Privacy policy
Generate a per-site privacy policy and embed it. Versioned, dashboard-managed.
What gets generated
The privacy policy generator produces a single, versioned HTML document per site covering the standard GDPR sections plus the equivalent CCPA / LGPD / APPI / PIPEDA disclosures where applicable:
Data controller | Legal entity, address, contact email, and DPO contact when provided. Pulled from workspace settings. |
Categories of data | Per consent category (NECESSARY, PREFERENCES, ANALYTICS, MARKETING, UNCLASSIFIED): purpose, legal basis, lawful interest justification, and retention. |
Cookies and trackers | The same cookies surface the Cookie Declaration renders, with provider, duration, and purpose. Inline or linked depending on your preference. |
Sub-processors | List of vendors classified by your scanner that fall under MARKETING or ANALYTICS, plus any sub-processors you add manually. |
Data subject rights | Access, rectification, erasure, restriction, portability, objection. Includes opt-out mechanisms (GPC, "Do Not Sell or Share"). |
Transfers + retention | EU / EEA transfer mechanism (SCCs, adequacy), retention period per category, deletion procedure. |
Disclaimer + change log | Standard "not legal advice" footer plus a version + last-updated stamp; previous versions are kept in the dashboard. |
Create one in the dashboard
Open /dashboard/sites/[siteId]/policies, fill in the workspace and policy fields (controller name, contact, applicable regimes, retention defaults), then click Generate. The dashboard previews the rendered policy. Iterate, then click Publish. Publishing increments the version and serves the new content from the CDN within seconds.
Embed it
Drop the snippet at the spot on your /privacy page where you want the policy body to render:
<script
async
data-cookielint-policy
src="https://cdn.cookielint.com/banner/policy.js"
data-site-id="cl_..."
></script>The bundle resolves the visitor's locale, fetches the current published version, and renders it as inline HTML. Same CSS-custom-property theming hooks as the banner and the declaration apply. See Theming.
Versioning
Every publish creates a new version. The number is visible in the dashboard policy editor and at the bottom of the rendered policy ("v3, last updated 2026-05-29"). Older versions stay archived; the embed bundle always serves the latest published version.
For audit trails, the version number is included in every consent receipt at the time of capture (see receipt shape), so regulators can reconstruct exactly which policy text the visitor saw when they consented.
Customising sections
The generator covers the structural sections that every GDPR-compliant policy needs. You can override the body of any section in the dashboard editor (Markdown) without losing the rest of the template. On the next publish the override is bundled into the new version.
For sections that are not in the template (an industry-specific disclosure, a jurisdiction the generator does not cover), use the Custom sections field. Custom sections render at the bottom of the policy.