Free cookie policy generator
Tick the cookies you set and get a cookie policy with a real cookie table: name, provider, purpose, type, and duration. The wording follows the GDPR, the EU cookie law, and the CCPA. Download it as HTML, Word, or PDF. Everything is built on your device, so your site details never reach a server, and there is no sign-up.
Your details
Site
Regions you serve
Cookie categories you set
Third-party tools you run
Each tool you tick adds the cookies it actually sets to the table, with the durations its provider documents. Check them against your own site before you publish, because a tag manager or a plugin can change them.
Other cookies
Consent
Copied to clipboard
Cookie Policy
Draft template - not legal advice. Have qualified counsel review before publishing.
1. What cookies are
[Your site name] ("we", "us") uses cookies and similar technologies on [your-website.com]. This policy lists every one of them, says what it does, who receives the data, and how long it stays on your device.
A cookie is a small text file that a site asks your browser to store. It is read back on your next page or your next visit, which is how a site remembers that you are signed in, or that you have seen a notice already. We use the word "cookies" here for local storage, pixels, and SDKs as well, because the law treats anything that stores or reads information on your device the same way.
2. Cookies we set
The table below lists the cookies used on [your-website.com]. Third-party cookies are set by the provider named in the table, not by us, and that provider decides what it does with the data under its own policy.
| Cookie | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
session | [Your site name] | Keeps you signed in and holds your session while you move between pages | Strictly necessary | Session |
cookie_consent | [Your site name] | Stores which cookie categories you accepted, so the banner is not shown again | Strictly necessary | 12 months |
_ga | Distinguishes one visitor from another so visits can be counted | Analytics and performance | 2 years | |
_ga_<container-id> | Keeps the state of the current analytics session | Analytics and performance | 2 years |
3. The categories we use
The cookies above fall into these categories:
- Strictly necessary: Needed to run the site: signing you in, keeping your session, remembering what is in your basket, and blocking fraudulent requests. The site does not work without them, so they are set without asking.
- Analytics and performance: Count visits and show us which pages people read and where they give up, so we can fix what is slow or confusing. The reports are read in aggregate.
4. Your consent
Strictly necessary cookies are set as soon as you open the site, because it cannot run without them. Every other category, meaning the analytics and performance cookies, is set only after you accept it in our cookie banner. Nothing in those categories is loaded while the banner is waiting for your answer, and refusing is as easy as accepting.
Consent is per category, not all or nothing. Accepting analytics does not accept advertising, and you can change your mind later without any consequence for the parts of the site you use.
5. Withdrawing your consent
You can withdraw your consent at any time, and it has to be as easy to withdraw as it was to give. To do it, open the cookie settings from the link in the footer of every page and change what you accepted. The change takes effect straight away and we stop setting anything you turned off. Withdrawing does not make the processing we did beforehand unlawful, and it does not affect the strictly necessary cookies.
If you would rather write to us about it, email [[email protected]] and we will act on the request.
6. Managing cookies in your browser
Your browser can block cookies or delete the ones already stored, and every major browser has this in its privacy settings. Blocking strictly necessary cookies will break parts of the site, such as staying signed in, so most browsers let you block third-party cookies while leaving the site's own cookies alone.
- Chrome: Settings, then Privacy and security, then Third-party cookies.
- Safari: Settings, then Privacy.
- Firefox: Settings, then Privacy & Security.
- Edge: Settings, then Cookies and site permissions.
7. Your rights (GDPR)
The data a cookie collects about you is usually personal data, so the GDPR applies to it. If you are in the EU or the UK you can ask us for a copy of that data, ask us to correct or delete it, object to our use of it, or complain to your data protection authority. Email [[email protected]] and we will answer within one month.
Some of the providers named in the table are outside the EU and the UK, so data collected by their cookies may be transferred there. Where that happens we rely on an adequacy decision or on the European Commission's Standard Contractual Clauses.
8. California residents (CCPA/CPRA)
We do not set advertising cookies, so we do not sell or share personal information as the CCPA defines those terms. If you are a California resident you can still ask what personal information we hold about you and ask us to delete it, by emailing [[email protected]].
We honour the Global Privacy Control signal your browser can send, and we treat it as a valid opt-out request without asking you to confirm it. We will not deny you service, charge you a different price, or give you a worse experience because you opted out.
