Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Live chat, cobrowse and video chat widget by Acquire.io (US). Loads JavaScript that sets a visitor identifier, session cookies and may stream cobrowsing DOM data. Chat logs are stored server side in the United States by default.
Acquire (acquire.io) is a US based customer engagement platform offering live chat, video chat, voice calls and cobrowsing through a JavaScript widget embedded on the publisher site. It is widely used in financial services, telecoms and SaaS support teams thanks to its cobrowse and screen sharing capabilities, which allow an agent to see and guide the visitor through a workflow in real time.
The widget sets first party cookies such as acquire_uid for the visitor identifier and acquire_sid for the active session, plus third party cookies under the acquire.io domain that enable cross site visitor recognition. When cobrowse, video chat or voice is enabled, Acquire streams DOM data, audio and video through WebRTC and WebSocket connections. Collected data includes IP, user agent, pages browsed, chat transcripts, recordings, contact details and any data exchanged during the interaction.
The cookies set by the widget are not strictly necessary for the user of the host site, so Article 5(3) of the ePrivacy Directive requires prior consent before loading. Cobrowse and video features involve real time observation of the user device and may capture personal or sensitive data displayed on screen, which raises the risk level under Article 35 GDPR and often calls for a DPIA. Acquire acts as processor for the operator under Article 28 GDPR.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block the Acquire script until the visitor accepts chat and support cookies in the consent management platform. For cobrowse and video chat, request a separate, explicit opt in at the moment the agent triggers the feature, with a clear preview of what will be shared. Provide a stop sharing button and the ability to end the session at any time. Visitor consent withdrawal must remove the widget and clear the Acquire cookies.
Acquire is hosted on AWS US regions by default, so chat, video and cobrowse data are transferred to the United States. Acquire signs Standard Contractual Clauses and, where applicable, certifies under the EU US Data Privacy Framework. Enterprise customers may request EU or APAC regions. Subprocessors include AWS, transcription and translation providers and analytics partners, each adding its own transfer profile.
Sign the Acquire Data Processing Addendum, perform a Transfer Impact Assessment for the US transfer, run a DPIA when cobrowse, video or voice is enabled, configure masking rules so that payment or health fields are never streamed, gate the script behind the CMP, list all Acquire cookies in the cookie policy, and document Acquire and its subprocessors in the records of processing.
Websites using Acquire Live Chat must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is required when Acquire is deployed at scale, when cobrowse or video chat is enabled (because the agent can see the visitor screen), when sensitive information may be exchanged (health, finance, legal), or when minors form part of the audience. Document the cobrowse perimeter, the masking rules, the retention of chat logs and recordings and the US transfer.
Sample consent text
We use Acquire Live Chat to offer support, video chat and cobrowsing. This sets chat cookies, may share your screen with our agent and transfers data to Acquire in the United States. We need your consent to load the widget. You can accept, refuse or withdraw your consent at any time.
Third-party domains contacted
acquire.iotagove.comcdn.acquire.ioapi.acquire.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| acquire_uid | http_persistent | 1 year | First party visitor identifier set by the Acquire chat widget to recognise returning visitors. |
| acquire_sid | http_session | Session | First party session identifier used to maintain the chat conversation state across page views. |
| acquire_id | http_persistent | 1 year | Third party cookie set under the acquire.io domain to enable cross site visitor recognition across Acquire customer sites. |
| acquire_cobrowse | http_session | Session | Short lived first party cookie used to coordinate the cobrowse session with the agent backend. |
| acquire_chat_state | http_persistent | 30 days | First party storage of the open or closed state of the chat widget on the host site. |
Acquire Live Chat uses cookies for user preferences — inform visitors with a consent banner.
The Acquire widget writes first party cookies such as acquire_uid (visitor identifier, lifetime around one year) and acquire_sid (session identifier), plus third party cookies under the acquire.io domain that enable cross site visitor recognition. Additional storage may be used for the chat queue position, agent assignment and preview of the cobrowse session.
Yes. The widget cookies are not strictly necessary, so Article 5(3) of the ePrivacy Directive requires prior, freely given, informed consent before the script loads. For cobrowse, video chat or voice features, collect a separate explicit consent at the moment the agent triggers the function, with full information about what will be shared.
Consent under Article 6(1)(a) GDPR for cookies, cobrowse, video chat and US transfers. Performance of a contract under Article 6(1)(b) GDPR for messages exchanged during an active support session in answer to a user request. Legitimate interest under Article 6(1)(f) GDPR may cover abuse prevention, fraud detection and security logging within strict limits.
Yes by default. Acquire is hosted on AWS US regions, so chat content, recordings and cobrowse data are processed in the United States. Acquire signs Standard Contractual Clauses and, where applicable, certifies under the EU US Data Privacy Framework. Enterprise customers may request EU or APAC regions and should perform a Transfer Impact Assessment in any case.
A DPIA is required in most deployments, since Acquire combines large scale visitor tracking, US transfer, cobrowse and video features that can capture personal or sensitive screen content. The DPIA must cover the cobrowse perimeter, masking of payment or health fields, retention of chat logs and recordings and access controls within the operator and Acquire teams.
Sign the Acquire Data Processing Addendum, perform a Transfer Impact Assessment, run a DPIA, configure masking rules to exclude payment, password and health fields from cobrowse, gate the script behind the CMP, request explicit consent before any cobrowse or video session, document Acquire and its subprocessors, and set strict retention for chat logs and recordings.
EU based alternatives include Crisp (France), Userlike (Germany) and Smartsupp (Czech Republic) for chat, with various levels of cobrowse and video support. Salesforce Service Cloud or Zendesk Messaging offer comparable enterprise features but also raise US transfer questions. Self hosted options like Chatwoot or Rocket.Chat avoid third party transfers at the cost of running the infrastructure.
Add a dedicated Acquire entry listing acquire_uid, acquire_sid and any third party acquire.io cookies with purpose (chat, cobrowse, video), lifetime and the third party setting them. Disclose the US transfer, the Standard Contractual Clauses and Data Privacy Framework, mention the cobrowse and recording features, link to the Acquire privacy notice and offer a clear consent withdrawal control.