Do I legally need a cookie policy?

If your site uses non-essential cookies and you have visitors in the UK or EU, the UK PECR and EU ePrivacy rules require you to tell users what cookies you set and obtain consent for non-essential ones. A clear cookie policy plus a consent banner is the standard way to meet that obligation.

Is a generated policy enough on its own?

The policy explains your cookies, but you still need a working consent mechanism: a banner that blocks non-essential cookies until the user agrees, and a way to withdraw consent. The policy and the banner work together.

What counts as a strictly necessary cookie?

Cookies essential to deliver a service the user explicitly requested — session management, load balancing, security tokens, and shopping-cart state. These do not require consent, but you should still list them for transparency.

How often should I update it?

Review it whenever you add or remove a tracking tool, change analytics providers, or alter retention. Many teams re-check quarterly. List concrete cookie names and durations so the policy stays auditable.

Does my information leave the browser?

No. The policy is assembled entirely client-side from your answers. Nothing is uploaded or stored — you copy the finished HTML or Markdown yourself.

Cookie Policy Generator

Under the UK Privacy and Electronic Communications Regulations (PECR) and the EU ePrivacy Directive, any site that sets non-essential cookies must tell visitors what those cookies do and obtain consent. This generator produces a structured, transparent cookie policy from a short questionnaire about the cookies you actually use, so a small business or indie developer can ship a baseline-compliant page quickly. It does not replace a consent banner — it is the document the banner links to.

How it works

The tool maps your answers onto the standard sections of a cookie policy:

What cookies are — a plain-language explanation for visitors.
Categories you use — only the categories you tick are included, each with its purpose: strictly necessary, preferences/functional, analytics/performance, and marketing/advertising.
Third parties — the named services you list (e.g. Google Analytics, Meta Pixel, Hotjar) are surfaced so users know who receives data.
Managing cookies — how to change consent and control cookies in the browser.
Contact — your email for cookie questions.

It assembles these into clean HTML or Markdown entirely in your browser.

Tips and notes

For accuracy, audit your site’s actual cookies first — open your browser dev tools, load your site, and note every cookie name, its purpose, and its expiry. Strictly necessary cookies do not need consent but should still be listed. Everything else (analytics and marketing) must be blocked until the user opts in via your banner. Keep the policy and your consent tool in sync: if you add a new tracker, update both. This generator gives you a solid starting document, not bespoke legal advice for a high-risk or regulated business.

Cookie Policy Generator

A baseline cookie policy without the lawyer fees

How it works

Tips and notes