A cookie policy without the lawyer bill
You launched a site last week, dropped a Google Analytics snippet in, and then realized the consent banner links to a /cookie-policy page that doesn’t exist yet. Sound familiar? Writing that page from scratch is tedious, and copy-pasting someone else’s leaves stale references to tools you don’t even use.
Fill in four fields. Tick the cookie types and the services you actually run. The policy assembles itself as you type, in plain language a visitor can read without a law degree.
What goes into the document
The output follows the structure regulators and users expect, in order:
- A short intro naming your company and your URL, plus a “Last updated” date that’s set to today automatically.
- A plain-English explanation of what cookies are, including local storage and pixels.
- A breakdown of the categories you selected: essential, preferences, analytics, and marketing. Each one gets a paragraph describing what it does and whether it needs consent.
- A third-party services list. Pick Google Analytics, Meta Pixel, Stripe, Hotjar, and a handful of others. Each entry links to that provider’s own privacy policy, because you can’t speak for how they handle data.
- Sections on managing choices, future changes, and a contact line pointing back to the email you entered.
Toggle marketing off and the consent wording adjusts. Select only essential cookies and the policy says there’s nothing to opt out of, instead of pretending you run an ad network you don’t.
How to use it
Type your website name, URL, company or owner name, and a contact email into the form on the left. Check the cookie categories your site uses. Most sites need essential plus analytics. If you serve retargeting ads, add marketing.
Then pick your third-party tools. Running GA4 through Tag Manager and taking card payments? Check Google Analytics, Google Tag Manager, and Stripe. The right side rebuilds instantly. When it reads the way you want, hit Copy, or download it as a .txt or a Markdown file to drop straight into your repo or CMS.
Want to see a finished example first? Click Sample and it loads a fictional coffee roaster with a realistic mix of tools.
A note on what this is and isn’t
This is a starting template, not legal advice. It covers the common ground for GDPR, the ePrivacy Directive, and CCPA-style disclosures, but it can’t know the specifics of your data flows. If you handle health data, target children, or operate in a tightly regulated industry, have a professional review the final text.
The tool also assumes you’ve got a working consent mechanism. A policy that promises a banner you never built is worse than no policy. Pair this with an actual cookie consent setup before you publish.
Everything happens in your browser. The site name, email, and choices you enter never get sent anywhere, so you can draft policies for client projects without leaking their details to a server.
Common questions
Is this enough to be GDPR compliant? It’s a solid disclosure document, which is one piece. Compliance also needs a real consent banner, a lawful basis for processing, and a broader privacy policy. The text here covers the cookie-specific part.
Can I add a service that isn’t in the list? Not from the toggles, but the output is plain text. Copy it, then paste an extra bullet into the third-party section with that provider’s name and privacy URL.
Does it work for a Shopify or WordPress site? Yep. The policy is platform-neutral. Generate the text, then paste it into a page or a legal-pages plugin.
Why does the date say today? The “Last updated” line pulls the current date so your published version looks current. Edit it later whenever you revise the policy.
Can I generate one in another language? The output is English only. Run it through a translator for a rough draft, but get a native check before publishing a localized legal page.