How It Works

Compliant consent in one script tag

Watch what happens the moment a visitor lands on your site — from geo-lookup to fully gated analytics, all completing in under 200 milliseconds.

Scan Your SiteView Pricing

The Journey

Six stages, under 200ms

Every SmartConsent page load walks through the same pipeline — from geo-detection to script gating — before a single analytics pixel fires.

  1. 1

    Visitor lands

    The page loads with SmartConsent in the <head>. Tagged analytics and marketing scripts are inert until consent is decided.

    0ms
  2. 2

    Jurisdiction detected

    IP geolocation resolves the visitor's country. sessionStorage caches the result so repeat page loads skip the lookup.

    < 50ms
  3. 3

    Banner rendered

    The Consent Reasoner matches jurisdiction to regulations, resolves conflicts via strictest-wins, and paints the correct banner.

    < 100ms
  4. 4

    Consent captured

    Visitor accepts, rejects, or customises categories. The decision is stored in localStorage with a regulation-appropriate expiry.

    on click
  5. 5

    Scripts gated

    Accepted categories unblock instantly. Google Consent Mode v2 fires gtag consent update. Blocked scripts stay blocked forever.

    immediate
  6. 6Pro

    Proof logged

    A webhook posts signed proof-of-consent to your endpoint. The audit log satisfies GDPR Article 7 record-keeping requirements.

    < 500ms

Inside the Engine

Three subsystems, zero dependencies

SmartConsent is one IIFE bundle under 10KB. No React, no framework, no server component. Here's what actually runs.

2s timeout → fallback to strictest profile

Geo-IP Detection

Visitor country is resolved via a single ipapi.co call. Requests time out after 2 seconds and fall back to the strictest available profile, so a slow lookup never blocks the banner.

JavaScript
async function detectCountry() {
  const cached = sessionStorage.getItem('sc_country');
  if (cached) return cached;

  const controller = new AbortController();
  const timer = setTimeout(() => controller.abort(), 2000);

  try {
    const res = await fetch('https://ipapi.co/json/', {
      signal: controller.signal,
    });
    const { country_code } = await res.json();
    sessionStorage.setItem('sc_country', country_code);
    return country_code;
  } catch {
    return 'STRICT'; // apply most restrictive profile
  } finally {
    clearTimeout(timer);
  }
}
JSON-driven, not code-driven

Consent Reasoner

Regulations are JSON, not if-statements. Adding a new jurisdiction means adding a JSON file — no core code changes, no redeploy of the engine. When multiple regulations apply, strictest-wins resolves the conflict.

regulation.json
{
  "code": "GDPR",
  "applies_to": ["EEA"],
  "consent_model": "opt-in",
  "button_equality": true,
  "expiry_months": 12,
  "honours_gpc": false,
  "children_protection": true,
  "preference_center": "required",
  "granular_categories": [
    "necessary",
    "analytics",
    "marketing",
    "preferences"
  ]
}
Block-first + MutationObserver

Script Blocking

Tag any <script> with data-consent-category and SmartConsent handles the rest. Block-first: scripts never execute until their category is approved. A MutationObserver catches dynamically injected scripts too.

HTML
<!-- Blocked until "analytics" is consented to -->
<script
  type="text/plain"
  data-consent-category="analytics"
  src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXXXXX"
></script>

<!-- Runs immediately — "necessary" is always allowed -->
<script data-consent-category="necessary">
  console.log('Page view recorded');
</script>

What the Visitor Sees

A banner they can actually read

No dark patterns. No pre-ticked checkboxes. Reject is as prominent as Accept — because PECR requires it and visitors deserve it.

https://yoursite.com

We value your privacy

We use cookies to enhance your browsing experience, analyse traffic, and personalise content. You can accept all, reject non-essential, or customise which categories you allow.

Your choice is saved for 12 months. You can change it any time.

Equal-prominence buttons
Accept and Reject share the same visual weight — satisfying PECR, CNIL, and ICO guidance.
Granular preferences
Visitors can toggle Analytics, Marketing, and Preferences independently inside the preference center.
Persistent re-access
A small bottom-corner badge lets visitors reopen the preference center any time — no hunting through the footer.
Global Privacy Control
navigator.globalPrivacyControl is honoured automatically in CCPA, CPA, and CPDA jurisdictions.

How You Install

One line of config, three ways to ship

SmartConsent works the same whether you're on static HTML, a Next.js app, or plumbing it through Google Tag Manager. Copy, paste, deploy.

Paste into <head> before any analytics or marketing script. Works with WordPress, Shopify, Wix, and any static site.

HTML
<!-- SmartConsent -->
<script>
  window.smartConsentConfig = {
    version: 1,
    strictness: "auto",
    webhookUrl: "https://your-api.example.com/consent"
  };
</script>
<script
  src="https://cdn.smartgenie.co.uk/smartconsent.min.js"
  defer
></script>

See it running on your site

A free scan tells you which scripts need gating, which cookies need classifying, and which regulations apply to your visitors.

Scan Your SiteView Pricing