9. Changes to this cookie policy
We update this policy whenever a cookie is added, removed, or changed, which in practice means whenever we add or drop a tool. The effective date at the top tells you when the current version took effect. If a change means we need your consent for something new, we will ask for it before the cookie is set rather than afterwards.
10. Contact us
Questions about the cookies on [your-website.com], or about this policy, go to [[email protected]].
How the cookie policy generator works
Fill in the details
Your site name, URL, and contact email, then the cookie categories you set, the tools you run, and any cookie of your own you want listed.
Watch the table build
Tick Google Analytics and the rows for _ga arrive with the right purpose and duration. Say you serve California and the opt-out section arrives with them.
Download and publish
Take the policy as HTML for your site, Word for your lawyer, or PDF for your records. The table stays a real table in every format. Nothing you typed ever left your device.
Free, private, and aligned with the GDPR, the EU cookie law, and the CCPA
Most cookie policy generators push your site details through their servers, then paywall the download or leave a credit link in the footer of your own legal page. This one works differently, and the document it writes carries what GDPR Article 7, the ePrivacy Directive, and the CCPA expect a site to tell its visitors:
100% in your browser
The form, the table, and the HTML, Word, and PDF files are built by JavaScript on your device. Your site name, your email, and your cookie list are never uploaded.
A real cookie table, not a vague paragraph
Regulators ask for the cookie name, who sets it, what it does, and how long it lasts. A sentence saying "we use cookies to improve your experience" does not answer any of that. The table does.
The whole document, free
You get every clause and the full table, with no watermark, no account, and no credit link back to us.
What the generated cookie policy includes
- What a cookie is, in language a visitor can follow.
- A table of every cookie you set: name, provider, purpose, type, and duration.
- The categories you use, and what each one is for.
- Which cookies are set before consent, and which wait for it.
- How a visitor withdraws consent, and that it is as easy as giving it (GDPR Article 7(3)).
- How to block or clear cookies in Chrome, Safari, Firefox, and Edge.
- GDPR rights over the data a cookie collects, when you serve EU or UK visitors.
- The CCPA opt-out from sale or sharing, when you run advertising cookies and serve California.
- What happens when you add or remove a cookie, and how you are told.
Every document carries this line: "Draft template - not legal advice. Have qualified counsel review before publishing."
Which document do I need?
A cookie policy gets confused with a privacy policy constantly. They answer different questions, and most sites publish both.
Cookie policy
The specific cookies and trackers you store on a visitor's device, what each one does, how long it lasts, and how consent is given and taken back. This is the page your consent banner links to, and it is the document you are generating above.
ePrivacy Directive Art. 5(3), GDPR Art. 7
Privacy policy
All the personal data you handle, including data that has nothing to do with cookies: an order, a support ticket, a survey answer. Required as soon as you collect an email address.
Generate a privacy policyTerms and conditions
The contract between you and your users: what you promise, what they agree to, how accounts end, and who is liable when something goes wrong. Not a privacy document at all.
Generate terms and conditionsThe cookie policy is the one people skip, and it is the one a complaint tends to start with, because anyone can open the developer tools and compare your list against what your site actually sets.
Built for every kind of site
A blog with one analytics tag and a store with six ad pixels need the same disclosures written about very different stacks. The form scopes the policy to what you actually run. If you collect answers through forms, BlockSurvey handles that side with GDPR-ready surveys, where responses are encrypted before they reach a server.
E-commerce stores
List the Stripe fraud cookies you cannot avoid alongside the Meta Pixel you chose, and keep the two on the right side of the consent line.
SaaS and web apps
Name the session, analytics, and support cookies you set, which is one of the first things an enterprise buyer's security review asks you to produce.
Bloggers and creators
Publish the cookie list your ad network and affiliate programs check for, without paying a subscription for a page nobody clicks.
Agencies and freelancers
Audit a client's tags, draft the table in a few minutes, hand the Word file to their counsel, and publish the HTML once it comes back.
Startups
Ship a policy that matches your real stack on day one, then edit the table when you add a tag rather than a year later.
Marketing teams
Keep the policy in step with the tag manager, so the page your banner links to says the same thing your site does.
Collecting personal data through forms or surveys?
A cookie policy describes the trackers you set. BlockSurvey changes what a form can see in the first place: responses are encrypted on the respondent's device, so the server stores nothing readable. Collect with privacy-first, GDPR-ready surveys.
More free privacy tools
Browse all privacy toolsThese tools run in your browser because that is how we build everything. The same idea, applied to research: privacy-first surveys with end-to-end encryption.