Do I need to disclose Wix in my privacy policy?

Yes. Because Wix processes personal data on your behalf as a data processor, you must disclose this in your privacy policy under GDPR Article 28 and CCPA Section 1798.100. You should identify Wix as a third-party service provider and explain what data is shared with them. Failure to disclose may violate privacy regulations in your jurisdiction.

What specific data does Wix collect from my website visitors?

Wix collects form submission data, e-commerce transaction information, visitor IP addresses, and analytics data about user behavior on your site. If you use Wix apps or integrations, additional data may be collected. You should review your Wix settings to understand exactly what data flows through their platform.

Does Wix require a cookie consent banner on my website?

While no cookies are documented as strictly required by Wix itself, the platform may implement tracking or functional cookies depending on your configuration and apps enabled. Under GDPR and CCPA, you should implement a cookie banner if Wix or integrated tools use cookies for analytics, marketing, or personalization purposes.

Who processes my data and where is it stored?

Wix.com Ltd, based in Israel, acts as your data processor. Data submitted through your Wix site is transferred to and processed in Israel. Under GDPR, you may need to ensure adequate safeguards are in place for data transfers outside the EU, such as Standard Contractual Clauses or other approved mechanisms.

CMS

Privacy policy clauses for Wix

Wix is a cloud-based website builder and content management system that enables users to create, manage, and monetize websites without coding. It includes integrated e-commerce capabilities, form tools, and analytics features that process visitor and customer data.

Scan my site free →Copy sample clause ↓

Free scan · No signup · Results in 60 seconds

What data Wix collects

Your privacy policy must disclose each of the following data types when you use Wix.

Form submissions

Commerce data

IP address

Visitor analytics

When does Wix trigger privacy obligations?

Installation triggers immediate obligations

The moment you deploy Wix—whether as your primary site builder or embed its commerce/form modules—you begin collecting visitor IP addresses, form submission data, and analytics events. This triggers data controller obligations immediately under GDPR (Articles 13–14, privacy notice requirements) and CCPA (Section 1798.100, disclosure obligations) if your visitors include EU residents or California residents respectively.

Jurisdiction-specific thresholds

GDPR: Applies if any visitor is an EU resident, regardless of your business location. Wix.com Ltd operates from Israel; this means Wix is your data processor under GDPR Article 28, requiring a signed Data Processing Agreement (DPA). Without a DPA, you are in direct breach.

Privacy policy clauses for Wix

What data Wix collects

When does Wix trigger privacy obligations?

Installation triggers immediate obligations

Jurisdiction-specific thresholds

First concrete step

Where data goes

Common compliance pitfalls

Pitfall 1: No signed DPA with Wix

Pitfall 2: Conflating 'form data' with 'visitor analytics'

Pitfall 3: Underestimating Wix e-commerce as payment processor

Sample privacy policy clause

What regulators look for

Enforcement priorities

Frequently asked questions

Do I need to disclose Wix in my privacy policy?

What specific data does Wix collect from my website visitors?

Does Wix require a cookie consent banner on my website?

Who processes my data and where is it stored?

Don't ship without Bandit.