
☖Data hosted in France (EU jurisdiction)
☖No data transfer outside EU
☖Data Processing Agreements available

Pricing

Starter

Contact Sales

Entry-level for single domain
Standard GDPR cookie banner
Basic TCF 2.2 support
Email support

Business

Contact Sales

Multiple domains and properties
Preference Centre module
A/B testing and analytics dashboard
API access and integrations

Enterprise

Contact Sales

Unlimited properties and markets
Headless consent API for mobile and CTV
DSR workflow management
Dedicated customer success manager
Custom SLAs and professional services

Billing: annual

Integrations & API

Google Tag ManagerGoogle Analytics 4Adobe Experience PlatformSalesforce Marketing CloudSegmentTealiumHubSpotMarketoPiano AnalyticsAmplitude

API AvailableWebhook Support

Support

EmailPhoneDedicated-csmDocumentationDocs: ExcellentCommunity Forum

Pros

✓Native support for TCF 2.2, GPP (Global Privacy Platform), and over 100 country-specific privacy regulations from a single platform
✓Preference Centre allows users to manage granular consent choices beyond cookies — email frequency, product notifications, data sharing — reducing unsubscribe rates
✓EU-hosted infrastructure with data stored in France, directly under GDPR jurisdiction with no adequacy decision risk
✓Developer-first consent API enables headless consent collection for mobile apps, connected TV, and non-browser surfaces where cookie banners are impractical
✓Comprehensive compliance dashboard tracks consent rates, vendor configurations, and regulatory exposure across all properties in real time

Cons

✕No public pricing — all plans require direct sales engagement, making budget estimation impossible without a discovery call
✕Setup complexity for large organisations with dozens of properties requires significant implementation effort and typically professional services support
✕Free trial is not self-serve — evaluation requires a demo request and sales process, creating friction for technical teams evaluating independently
✕Reporting and analytics dashboards lack the depth of dedicated analytics tools, particularly for consent rate trend analysis over extended periods

Frequently Asked Questions

Yes. Didomi is headquartered in Paris, France, and stores all consent data in French-based infrastructure under EU jurisdiction. The company is ISO 27001 and SOC 2 Type II certified, holds TCF 2.2 certification from IAB Europe, and offers Data Processing Agreements to all customers.

Didomi is a European alternative to OneTrust with a stronger focus on consent and preference management as a core competency. OneTrust has broader privacy programme management features (privacy impact assessments, vendor risk, policy management). Didomi's EU data hosting and European regulatory depth make it more attractive for organisations prioritising GDPR compliance over breadth.

Yes. Didomi provides a headless consent API and native SDKs for iOS and Android, enabling consent collection and storage for mobile applications where browser cookie banners are not applicable. Connected TV (CTV) consent is also supported via the API.

A Preference Centre goes beyond cookie consent to give users granular control over how an organisation communicates with them — email frequency, product notification types, data sharing permissions. Didomi's Preference Centre integrates these choices with downstream marketing tools, reducing unsubscribes and improving the quality of marketing data by ensuring only genuinely consented contacts receive communications.

All consent records are stored in France, within EU jurisdiction. No data is transferred to non-EU countries. This is particularly important for organisations subject to GDPR Article 49 restrictions on international data transfers and for those operating in sensitive regulated sectors.

What Is Didomi?

Most organisations discover their consent management problem the hard way. A cookie banner is deployed — often a tag manager plugin, often configured in an afternoon — and it works until a GDPR enforcement decision lands that makes clear "working" and "compliant" are different things. The French data protection authority CNIL has issued fines to Google (€150 million), Facebook (€60 million), and Microsoft (€60 million) specifically for cookie consent deficiencies. The Spanish AEPD and German state-level DPAs have followed. Consent infrastructure that was treated as a checkbox has become a regulatory liability.

Didomi launched in Paris in 2017 with the premise that consent management deserves a dedicated platform, not a plugin. The company builds consent and preference management as its entire product focus — not a feature within a broader privacy management suite, as is the case with OneTrust or TrustArc. By 2026, the platform processes consent decisions from over 100 countries for enterprise clients across media, e-commerce, finance, and telecommunications.

What makes Didomi relevant for European organisations specifically is the infrastructure posture. Consent data — records of which users agreed to what, when, on which legal basis — is personal data. It is subject to GDPR. Storing it with a US-based provider triggers adequacy concerns and creates precisely the kind of cross-border data transfer that regulators are scrutinising. Didomi stores everything in France, under French jurisdiction, under EU law, with no adequacy decision required.

