Sovereignty Scan
Geprüfte Domain: criteo.com
Wir prüfen DNS, Hosting, erkannte Tools und EU-Alternativen. Bei großen Seiten kann das beim ersten Aufruf einen Moment dauern.
Sovereignty Scan
Scanning domain: criteo.com
We are checking DNS, hosting, detected tools and EU alternatives. Large sites can take a moment on the first request.
34 of 49 detected tools fall under ( reach).
Vendor review recommended: 2 of 49 detected tools were assigned via the auto-imported database (TLD heuristics, without manual curation). Please verify the flagged matches before forwarding to the DPO.
We show the 3 easiest switches with matching EU alternatives.
Assessment
High CLOUD Act risk. Booking, marketing, and hosting run through providers with US ties.
Personal Data
HochContact, appointment and customer data in US tools.
Marketing Data
HochTracking, email lists, conversion data.
Infrastructure
HochHosting, CDN, DNS and email delivery.
The 3 biggest levers for criteo.com
Sorted by impact per effort. The first switch typically delivers more than the next two combined.
Umfragen / Research · Qualtrics LLC (US)
Umfrage- und CX-Research über Qualtrics (US), Befragten-Antworten gelangen in den US-Rechtsraum.
More than a fine
Fines make headlines, but rarely balance sheets. They arrive late, selectively, and are negotiable. What US tools cost you sooner is the sum of lost tenders, suspicious enterprise clients, a growing audit backlog, personal liability for your management, and a tool that could be shut down tomorrow with a single executive order.
Procurement
Federal, state, and enterprise procurement now make "EU hosting" and "CLOUD Act-free" knockout criteria. A single US tool in your stack is enough for disqualification — without ever making the shortlist.
by 2027
Federal administration sovereignty roadmap (BMI, "Sovereign IT 2027")
Trust & Churn
Since Schrems II, every serious procurement department checks the DPA annex. A US logo under "subprocessor" means a renewal negotiation — or a lost deal you never see as a lost deal.
73%
of GDPR-aware B2B buyers check subprocessors (Gartner, 2024)
Operational Burden
Every US tool requires its own Data Protection Impact Assessment, Standard Contractual Clauses, and a Transfer Impact Assessment. With every subprocessor change, the audit cycle restarts — usually unnoticed.
8–16 h
effort per tool and audit cycle, recurring
Management Liability
Under corporate governance law, those who ignore the state of the art are liable with personal assets, not the company treasury. D&O insurance regularly excludes GDPR intent and gross negligence.
Personal assets
of management in case of damage
Geopolitics
CLOUD Act, OFAC sanctions, a new Schrems ruling: when Washington pulls the plug, there is no transition period. Real precedent: in 2025, Microsoft blocked International Criminal Court accounts on US orders.
0 days
transition period for US embargo or account lockout
And when the authority does knock
Authorities in Germany investigate slowly but increasingly systematically. The expected value is lower than the headline, but the reach is not.
€50,000
realistic risk · max. €200,000 (Art. 83 (5) GDPR, up to 4% of annual revenue)
Detected Tools · 49 found
| Tool | Category | Hosting | Owner | Risk | EU Alternative |
|---|---|---|---|---|---|
Qualtrics SPF → _spf.qualtrics.com | Umfragen / Research | AWS US | Qualtrics LLC US · CLOUD Act | Hoch | |
Salesforce Datenschutz-Erklärung erwähnt Salesforce | CRM | Salesforce Hyperforce | Salesforce Inc. US · CLOUD Act DPF | Hoch | |
