GDPR cookie consent — done right
Consentify enforces consent at the script level: third-party trackers never load until a visitor actively accepts. Audit logs, IP-hashed records, and a Data Processing Agreement included.
What is GDPR?
The General Data Protection Regulation (GDPR) is EU law that applies to any website collecting data from EU residents — regardless of where the site is hosted. For cookie consent it requires: prior, informed, freely given, and unambiguous consent before non-essential cookies or scripts run. Pre-ticked boxes, implied consent, and bundled consent are not legal.
How Consentify covers GDPR
Script-level enforcement
Integrations (analytics, pixels, marketing scripts) are never loaded until the visitor consents. No pre-load, no network call, no cookie — until explicit opt-in.
Timestamped audit logs
Every consent decision is stored with a timestamp, accepted/rejected categories, policy version, and a hashed IP (SHA-256 — raw IPs are never persisted).
Right to withdraw
Users can revoke or update their consent at any time via the revoke button you add to your site. Consentify re-opens the banner on click.
Data Processing Agreement
A DPA is available for all paid plans, covering the processing Consentify performs on your behalf as a data processor.
GDPR-deletable records
Every consent record has a unique delete token. Users can request deletion via the token, and the record is permanently removed.
Frequently asked questions
Does Consentify make my site fully GDPR compliant?
Consentify handles the consent mechanism — collecting, storing, and enforcing consent decisions. Full GDPR compliance also depends on your own data practices (retention policies, privacy policy content, data subject requests). Consentify gives you the consent infrastructure; your legal setup does the rest.
What counts as 'strictly necessary' and doesn't need consent?
Cookies or scripts essential to the service the user explicitly requested — keeping a user logged in, remembering a shopping cart, load balancing — are exempt. Analytics, advertising, and personalisation always require consent.
Do I need a cookie banner if I only use Google Analytics?
Yes. Google Analytics sets cookies that track behaviour across sessions and is not strictly necessary. Under GDPR it requires prior consent. Consentify blocks GA until the visitor accepts analytics.
Is IP hashing enough for GDPR compliance?
Hashed IPs are pseudonymous data under GDPR. Consentify stores a SHA-256 hash of the visitor IP to link a consent record to a request without storing personally identifiable information. This is a recognised privacy-by-design measure.
Add GDPR-compliant consent to your site
Free forever for one domain. No code required.
Get started free