Free cookie policy generator

Tick the cookies you set and get a cookie policy with a real cookie table: name, provider, purpose, type, and duration. The wording follows the GDPR, the EU cookie law, and the CCPA. Download it as HTML, Word, or PDF. Everything is built on your device, so your site details never reach a server, and there is no sign-up.

Your details

Site

Regions you serve

Cookie categories you set

Third-party tools you run

Each tool you tick adds the cookies it actually sets to the table, with the durations its provider documents. Check them against your own site before you publish, because a tag manager or a plugin can change them.

Other cookies

Consent

Live preview

Copied to clipboard

Cookie Policy

[Your site name]
Effective date: 16 July 2026

Draft template - not legal advice. Have qualified counsel review before publishing.

1. What cookies are

[Your site name] ("we", "us") uses cookies and similar technologies on [your-website.com]. This policy lists every one of them, says what it does, who receives the data, and how long it stays on your device.

A cookie is a small text file that a site asks your browser to store. It is read back on your next page or your next visit, which is how a site remembers that you are signed in, or that you have seen a notice already. We use the word "cookies" here for local storage, pixels, and SDKs as well, because the law treats anything that stores or reads information on your device the same way.

2. Cookies we set

The table below lists the cookies used on [your-website.com]. Third-party cookies are set by the provider named in the table, not by us, and that provider decides what it does with the data under its own policy.

CookieProviderPurposeTypeDuration
session[Your site name]Keeps you signed in and holds your session while you move between pagesStrictly necessarySession
cookie_consent[Your site name]Stores which cookie categories you accepted, so the banner is not shown againStrictly necessary12 months
_gaGoogleDistinguishes one visitor from another so visits can be countedAnalytics and performance2 years
_ga_<container-id>GoogleKeeps the state of the current analytics sessionAnalytics and performance2 years

3. The categories we use

The cookies above fall into these categories:

  • Strictly necessary: Needed to run the site: signing you in, keeping your session, remembering what is in your basket, and blocking fraudulent requests. The site does not work without them, so they are set without asking.
  • Analytics and performance: Count visits and show us which pages people read and where they give up, so we can fix what is slow or confusing. The reports are read in aggregate.

4. Your consent

Strictly necessary cookies are set as soon as you open the site, because it cannot run without them. Every other category, meaning the analytics and performance cookies, is set only after you accept it in our cookie banner. Nothing in those categories is loaded while the banner is waiting for your answer, and refusing is as easy as accepting.

Consent is per category, not all or nothing. Accepting analytics does not accept advertising, and you can change your mind later without any consequence for the parts of the site you use.

5. Withdrawing your consent

You can withdraw your consent at any time, and it has to be as easy to withdraw as it was to give. To do it, open the cookie settings from the link in the footer of every page and change what you accepted. The change takes effect straight away and we stop setting anything you turned off. Withdrawing does not make the processing we did beforehand unlawful, and it does not affect the strictly necessary cookies.

If you would rather write to us about it, email [[email protected]] and we will act on the request.

6. Managing cookies in your browser

Your browser can block cookies or delete the ones already stored, and every major browser has this in its privacy settings. Blocking strictly necessary cookies will break parts of the site, such as staying signed in, so most browsers let you block third-party cookies while leaving the site's own cookies alone.

  • Chrome: Settings, then Privacy and security, then Third-party cookies.
  • Safari: Settings, then Privacy.
  • Firefox: Settings, then Privacy & Security.
  • Edge: Settings, then Cookies and site permissions.

7. Your rights (GDPR)

The data a cookie collects about you is usually personal data, so the GDPR applies to it. If you are in the EU or the UK you can ask us for a copy of that data, ask us to correct or delete it, object to our use of it, or complain to your data protection authority. Email [[email protected]] and we will answer within one month.

Some of the providers named in the table are outside the EU and the UK, so data collected by their cookies may be transferred there. Where that happens we rely on an adequacy decision or on the European Commission's Standard Contractual Clauses.

8. California residents (CCPA/CPRA)

We do not set advertising cookies, so we do not sell or share personal information as the CCPA defines those terms. If you are a California resident you can still ask what personal information we hold about you and ask us to delete it, by emailing [[email protected]].

