Flutterwave

Flutterwave

Flutterwave is an African payment technology platform that embeds checkout flows and payment widgets on merchant websites. Scripts load hosted payment forms supporting card, mobile money, and bank transfer methods for transactions across African and global markets.

Back to Vendor Library

Overview

Flutterwave is a leading African payment technology company that enables businesses to accept payments from customers across Africa and globally. The platform supports a wide range of payment methods tailored to African markets — including mobile money (M-Pesa, MTN Mobile Money), bank transfers, USSD, and traditional card payments (Visa, Mastercard). For website operators, Flutterwave's embedded checkout scripts provide the payment processing infrastructure necessary to complete online transactions.

As a payment processor, Flutterwave occupies a critical position in the e-commerce transaction flow. Its scripts handle sensitive financial data including card numbers, bank account details, and mobile money credentials. This places Flutterwave under stringent regulatory frameworks including PCI DSS compliance requirements, and its scripts are considered essential to the core transactional function of any website that uses it for payment processing.

What This Script Does

Flutterwave's scripts provide complete payment checkout functionality on merchant websites:

  • Hosted Payment Forms: Loads secure, PCI-compliant payment input forms that collect card numbers, expiration dates, CVVs, and other payment credentials. These forms are rendered within Flutterwave's secure iframe to keep sensitive payment data off the merchant's servers.
  • Payment Method Selection: Presents available payment options based on the customer's location and the merchant's configuration — including card payments, bank transfers, mobile money, USSD codes, and other region-specific methods.
  • Transaction Processing: Handles the payment authorization flow including 3D Secure verification, OTP validation, and redirect-based authentication flows required by certain payment methods and banks.
  • Currency and Localization: Manages multi-currency display, exchange rate calculations, and localized payment experiences for customers across different African countries and international markets.
  • Transaction State Management: Maintains payment session state through the checkout process, handles timeout scenarios, manages retry logic for failed transactions, and communicates transaction results back to the merchant's website via callbacks.

Consent & Compliance

Flutterwave's scripts process payment data under a clear legal basis: they are strictly necessary to fulfill the transaction that the customer has initiated. Under GDPR Article 6(1)(b), processing payment data is necessary for the performance of a contract — the customer is purchasing a product or service and payment processing is an integral part of that contract.

The ePrivacy Directive's requirements around cookies and device storage also provide an exemption for cookies strictly necessary for a service explicitly requested by the user. Payment session cookies, fraud detection mechanisms, and transaction state management all fall within this exemption.

Flutterwave maintains PCI DSS compliance for handling cardholder data, and its hosted payment form approach (using iframes) is specifically designed to reduce the merchant's PCI compliance scope by keeping sensitive payment data within Flutterwave's controlled environment.

Website operators should note that while Flutterwave's core payment scripts are essential, any additional analytics or tracking features that Flutterwave may offer separately from the payment flow should be evaluated independently for consent requirements.

Should You Block This Without Consent?

Flutterwave's scripts are essential payment processing infrastructure. Blocking them would prevent customers from completing purchases, which is the core transactional purpose of the website. Payment processing is a strictly necessary function initiated by the user, and the data collection is limited to what is required to fulfill the transaction.

No.

Visit website

Consent Categories

Essential

Also Known As

flutterwaveflutterwave cookiesflutterwave privacyflutterwave consentafrican payment consentflutterwave tracking

Industries

Finance

Tracked Domains (1)

flutterwave.comEssential

Frequently Asked Questions

Does Flutterwave require consent before loading?

No. Flutterwave is a payment processor. Its scripts are strictly necessary to complete transactions that visitors have actively initiated. Payment processing is required for contract performance under GDPR Article 6(1)(b).

What data does Flutterwave collect during checkout?

Flutterwave collects card numbers, bank details, and mobile money credentials through PCI-compliant iframes hosted on its own infrastructure. Session cookies maintain payment state and are exempt as strictly necessary for the requested transaction.

How does ConsentStack handle Flutterwave?

ConsentStack classifies Flutterwave as an essential payment tool and loads it without requiring visitor consent. Because its data collection is limited to completing the transaction, ConsentStack never blocks it behind a consent prompt.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Flutterwave

ConsentStack automatically detects and manages Flutterwave trackers so your site stays compliant with global privacy regulations.

Get started free