SmartConsent is live: GDPR + PECR cookie consent under 10KB, free forever
What we shipped
SmartConsent is a cookie consent manager that ships as a single self-hosted script. It runs in under 200ms, weighs under 10KB gzipped, and renders a compliant banner for whichever jurisdiction your visitor sits in — automatically.
The free tier is genuinely free. Unlimited domains. Eleven jurisdictions. No credit card, no trial, no expiry. The only condition is a small "Powered by SmartGenie" badge, which doubles as an SEO backlink and a signal to your visitors that the consent UI was built by a privacy-engineering team rather than retro-fitted on top of an analytics product.
If you'd rather skip the badge — and want geo-targeting, auto-translation, consent analytics, and a Record-of-Consent webhook — Pro is £9/month.
Why this is different
Most cookie consent products started life as either tracking-tag managers (CookieYes, Cookiebot) or as enterprise privacy suites that grew a banner module (OneTrust, TrustArc). SmartConsent started from the opposite end: regulation first, banner second.
The jurisdiction engine is a JSON file. Each entry encodes which categories require explicit opt-in, which can use legitimate interest, what the disclosure language must contain, and which enforcement body governs the territory. Today it covers:
| Region | Regulation | Consent Model | |--------|-----------|---------------| | EU/EEA | GDPR + ePrivacy | Opt-in (strict) | | UK | UK GDPR + PECR | Opt-in (strict) | | California | CCPA / CPRA | Opt-out (Do Not Sell) | | Virginia, Colorado, Connecticut, Utah | State-level privacy acts | Opt-out | | Brazil | LGPD | Opt-in | | India | DPDP Act 2023 | Opt-in | | South Africa | POPIA | Opt-in | | Canada | PIPEDA | Implied / opt-out |
Add a regulation by editing the JSON. No code change.
The 200ms budget
Cookie banners have an unfair reputation for being slow because most of them are slow. Here's how SmartConsent stays fast:
- No remote config fetch on every page load — config is bundled at build time
- Geo-IP lookup is single-shot — cached for the session
- Banner CSS is inlined, not external — no extra request for styles
- Script blocking uses
data-consent-categoryattributes — synchronous, no MutationObserver scan - No third-party fonts — uses your site's font stack
End to end: from visitor land to either a rendered banner or a fully gated analytics environment, under 200ms on a cold cache.
What's covered out of the box
- GDPR, PECR, CCPA, DPDP Act, LGPD, POPIA, PIPEDA, VCDPA, CPA, CTDPA, UCPA
- Geo-IP detection (server-side or via ipapi.co)
- Strictest-wins conflict resolution — applied automatically based on detected jurisdiction, no manual setting required
- GTM Consent Mode v2
- Script blocking via
data-consent-categoryattributes - Webhook for Record of Consent (Pro)
- Auto-translation of banner copy in the user's browser language (Pro)
Try it
The fastest path to seeing what SmartConsent makes of your site is the free scanner. Drop in a URL and you'll get a compliance score, the cookies and scripts it found, and a ready-to-paste configuration to fix what it flags.
If you'd rather read first: docs, pricing, or how it works.