ZoomInfo JS-Bundle → ws.zoominfo.com | B2B-Datenbank / Sales Intelligence | AWS US | ZoomInfo Technologies Inc. US · CLOUD Act | Hoch | |
Chili Piper JS-Bundle → chilipiper.com | Lead-Routing & Terminbuchung | AWS US-East / GCP US-Central | Chili Piper Inc. US · CLOUD Act | Hoch | |
 Amazon CloudFront CAA-Record → issue amazon.com | CDN | AWS Edge (Global) | Amazon Web Services Inc. US · CLOUD Act DPF | Mittel | |
Amazon SES SPF-ASN → AMAZON-AES - Amazon.com, Inc., US | Transaktions-E-Mail | AWS (Region je nach Account) | Amazon Web Services Inc. US · CLOUD Act DPF | Hoch | |
APPLOVIN Skript / Iframe → .applovin.com | Analytics | Google Cloud | APPLOVIN US · CLOUD Act DPF | Niedrig | |
Appsflyer Datenschutz-Erklärung erwähnt Appsflyer | Analytics | AWS | Appsflyer IL | Niedrig | |
cdnjs Skript / Iframe → cdnjs.cloudflare.com | JavaScript-CDN | Cloudflare Anycast (global) | Cloudflare, Inc. (Betreiber + Maintainer) US · CLOUD Act | Mittel | |
Crazy Egg Datenschutz-Erklärung erwähnt Crazy Egg | Heatmap / Session-Replay | USA | Crazy Egg, Inc. US · CLOUD Act | Hoch | |
Ensighten Datenschutz-Erklärung erwähnt Ensighten | Tag Management | Unbekannt, Anbieterprüfung empfohlen | Ensighten Global | Niedrig | |
 Fastly HTTP-Header x-served-by → cache-chi-klot8100123-CHI, cache-lcy-eglc8600031-LCY, cac… | CDN | Fastly Edge (Global) | Fastly Inc. US · CLOUD Act | Mittel | |
Google Analytics JS-Bundle → G-W0WYERL9HS | Analytics | Google Cloud (Global) | Alphabet Inc. US · CLOUD Act DPF | Hoch | |
Google Call Conversion Tracking JS-Bundle → gstatic.com/call-tracking/call-tracking_"+(xK.op||xK.rr)+".… | Anruf-Conversion-Tracking | Google Cloud US | Google LLC US · CLOUD Act | Hoch | |
Google reCAPTCHAin product JS-Bundle → www.google.com/recaptcha | Bot-Schutz | Google (Global) | Alphabet Inc. US · CLOUD Act | Mittel | |
Google Tag Manager Skript / Iframe → googletagmanager.com/gtm.js | Tag Management | Google Cloud (Global) | Alphabet Inc. US · CLOUD Act DPF | Hoch | |
Integral Ad Science Datenschutz-Erklärung erwähnt Integral Ad Science | Analytics | Cloudflare | Integral Ad Science US · CLOUD Act DPF | Niedrig | |
Intercom JS-Bundle → widget.intercom.io | Live-Chat | AWS US | Intercom Inc. US · CLOUD Act DPF | Hoch | |
jsDelivr Skript / Iframe → cdn.jsdelivr.net | JavaScript-CDN | Multi-CDN: Cloudflare, Fastly, Bunny, G-Core (load-balanced) | Prospect One sp. z o.o. (jsDelivr-Maintainer) EU · CLOUD Act | Mittel | |
Let's Encrypt CAA-Record → issue letsencrypt.org | Zertifikat | n/a (CA) | Internet Security Research Group (ISRG) US | Niedrig | |
LinkedIn Insight Tag JS-Bundle → snap.licdn.com/li.lms-analytics | Tracking-Pixel | Azure | Microsoft Corp. US · CLOUD Act DPF | Mittel | |
LiveIntent Datenschutz-Erklärung erwähnt LiveIntent | E-Mail-Marketing | Cloudflare | LiveIntent Global | Niedrig | |
MaxMind Datenschutz-Erklärung erwähnt MaxMind | Analytics | Cloudflare | geoip2 Global | Niedrig | |
Media.net Skript / Iframe → .media.net/ | Analytics | Akamai | Media.net Global | Niedrig | |
Mediavine Skript / Iframe → .mediavine.com/ | Analytics | Squarespace, Inc. | Mediavine Global | Niedrig | |
Meta-Pixel JS-Bundle → connect.facebook.net/en_US/fbevents.js | Tracking-Pixel | Meta (Global) | Meta Platforms Inc. US · CLOUD Act DPF | Hoch | |
Microsoft Advertising JS-Bundle → bat.bing.com/bat.js | Werbe-Tracking (Bing Ads) | Azure US | Microsoft Corporation US · CLOUD Act | Hoch | |
