Top Dollar Marketing

Free Cookie Policy Generator

List your cookie categories, name your third-party services, pick how you collect consent, and download a cookie policy you can publish at /cookies today. Upgrade to Documents Pro ($49 one-time) for full multi-jurisdiction coverage (GDPR + CCPA + ePrivacy), Spanish output, and DOCX + HTML.

Output language

Upgrade for Spanish →

Download

Upgrade to Pro for all formats → · DOCX + HTML + ES output + multi-jurisdiction

Templates only. Not legal advice. Have a licensed attorney review before relying on the document in production.

Why use this generator

  • Site running Google Analytics — needs a cookie policy to disclose analytics tracking before EU traffic hits.
  • Ecommerce store with Meta Pixel and Google Ads retargeting — needs explicit advertising-cookie disclosure.
  • B2B SaaS embedding LinkedIn Insight Tag and Intercom — both set cookies that must be named.
  • Content site with YouTube embeds — third-party cookies from the embed must be disclosed.
  • EU-facing product — needs the ePrivacy Directive language and an explicit-consent mechanism, not implicit.

How it works

  1. 1Fill in your business name, website URL, and a contact email for cookie inquiries.
  2. 2Tick the cookie categories you actually use. Be honest: 'strictly necessary' only is fine if true; analytics + advertising must be checked if you run them.
  3. 3Pick the specific third-party services you embed (Google Analytics, Meta Pixel, Stripe, Intercom, etc.). The chip selector covers the common ones.
  4. 4Choose how you collect consent: banner (most common), modal (more intrusive but stronger evidence of consent), or implicit (only legal outside the EU).
  5. 5Tick the jurisdictions that apply (GDPR for EU, CCPA for California, ePrivacy for the EU's stricter cookie rule). Free picks one; Pro covers all three in a single document.
  6. 6Download. Publish at /cookies and link from your cookie banner.

Frequently asked questions

Do I need a cookie policy if I only use 'strictly necessary' cookies?
Technically you can skip a separate policy and disclose strictly-necessary cookies in your privacy policy. In practice, having a one-page /cookies that says 'we only use session cookies, no tracking' is reassuring to users and zero extra work.
Is a cookie banner enough, or do I also need this policy?
Both. The banner asks for consent in real-time. The policy is the underlying contract that explains what cookies do and how to opt out. Banners link to policies; you need both.
GDPR vs ePrivacy — what's the difference?
GDPR governs personal data broadly; ePrivacy is the older EU directive that specifically requires opt-in consent before storing or accessing information on a user's device. In practice they overlap: GDPR sets the consent quality bar, ePrivacy applies it specifically to cookies. If you serve EU users, check both.
Does the CCPA classify analytics cookies as 'sale' of data?
Often, yes — especially anything that sends user identifiers to a third party (Google Analytics with default settings, Meta Pixel, Google Ads conversion). The CCPA's 'sale' and 'sharing' definitions are broad. Honor Global Privacy Control (GPC) signals and offer an opt-out link in your footer.
What about cookieless tracking?
Server-side analytics, first-party fingerprinting, and tools like Plausible (cookieless by default) avoid cookies but may still process personal data under GDPR. The cookie policy doesn't cover those — your privacy policy does. The cookie policy is specifically about device storage and tracking pixels.
Can I edit the policy later?
Yes. Free users come back and regenerate. Pro users get the Documents dashboard where past inputs are saved, so you can flip one toggle and re-export.