Generate a GDPR-compliant cookie policy AND a ready-to-paste JavaScript consent banner for your website. Covers GA4, Meta Pixel, Hotjar, and more. 100% free, no signup required.
No paywalls. No subscriptions. Just instant, professional legal documents.
Uniquely, we generate both the written cookie policy AND a working JavaScript consent banner you can paste into your site — no other free tool does this.
Select GA4, Meta Pixel, Google Ads, Hotjar, or any combination. Our AI lists each cookie by name, category, provider, purpose, and expiry duration.
Compliant with GDPR Article 5(3) and the EU ePrivacy Directive. Includes prior consent language, granular opt-in/opt-out, and withdrawal mechanism.
Everything you need to know about Cookie Policies
Cookie law is one of the most actively enforced areas of EU privacy regulation. And it's not just an EU problem anymore.
Cookies sound innocuous. Small text files. Hardly the stuff of regulatory drama. But the ePrivacy Directive, combined with GDPR, turned cookie compliance into one of the most litigated and enforced areas of EU data law. The UK's ICO, France's CNIL, Italy's Garante, and Germany's state authorities all actively investigate websites that set tracking cookies without proper consent.
France's CNIL fined Google €150 million and Facebook €60 million in early 2022 specifically for making it harder to refuse cookies than to accept them. The ICO has issued formal enforcement notices to major publishers. Austria ruled that Google Analytics itself violates cookie law when data is sent to US servers. If regulators are going after Google and Facebook, smaller sites are definitely not invisible.
Here's what most website owners don't realize: using Google Analytics means you're setting cookies. Google Tag Manager means cookies. Facebook Pixel means cookies. Embedded YouTube videos mean cookies. Hotjar, Intercom, Drift, any chat widget: all cookies. Almost every third-party tool you add to your site drops at least one cookie, and most of those cookies are non-essential, which means they require explicit prior consent from EU users before being set.
Beyond the EU, cookie compliance is creeping into other jurisdictions. The UK PECR (Privacy and Electronic Communications Regulations) mirrors the ePrivacy Directive. California's CCPA effectively covers many cookie practices. Brazil's LGPD has similar requirements. Canada's PIPEDA requires meaningful consent for tracking. The global direction of travel is clearly toward stricter cookie consent, not looser.
And then there are the practical business consequences. Shopify can flag stores with non-compliant cookie practices. Google Ads and Facebook Ads both have policies requiring proper cookie disclosure on landing pages. Some payment processors include cookie compliance in their merchant requirements. A cookie policy isn't just a legal checkbox. It protects your revenue channels too.
Any website using analytics, advertising, social sharing buttons, chat widgets, embedded media, or any other third-party script that sets cookies on visitor devices.
ICO, CNIL, or other EU regulator fines, blocked advertising accounts, Shopify payment processing issues, and private complaints from EU visitors who know their rights.
Full transparency about your tracking, documented consent process, compliant ad platform usage, and users who trust you because you're upfront about what you do.
A complete breakdown of every section the generator produces for you.
A simple explanation of what cookies are and how they work, written for actual humans rather than lawyers. Users who understand cookies make more informed consent decisions.
The cookies that keep your site running: login sessions, shopping carts, security tokens, and preferences. These don't need consent but still need to be disclosed.
Google Analytics, Hotjar, Mixpanel, and similar tools. This section explains what data they collect, how long the cookies last, and how users can opt out.
Facebook Pixel, Google Ads, and other ad network cookies. These require explicit consent under GDPR and the ePrivacy Directive before being set.
A table or list of the specific third-party services that set cookies on your site, with links to their own privacy and cookie policies for full transparency.
Browser-by-browser instructions for managing or deleting cookies, plus links to opt-out tools like Google's opt-out extension, the NAI opt-out page, and YourOnlineChoices.
Describes how your cookie consent banner works, what choices users have, how they can change their mind, and how long their consent preference is remembered.
How long each type of cookie persists, from session cookies that disappear when the browser closes to persistent cookies that last months or years.
How and when the cookie policy will be updated when new cookies are added, with guidance that users should check back periodically and reconsent if practices change materially.
The technical and legal questions that actually come up when you're setting this up
Some cookie compliance tools charge monthly fees that add up faster than the fines they protect you from at small scale.
| Feature | FreeTOS | Cookiebot | OneTrust |
|---|---|---|---|
| Price | Free | $9/mo+ | $23/mo+ |
| Cookie Policy Document | Yes, free | Yes | Yes |
| Consent Banner Script | Yes, free | Yes | Yes |
| Automatic Cookie Scanning | Manual | Yes | Yes |
| PDF Download | Free | Paid | Paid |
| No Signup Required | Yes | No | No |
| Consent Log Storage | No | Yes | Yes |
FreeTOS generates the policy document and banner code. For enterprise-grade consent logging and automatic cookie scanning, a paid CMP may be appropriate. For most small to medium sites, FreeTOS covers the essentials at zero cost.
The policy document, the banner script, and where everything needs to go.