Microsoft Clarity JS-Bundle → clarity.ms | Heatmaps / Session-Replay | Azure (Global, EU-Region möglich) | Microsoft Corp. US · CLOUD Act | Hoch | |
Microsoft Mail Sending SPF → spf.protection.outlook.com | Ausgehender E-Mail-Versand | Azure (Global) | Microsoft Corp. US · CLOUD Act DPF | Hoch | |
mParticle Skript / Iframe → .mparticle.com/ | Customer Data Platform | AWS US und EU | mParticle, Inc. US · CLOUD Act | Hoch | |
Nativo Datenschutz-Erklärung erwähnt Nativo | Analytics | Cloudflare | Nativo Global | Niedrig | |
Omniconvert Datenschutz-Erklärung erwähnt Omniconvert | Analytics | Cloudflare | Omniconvert Global | Niedrig | |
Outbrain Skript / Iframe → .outbrain.com/ | Content Discovery / Native Advertising | USA | Outbrain Inc. US · CLOUD Act | Hoch | |
PubMatic Datenschutz-Erklärung erwähnt PubMatic | Analytics | AWS CloudFront | PubMatic Other | Niedrig | |
Reddit Ads JS-Bundle → www.redditstatic.com | Analytics | Fastly | Reddit Ads Global | Niedrig | |
Segment Datenschutz-Erklärung erwähnt Segment | Customer Data Platform | AWS US | Twilio (Segment) US · CLOUD Act | Hoch | |
SendGrid SPF-ASN → SENDGRID - SendGrid, Inc., US | Transaktions-E-Mail | AWS US | Twilio (SendGrid) US · CLOUD Act | Hoch | |
Sharethrough Skript / Iframe → .sharethrough.com/ | Analytics | Cloudflare | Sharethrough Global | Niedrig | |
Taboola Skript / Iframe → .taboola.com | Content Discovery / Native Advertising | USA (eigene Infrastruktur) | Taboola, Inc. US · CLOUD Act | Hoch | |
Teads Skript / Iframe → teads.tv | Analytics | Fastly | Q28872999 US · CLOUD Act | Niedrig | |
Tealium Datenschutz-Erklärung erwähnt Tealium | Tag Management | AWS US | Tealium Inc. US · CLOUD Act | Mittel | |
TikTok Pixel JS-Bundle → analytics.tiktok.com | Advertising / Retargeting | Server in Singapur, Irland und den USA (laut TikTok-Privacy-Policy) | TikTok Technology Limited (EWR-Vertragspartner) / TikTok Pte. Ltd. (Global) IE · CLOUD Act | Hoch | |
Treasure Data Datenschutz-Erklärung erwähnt Treasure Data | Customer Data Platform | AWS US | Treasure Data, Inc. (arm Technology) US · CLOUD Act | Hoch | |
Twitter Ads JS-Bundle → static.ads-twitter.com/uwt.js | Analytics | Cloudflare | Twitter Ads Global | Niedrig | |
Unpkg JS-Bundle → unpkg.com/ | JavaScript-CDN | Cloudflare Workers (global, US-Anchor) | unpkg (von Michael Jackson, US, betreut) US · CLOUD Act | Mittel | |
Verizon Media Datenschutz-Erklärung erwähnt Verizon Media | Analytics | AWS | Yahoo Inc. US · CLOUD Act DPF | Niedrig | |
Wistia Skript / Iframe → fast.wistia.com | Video-Hosting | AWS US | Wistia Inc. US · CLOUD Act | Mittel | |
WordPress Skript / Iframe → /wp-content/ | CMS (Open-Source) | Self-Hosted (variabel) | WordPress Foundation (Open-Source) bzw. betreibender Host Other | Niedrig | |
Yandex.Metricain product JS-Bundle → ym(0, | Analytics | Yandex (RU) | Yandex N.V. Other | Hoch |
Qualtrics
Umfragen / Research
EU Alternative
+2Salesforce
CRM
EU Alternative
+2ZoomInfo
B2B-Datenbank / Sales Intelligence
EU Alternative
+2Chili Piper
Lead-Routing & Terminbuchung
EU Alternative
Amazon CloudFront
CDN
EU Alternative
+2Amazon SES
Transaktions-E-Mail
EU Alternative
+2cdnjs
JavaScript-CDN
EU Alternative
+2Crazy Egg
Heatmap / Session-Replay
EU Alternative
+2Ensighten
Tag Management
EU Alternative
+2Google Analytics
Analytics
EU Alternative
+2Google Call Conversion Tracking
Anruf-Conversion-Tracking
EU Alternative
+2Google reCAPTCHA
Bot-Schutz
EU Alternative
+2Google Tag Manager
Tag Management
EU Alternative
+2Integral Ad Science