We honour the Global Privacy Control signal your browser can send, and we treat it as a valid opt-out request without asking you to confirm it. We will not deny you service, charge you a different price, or give you a worse experience because you opted out.

9. Changes to this cookie policy

We update this policy whenever a cookie is added, removed, or changed, which in practice means whenever we add or drop a tool. The effective date at the top tells you when the current version took effect. If a change means we need your consent for something new, we will ask for it before the cookie is set rather than afterwards.

10. Contact us

Questions about the cookies on [your-website.com], or about this policy, go to [[email protected]].

How the cookie policy generator works

1

Fill in the details

Your site name, URL, and contact email, then the cookie categories you set, the tools you run, and any cookie of your own you want listed.

2

Watch the table build

Tick Google Analytics and the rows for _ga arrive with the right purpose and duration. Say you serve California and the opt-out section arrives with them.

3

Download and publish

Take the policy as HTML for your site, Word for your lawyer, or PDF for your records. The table stays a real table in every format. Nothing you typed ever left your device.

Free, private, and aligned with the GDPR, the EU cookie law, and the CCPA

Most cookie policy generators push your site details through their servers, then paywall the download or leave a credit link in the footer of your own legal page. This one works differently, and the document it writes carries what GDPR Article 7, the ePrivacy Directive, and the CCPA expect a site to tell its visitors:

01

100% in your browser

The form, the table, and the HTML, Word, and PDF files are built by JavaScript on your device. Your site name, your email, and your cookie list are never uploaded.

02

A real cookie table, not a vague paragraph

Regulators ask for the cookie name, who sets it, what it does, and how long it lasts. A sentence saying "we use cookies to improve your experience" does not answer any of that. The table does.

03

The whole document, free

You get every clause and the full table, with no watermark, no account, and no credit link back to us.

What the generated cookie policy includes

  1. What a cookie is, in language a visitor can follow.
  2. A table of every cookie you set: name, provider, purpose, type, and duration.
  3. The categories you use, and what each one is for.
  4. Which cookies are set before consent, and which wait for it.
  5. How a visitor withdraws consent, and that it is as easy as giving it (GDPR Article 7(3)).
  6. How to block or clear cookies in Chrome, Safari, Firefox, and Edge.
  7. GDPR rights over the data a cookie collects, when you serve EU or UK visitors.
  8. The CCPA opt-out from sale or sharing, when you run advertising cookies and serve California.
  9. What happens when you add or remove a cookie, and how you are told.

Every document carries this line: "Draft template - not legal advice. Have qualified counsel review before publishing."

Which document do I need?

A cookie policy gets confused with a privacy policy constantly. They answer different questions, and most sites publish both.

Cookie policy

The specific cookies and trackers you store on a visitor's device, what each one does, how long it lasts, and how consent is given and taken back. This is the page your consent banner links to, and it is the document you are generating above.

ePrivacy Directive Art. 5(3), GDPR Art. 7

Privacy policy

All the personal data you handle, including data that has nothing to do with cookies: an order, a support ticket, a survey answer. Required as soon as you collect an email address.

Generate a privacy policy

Terms and conditions

The contract between you and your users: what you promise, what they agree to, how accounts end, and who is liable when something goes wrong. Not a privacy document at all.

Generate terms and conditions

The cookie policy is the one people skip, and it is the one a complaint tends to start with, because anyone can open the developer tools and compare your list against what your site actually sets.

Built for every kind of site

A blog with one analytics tag and a store with six ad pixels need the same disclosures written about very different stacks. The form scopes the policy to what you actually run. If you collect answers through forms, BlockSurvey handles that side with GDPR-ready surveys, where responses are encrypted before they reach a server.

E-commerce stores

List the Stripe fraud cookies you cannot avoid alongside the Meta Pixel you chose, and keep the two on the right side of the consent line.

SaaS and web apps

Name the session, analytics, and support cookies you set, which is one of the first things an enterprise buyer's security review asks you to produce.

Bloggers and creators

Publish the cookie list your ad network and affiliate programs check for, without paying a subscription for a page nobody clicks.

