Substack

Substack

Substack is a newsletter and publishing platform that provides embeddable subscription widgets for external websites. Scripts load subscribe forms allowing visitors to sign up for Substack publications directly from third-party sites. Email addresses and form submission events are transmitted to Substack's servers. May set cookies to track widget interactions.

Back to Vendor Library

Overview

Substack is a newsletter publishing platform that provides embeddable subscription widgets for external websites. Publishers and content creators embed Substack signup forms on their personal sites, blogs, and landing pages to grow their subscriber lists. The widget allows visitors to enter their email address and subscribe to a Substack publication without leaving the host website.

What This Script Does

Substack embeds load as iframes or JavaScript widgets from substackapi.com and substack.com.

  • Scripts loaded: Substack embed scripts load from substackapi.com, rendering a subscribe form or publication preview widget within the host page. The widget displays the publication name, description, and an email input field.
  • Form submission: When a visitor enters their email address and submits the form, the data is transmitted to Substack's servers to create or update a subscriber record for the publication.
  • Cookies: The embed may set cookies on the substack.com domain for session management and to track whether the visitor is already a Substack user. Specific cookie behavior depends on the embed type (iframe vs. JavaScript).
  • Data collected: Email addresses submitted through the form, referrer URL (which site the subscription originated from), and basic interaction events (form displayed, form submitted). If the visitor is a logged-in Substack user, the embed may recognize their existing account.
  • No behavioral tracking: The embed does not track page views, scroll depth, or browsing behavior on the host site beyond the form interaction itself.

Consent & Compliance

Substack embeds fall under the functional consent category.

Under GDPR and ePrivacy, the subscription widget serves a functional purpose — enabling visitors to sign up for content they want to receive. If the embed sets cookies through the substack.com domain before user interaction, those cookies may require consent under the ePrivacy Directive as they are not strictly necessary for the host site's functionality. Email collection through the form requires a GDPR-compliant legal basis (typically Article 6(1)(a) consent through the explicit subscribe action).

Under CCPA/CPRA, email addresses collected through the widget constitute personal information. The host site's privacy policy should disclose this data collection and Substack's role as a third-party processor.

Should You Block This Without Consent?

No. Substack embeds serve a functional purpose with minimal tracking impact. The subscription action is explicitly initiated by the visitor entering their email address. If the embed is implemented as a simple iframe, it has negligible cookie footprint on the host domain. For sites prioritizing minimal third-party exposure, consider using a custom form that submits to Substack's API server-side rather than embedding the client-side widget.

Visit website

Consent Categories

Functional

Also Known As

substacksubstack embedsubstack subscribe widgetsubstack newslettersubstack signup form

Industries

Business and Consumer ServicesPublishing and Printing

Tracked Domains (2)

substack.comFunctional
substackcdn.comFunctional

Frequently Asked Questions

Does Substack require cookie consent?

No. Substack subscription embeds serve a functional purpose — visitors deliberately enter their email to subscribe. The embed does not track page views or browsing behavior on the host site. If substack.com domain cookies are set before interaction, those may require functional consent under strict ePrivacy interpretations.

What data does Substack collect?

Substack subscription widgets collect the visitor's email address on form submission, the referrer URL showing which site the subscription originated from, and basic interaction events (form displayed, form submitted). The embed may recognize existing Substack users if they are logged in. No page-level behavioral tracking occurs on the host site.

How does ConsentStack handle Substack?

ConsentStack classifies Substack as functional and does not block subscription embeds, since they activate only through deliberate user interaction. Detected via substackapi.com script loads. For strict consent postures, ConsentStack can gate the embed behind functional consent to prevent any pre-interaction cookie setting.

Related Vendors

Google Maps
Google Maps
Google Maps is the dominant web mapping service used for embedded maps and location features on websites. Scripts load interactive map tiles, geocoding, and Places API functionality through the Maps JavaScript API. May set cookies to remember map preferences and manage API quota.
Google Search
Google Search
Google Search appears on websites through the Programmable Search Engine, enabling custom site-specific search functionality. Scripts load the search widget from Google's servers to render search bars and display results within the host website. Sends search queries to Google's index and may set cookies for search personalization and query history.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Microsoft Teams
Microsoft Teams
Microsoft Teams is a workplace communication and collaboration platform that can be embedded on websites for chat, meetings, and document sharing. Embedded widgets load from Microsoft's servers to enable real-time messaging, video calls, and file collaboration. Sets authentication and session cookies to verify participant identity and maintain connection state.
Apple Maps JS
Apple Maps JS
Apple Maps JS is Apple's JavaScript mapping framework for embedding interactive maps on websites. Scripts load map tiles, location pins, and routing data from Apple's MapKit servers to render navigable maps within web pages. Requires a MapKit JS token for authentication but does not set tracking cookies or collect behavioral analytics data.
Apple Business Chat
Apple Business Chat
Apple Business Chat enables direct customer messaging between websites and Apple's Messages app. Scripts load chat buttons and conversation interfaces that connect visitors to business support agents through iMessage. Sets minimal session cookies to maintain conversation context but does not track browsing behavior or collect analytics data.

Manage consent for Substack

ConsentStack automatically detects and manages Substack trackers so your site stays compliant with global privacy regulations.

Get started free