Analytics
EU Alternative
+2jsDelivr
JavaScript-CDN
EU Alternative
+2Let's Encrypt
Zertifikat
EU Alternative
+2LinkedIn Insight Tag
Tracking-Pixel
EU Alternative
+2LiveIntent
E-Mail-Marketing
EU Alternative
+2Meta-Pixel
Tracking-Pixel
EU Alternative
+2Microsoft Advertising
Werbe-Tracking (Bing Ads)
EU Alternative
+2Microsoft Clarity
Heatmaps / Session-Replay
EU Alternative
+2Microsoft Mail Sending
Ausgehender E-Mail-Versand
EU Alternative
+2mParticle
Customer Data Platform
EU Alternative
+2Outbrain
Content Discovery / Native Advertising
EU Alternative
+2Segment
Customer Data Platform
EU Alternative
+2SendGrid
Transaktions-E-Mail
EU Alternative
+2Taboola
Content Discovery / Native Advertising
EU Alternative
+2TikTok Pixel
Advertising / Retargeting
EU Alternative
+2Treasure Data
Customer Data Platform
EU Alternative
+2Unpkg
JavaScript-CDN
EU Alternative
+2WordPress
CMS (Open-Source)
EU Alternative
+2Ad-Tech / DSP
Cookie-Banner / Consent
Cookie-Banner / Consent
Analytics
Eight pages: legal classification per tool, migration effort, prioritized roadmap. Ready to use in the boardroom or with your Data Protection Officer.
The DPO decides on DPAs, TIAs, and subprocessor approvals. With one click, they receive a compact summary of this scan, directly in their inbox.
Share Kit · for LinkedIn, X, TikTok & more
A card with logo, grade, and detected tools. On LinkedIn and X it auto-renders large; for TikTok & Reels there's a 9:16 format to download.
Suggested text
I just ran criteo.com through meetergo's Sovereignty Scan. Result: Grade E (20/100). 34 of 53 detected tools fall under US jurisdiction (CLOUD Act reach). Detected US tools: Qualtrics, Salesforce, ZoomInfo, Chili Piper + 30 more. The score is a risk indicator, not a GDPR verdict — but exactly the overview I want on the table at the next third-country transfer discussion. How sovereign is your own web stack?
Ends with a question on purpose — the algorithm likes questions.
Trust page, footer, RFP response. Updates automatically after every re-scan. Clicking the image opens the full report.
<a href="https://scan.meetergo.com/de/r/criteo.com" target="_blank" rel="noopener" aria-label="criteo.com: Sovereignty-Score E – meetergo Sovereignty Scan"> <img src="https://meetergo.com/scan/api/og?domain=criteo.com&grade=E&score=20&tools=53&us=34&logo=criteo.com&theme=light&eu=49&tools_list=Qualtrics%2CSalesforce%2CZoomInfo%2CChili+Piper" alt="criteo.com: Sovereignty-Score E – meetergo Sovereignty Scan" width="600" height="315" loading="lazy" style="max-width:100%;height:auto;border-radius:14px;border:1px solid #e5e5e5" /> </a>
Embed Badge
Switch two US tools, re-scan. The code below will then show the new grade.
<a href="https://scan.meetergo.com/de/r/criteo.com" target="_blank" rel="noopener" aria-label="Sovereignty Score: E – criteo.com">
<iframe src="https://scan.meetergo.com/scan/api/badge/criteo.com?variant=card&theme=light" width="360" height="240"
title="Sovereignty Score: E – criteo.com" loading="lazy"
style="border:0;display:block;max-width:100%"
sandbox="allow-popups allow-popups-to-escape-sandbox"></iframe>
</a>Instead
meetergo
Formulare, CRM und Terminbuchung in einer Plattform: DSGVO-fertig, mit 1-Klick-Import aus Typeform.
CRM · Salesforce Inc. (US)
CRM- und Marketing-Automation über Salesforce (US).DPF notice: Vendor is listed in the . Third-country transfer is covered, but exposure remains.
Instead
meetergo
Lite-CRM mit Kontakten, Notizen und Pipeline, direkt mit Buchungen verknüpft.