Agencies and freelancers

Audit a client's tags, draft the table in a few minutes, hand the Word file to their counsel, and publish the HTML once it comes back.

Startups

Ship a policy that matches your real stack on day one, then edit the table when you add a tag rather than a year later.

Marketing teams

Keep the policy in step with the tag manager, so the page your banner links to says the same thing your site does.

Collecting personal data through forms or surveys?

A cookie policy describes the trackers you set. BlockSurvey changes what a form can see in the first place: responses are encrypted on the respondent's device, so the server stores nothing readable. Collect with privacy-first, GDPR-ready surveys.

More free privacy tools

Browse all privacy tools

These tools run in your browser because that is how we build everything. The same idea, applied to research: privacy-first surveys with end-to-end encryption.

Frequently asked questions

What is a cookie policy and do I need one?

A cookie policy is the page that lists every cookie and tracker your site sets, what each one does, who receives the data, and how long it lasts. You need one as soon as you set any cookie beyond the ones that are strictly necessary to run the site, which in practice means as soon as you add analytics or an ad pixel. It is the page your consent banner links to, and regulators look at it first when a complaint comes in.

Which laws does this cookie policy generator cover?

The GDPR, the ePrivacy Directive, and the CCPA as amended by the CPRA. The ePrivacy Directive, known as the EU cookie law, is the one that requires consent before a non-essential cookie is stored on someone's device. The GDPR sets the standard that consent has to meet: freely given, specific, informed, and as easy to withdraw as it was to give. The CCPA treats advertising cookies that pass identifiers to ad partners as sharing, which gives Californians the right to opt out.

Is this a substitute for legal advice?

No. This tool generates a starting-point cookie policy aligned with the GDPR, the ePrivacy Directive, and the CCPA, but it is not legal advice and may not cover every requirement for your business or jurisdiction. Have it reviewed by qualified legal counsel before you publish or rely on it.

Does my data leave the browser?

No. Your site name, your contact email, and every cookie you list are turned into the document by JavaScript running on your device. The HTML, Word, and PDF files are built there too. Nothing is posted to a server, which is why the tool needs no account.

What formats can I download?

HTML, Word (.doc), and PDF, plus a plain-text copy. The HTML file keeps the cookie table as a real table, so you can paste it into a CMS page or hand it to a developer. The Word file is for a lawyer to mark up, and the PDF is for your records.

How do I find out which cookies my site actually sets?

Open your site in a private window, then open the browser developer tools and read the cookie list under the Application or Storage tab. Everything set before you touch the banner is being set without consent, which is the thing to check first. A free cookie scanner will also crawl the site and list what it finds, but the developer tools are enough for a small site, and they show you the truth rather than a cached scan.

Do I still need a consent banner if I publish a cookie policy?

Yes, if you set anything beyond strictly necessary cookies. The policy informs people; the banner is where they consent. Under the ePrivacy Directive the consent has to come before the cookie is set, so a banner that loads analytics while it waits for an answer does not comply. The banner also has to let someone refuse as easily as accept, which is why a single Accept button with the reject option buried in a settings screen keeps drawing fines.

What is the difference between a cookie policy and a privacy policy?

A cookie policy covers the specific technologies you store on a visitor's device and the consent behind them. A privacy policy covers all the personal data you handle, including data that has nothing to do with cookies, such as an order or a support ticket. Some sites publish the cookie section inside the privacy policy, which is allowed, but a separate page is easier for a banner to link to and easier to update when a tag changes.

Do you store what I enter into the form?

No. The document is assembled in your browser from the answers you type in, and nothing you enter is sent to or kept on a server. Copy or download the result before you close the tab, because reloading the page clears the form.

How is this different from a paid cookie policy generator?

Paid generators mostly gate the same templated clauses behind a subscription or a per-document fee. This one covers the same GDPR and CCPA disclosure points, has no sign-up, no watermark, and no limit on how many times you regenerate it, since the whole thing runs client-side with nothing to meter.
Scripts are blocked. This site won’t work properly. If you’re using Brave, click the Shields icon and turn off Block scripts. Otherwise disable your ad blocker for this site.