Key Features

Cookie Consent and TCF 2.2

The foundation of any consent management platform is the cookie banner: the mechanism by which websites obtain, record, and honour user choices about tracking. Didomi's banner implementation is TCF 2.2 certified — meaning it conforms to the IAB Europe Transparency and Consent Framework, the standard used by the programmatic advertising industry to propagate consent signals through ad technology chains.

TCF 2.2 compliance is non-trivial. The framework specifies exactly how consent strings must be structured, how vendor lists must be managed, and how user choices must be recorded and forwarded to downstream partners. A non-compliant implementation can result in ad revenue losses (consent signals that ad tech partners reject) and regulatory exposure (the Belgian DPB's 2022 decision found the TCF framework itself created GDPR violations that publishers were implicated in). Didomi's certified implementation handles the technical complexity while giving organisations a compliant foundation.

Banner display logic uses geolocation to determine which regulation applies to each visitor. A user in California sees a CCPA-compliant banner. A user in France sees a GDPR-compliant banner. A user in Brazil sees an LGPD-compliant banner. All from the same platform, without separate implementations per market.

Preference Centre

The distinction between consent management and preference management matters commercially, not just legally. Cookie consent captures a binary choice about tracking at a point in time. A Preference Centre captures ongoing, granular choices: which email types a user wants to receive, how frequently, whether their data can be shared with specific categories of partners, whether they want personalised recommendations.

Didomi's Preference Centre stores these choices centrally and forwards them to downstream systems — Salesforce Marketing Cloud, Marketo, HubSpot, Segment — via real-time integrations. When a user updates their email frequency preference in the Preference Centre, that change propagates to the email service provider immediately. This closes the gap between what users consent to and what organisations actually do with their data, which is both a compliance requirement and a practical requirement for maintaining trust.

Organisations that have deployed Preference Centres report reduced unsubscribe rates because users can adjust rather than exit. It also produces higher-quality marketing data: email lists filtered to genuinely consented contacts have higher engagement rates and lower spam complaint rates.

Headless Consent API

Cookie banners are a browser-native pattern. Mobile applications, connected TV platforms, and server-to-server data flows require a different approach. Didomi provides a headless consent API and native SDKs for iOS and Android that enable consent collection and storage for non-browser surfaces.

A mobile app using the Didomi iOS SDK can present a native consent experience — not a WebView loading a browser banner — and store the resulting consent record in Didomi's centralised consent store. When the user opens the same service in a web browser, their prior consent is recognised. This cross-surface consent portability is technically complex to implement from scratch and is increasingly required by regulators who treat mobile and web as parts of the same data processing activity.

Connected TV consent via the IAB's OTT framework is also supported, positioning Didomi for the growing segment of media companies whose users access content across browsers, apps, and smart TVs.

Compliance Dashboard and Consent Analytics

Didomi's analytics layer tracks consent rates by property, banner variant, user geography, and time period. For organisations running A/B tests on banner design — a meaningful optimisation lever given that consent rates can vary by 20–40 percentage points across banner configurations — the analytics dashboard provides the data needed to make evidence-based design decisions.

The compliance dashboard shows real-time vendor configuration status, flagging vendors present on a property who are not in the configured IAB vendor list, or vendors who are active on properties where their consent has not been obtained. This audit capability is valuable for large organisations managing dozens of web properties where tracking tag proliferation is difficult to monitor manually.

Data Subject Request Management

Enterprise plans include DSR (Data Subject Request) workflow management — the process of receiving, verifying, routing, and fulfilling requests from users to access, correct, or delete their personal data. GDPR Article 15–17 requires organisations to respond to these requests within 30 days. Didomi's DSR module creates a structured workflow with audit trails, connecting consent records to downstream data processing systems via API integrations.

Pricing

Didomi does not publish pricing. All plans require a sales conversation, which is the norm for enterprise consent management but a friction point for technical teams evaluating independently. Based on market intelligence, Didomi's pricing is positioned in the mid-to-upper tier of the consent management market — above self-serve tools like Cookiebot and Iubenda, below OneTrust's enterprise contracts.