B2B-Datenbank / Sales Intelligence · ZoomInfo Technologies Inc. (US)
ZoomInfo Technologies Inc. (Vancouver, WA) ist eine US-amerikanische B2B-Sales-Intelligence-Plattform. Kontaktdaten und Firmeninformationen werden in den USA verarbeitet; CLOUD Act gilt.
Instead
meetergo
Lite-CRM mit Kontakten, Notizen und Pipeline, direkt mit Buchungen verknüpft.
53entries
34TIAs
53DPAs
Legal basis: GDPR Art. 28, 30, 44 ff. · EDPB Recommendations 01/2020 (Schrems II).
Sorted by effort. Expand a row for details.
Umfragen / Research
Formularlogik (Branching, Routing) und Felder werden 1:1 in EU-Smart-Forms überführt.
Time-to-Value: 3–5 Werktage
Lead-Routing & Terminbuchung
Routing-Regeln, Verfügbarkeiten und Salesforce/HubSpot-Sync lassen sich 1:1 nachbauen.
Time-to-Value: Setup in 3–5 Werktagen
CRM
CRM-Migration via natives Export-Tool oder API; Kontakte, Deals, Properties bleiben erhalten. Aufwand entsteht durch Workflow-Rebuild.
Time-to-Value: 2–6 Wochen
B2B-Datenbank / Sales Intelligence
CRM-Migration via natives Export-Tool oder API; Kontakte, Deals, Properties bleiben erhalten. Aufwand entsteht durch Workflow-Rebuild.
Time-to-Value: Migration in ~2 Werktagen
Ad-Tech / DSP
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Transaktions-E-Mail
API-Endpoint umbiegen, DKIM/SPF auf den neuen Sender anpassen, E-Mail-Templates portieren. DKIM-Validierung ist der pfadkritische Schritt.
Time-to-Value: 1–2 Wochen
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Heatmap / Session-Replay
Aufzeichnungen sind nicht migrierbar. Neuer Recorder ab Cutover-Tag; Heatmap-Baseline muss sich erst aufbauen.
Time-to-Value: 1 Werktag (Setup) + ~30 Tage Datenaufbau
Tag Management
Container-Export aus dem alten TMS, Import in den EU-Ersatz (z.B. Matomo Tag Manager); Trigger und Variablen prüfen.
Time-to-Value: 3–5 Werktage
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Anruf-Conversion-Tracking
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Bot-Schutz
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Tag Management
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Live-Chat
Chat-Verläufe per Export/API ziehen (für Compliance-Archiv), Snippet austauschen, Routing/Kanäle in EU-Tool nachbauen.
Time-to-Value: 1–2 Wochen
Tracking-Pixel
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
E-Mail-Marketing
API-Endpoint umbiegen, DKIM/SPF auf den neuen Sender anpassen, E-Mail-Templates portieren. DKIM-Validierung ist der pfadkritische Schritt.
Time-to-Value: 1–2 Wochen
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Tracking-Pixel
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Werbe-Tracking (Bing Ads)
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Heatmaps / Session-Replay
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Ausgehender E-Mail-Versand
API-Endpoint umbiegen, DKIM/SPF auf den neuen Sender anpassen, E-Mail-Templates portieren. DKIM-Validierung ist der pfadkritische Schritt.
Time-to-Value: 1–2 Wochen
Customer Data Platform
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Content Discovery / Native Advertising
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Customer Data Platform
Container-Export aus dem alten TMS, Import in den EU-Ersatz (z.B. Matomo Tag Manager); Trigger und Variablen prüfen.
Time-to-Value: 3–5 Werktage
Transaktions-E-Mail
API-Endpoint umbiegen, DKIM/SPF auf den neuen Sender anpassen, E-Mail-Templates portieren. DKIM-Validierung ist der pfadkritische Schritt.
Time-to-Value: 1–2 Wochen
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Content Discovery / Native Advertising
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Tag Management
Container-Export aus dem alten TMS, Import in den EU-Ersatz (z.B. Matomo Tag Manager); Trigger und Variablen prüfen.
Time-to-Value: 3–5 Werktage
Advertising / Retargeting
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Customer Data Platform
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
Video-Hosting
meetergo ersetzt kein Video-Hosting. Quick-Win: Privacy-Embed (z.B. youtube-nocookie.com) mit Consent-Gate. Vollwechsel: EU-Video-Hosting (Vimeo EU-Region, Bunny Stream EU/Slowenien, selbst gehostetes Peertube). Embeds und Player-IDs austauschen.
Time-to-Value: 1–3 Werktage pro Plattform (Embed-Swap)
Analytics
Tag austauschen, Goals/Ziele neu konfigurieren, ggf. Daten via API/BigQuery für Vergleichsperiode exportieren.
Time-to-Value: 1–2 Wochen
CDN
DNS auf neuen CDN umstellen (TTL vorher senken), Cache-Regeln und WAF-Policies portieren, Origin-IPs ggf. neu verstecken.
Time-to-Value: 1–2 Wochen
JavaScript-CDN
DNS auf neuen CDN umstellen (TTL vorher senken), Cache-Regeln und WAF-Policies portieren, Origin-IPs ggf. neu verstecken.
Time-to-Value: 1–2 Wochen
CDN
DNS auf neuen CDN umstellen (TTL vorher senken), Cache-Regeln und WAF-Policies portieren, Origin-IPs ggf. neu verstecken.
Time-to-Value: 1–2 Wochen
JavaScript-CDN
DNS auf neuen CDN umstellen (TTL vorher senken), Cache-Regeln und WAF-Policies portieren, Origin-IPs ggf. neu verstecken.
Time-to-Value: 1–2 Wochen
Zertifikat
DNS auf neuen CDN umstellen (TTL vorher senken), Cache-Regeln und WAF-Policies portieren, Origin-IPs ggf. neu verstecken.
Time-to-Value: 1–2 Wochen
JavaScript-CDN
DNS auf neuen CDN umstellen (TTL vorher senken), Cache-Regeln und WAF-Policies portieren, Origin-IPs ggf. neu verstecken.
Time-to-Value: 1–2 Wochen
CMS (Open-Source)
DevOps-Projekt: IaC (Terraform/Pulumi) auf europäischen Anbieter migrieren, Daten via Transfer-Service, am Ende DNS-Cutover. Greenfield-Workloads sind schneller als Migrationen.
Time-to-Value: 2–6 Monate
Fastest lever: Booking & lead routing. Infrastructure (hosting, DNS, CDN) is a separate project.
Operational Signals
Five operational signals that any DNS resolver or TLS handshake exposes. They show who's behind the domain — even when the brand promises something different.
Cookies the server sets on the very first visit, before anyone clicks a cookie banner.
Cryptographic signature of DNS responses. Prevents attackers from redirecting the domain to malicious servers.
Encrypts the connection between browser and website. The Certificate Authority (CA) guarantees the domain belongs to the stated owner.
Who actually owns the website's IP address. Shows the real hosting corporation, even if the contractual partner is different.
Hostname the IP points back to. Often unset for Anycast CDNs (Cloudflare, Vercel).
Capped per bucket, low-confidence hits weighted half, EU vendors not deducted.
Total deductions: −80 · Sovereignty bonus: +0
0 cookie(s) set before consent.
No critical category covered by an EU vendor.
The Sovereignty Scan evaluates publicly accessible signals (homepage and legal page HTML, DNS, MX, SPF, and ASN data) and compares them against our database of approximately 3,000 vendors. The mapping of tools to owners and jurisdictions is based on public sources (legal notices, privacy policies, Wappalyzer, RIPE/ARIN registrations) and is intended as a first indication at the time of evaluation, not a legally binding assessment.
The A–E grade is a risk indicator, not a GDPR compliance verdict. For a concrete GDPR assessment — especially regarding Data Processing Agreements (DPA), Standard Contractual Clauses (SCC), and Transfer Impact Assessments (TIA) — please consult your Data Protection Officer or external legal counsel. meetergo makes no claim as to whether a specific vendor can be used in a GDPR-compliant manner in any particular use case.
Correction & Response: If you are the domain owner, Data Protection Officer, or press office of the assessed domain and the signals shown here do not reflect your current tool configuration, we welcome corrections and will update the listing promptly after review.
Weniger Anbieter, weniger AV-Verträge, weniger Datenschutzaufwand. Eine deutsche Plattform für Buchung, Qualifizierung, Signatur und Sales-Content, DSGVO-konform mit Servern in Frankfurt.
Enterprise-Hinweis: Eine Plattform = ein AV-Vertrag, ein Auditschnitt. Reduziert die Compliance-Last erheblich.