For organisations comparing Didomi to OneTrust, the value calculation often favours Didomi for EU-focused deployments. Didomi is a more focused product (consent and preferences, not the full privacy programme suite), which means lower licence costs but also less functionality for use cases like privacy impact assessments, vendor risk management, and policy lifecycle management that OneTrust supports natively.

Professional services for implementation are typically recommended for organisations with complex multi-property setups. This adds to total cost of ownership but reflects the genuine complexity of configuring a TCF 2.2-compliant consent infrastructure across multiple markets.

EU Compliance & Privacy

Didomi's compliance positioning is its clearest differentiator against American competitors. Didomi SAS is a French company. Consent data is stored in France. There is no non-EU data flow for any standard deployment. ISO 27001 and SOC 2 Type II certifications are in place. TCF 2.2 certification is current.

For Data Protection Officers making a consent platform selection, the due diligence process is substantially simpler with Didomi than with a US-based provider. There is no adequacy assessment required, no Standard Contractual Clauses to negotiate, no cross-border transfer impact assessment to document. The data stays in the EU because the company is in the EU.

This matters at a practical procurement level: many large EU enterprises — public sector bodies, banks, healthcare organisations — have purchasing policies that prohibit processing personal data with non-EU providers except under specific documented exceptions. Didomi qualifies without exceptions.

Who It's Best For

Large EU enterprises with multiple web properties and markets where managing consent across jurisdictions without a dedicated platform creates compliance exposure. Media companies, retailers, and telecommunications providers with international user bases are Didomi's natural market.

Organisations with advertising-funded digital products where TCF 2.2 compliance directly affects ad revenue. Incorrectly structured consent strings result in consent signals that programmatic ad platforms reject, reducing available inventory.

Data Protection Officers and privacy teams at companies where consent records will be subject to regulatory review. Didomi's audit trails, certification status, and EU data hosting create a defensible compliance posture.

Companies replacing OneTrust who find they are paying for privacy programme management features they do not use and want a more focused, EU-native consent platform at a lower total cost.

The Verdict

Didomi is one of the strongest EU-native alternatives to OneTrust for organisations whose consent management requirements are primarily GDPR and TCF 2.2 compliance, not broader privacy programme management. The Preference Centre capability goes meaningfully beyond what most consent platforms offer, addressing both commercial and compliance objectives. The EU data hosting and certification stack make procurement straightforward for regulated industries.

The limitations are real: no self-serve trial, opaque pricing, and an implementation complexity that requires budget for professional services in large deployments. Teams looking for a quick-to-implement, low-cost consent banner will be better served by Cookiebot or Iubenda. Teams managing consent at enterprise scale, across multiple markets, with advertising technology dependencies and regulatory scrutiny, will find Didomi's depth worth the investment.

Frequently Asked Questions

Is Didomi GDPR compliant?

Yes. Didomi SAS is headquartered in Paris, France, and stores all consent data in French infrastructure. The company holds TCF 2.2 certification from IAB Europe, ISO 27001, and SOC 2 Type II. Data Processing Agreements are available, and no data is transferred outside the EU.

How does Didomi compare to OneTrust?

Didomi focuses exclusively on consent and preference management; OneTrust covers a broader privacy programme including privacy impact assessments, vendor risk management, and policy lifecycle management. For EU organisations whose primary need is GDPR consent compliance and TCF 2.2, Didomi is typically more cost-effective and provides EU data hosting without requiring adequacy decisions. OneTrust is more appropriate when privacy programme management beyond consent is required.

Does Didomi support mobile app consent?

Yes. Didomi provides native iOS and Android SDKs and a headless REST API for mobile consent collection, with cross-surface consent portability so a user's choices on mobile are recognised on web and vice versa. Connected TV consent via IAB OTT frameworks is also supported.

What is a Preference Centre?

A Preference Centre extends cookie consent to give users ongoing control over how an organisation communicates with and processes data about them — including email frequency, notification types, and data sharing permissions. Didomi's Preference Centre integrates with downstream marketing tools (Salesforce, HubSpot, Marketo) to propagate preference changes in real time, ensuring what users choose is what organisations do.

Where does Didomi store consent data?

All consent records are stored in France, within EU jurisdiction, with no transfers to non-EU countries. This means organisations using Didomi do not need adequacy decisions, Standard Contractual Clauses, or transfer impact assessments for their consent data flows — a meaningful simplification for GDPR compliance programmes.