Frequently asked questions

Count 2 to 5 minutes. Create a free account, add your domain, paste the <script> tag in the <head> of your site, the banner shows up immediately. No server install, no WordPress module required: ConsentLab works on any site that accepts a <script> tag.

No. If you can access the HTML header of your site (or a Tag Manager), you can install ConsentLab. WordPress has an official 1-click plugin. Shopify has a Theme App Extension. Custom sites: one line of code in the <head>.

No. Free plan signup needs no credit card. Email, password, domain — that's it. Stripe only kicks in if you decide (later, self-serve) to upgrade to a paid plan.

Yes, natively. The ConsentLab banner detects the visitor's browser language (or the language declared in <html lang>) and shows the matching texts. EN, FR, DE, ES, IT, NL and PT ship by default. You can add custom languages from the dashboard.

Yes, and it's quick. Install ConsentLab in parallel (both scripts can co-exist during transition), verify everything works on staging, then uninstall the previous tool. Past consents are not migrated (technically and legally impossible) — visitors will see the banner once.

The free plan is your sandbox. 5,000 free sessions per month let you test in real conditions with no time limit. If you want to see the banner without signing up, the public scanner on the homepage uses the live ConsentLab widget.

Yes, fully. CNIL requirements are: (1) active and free consent, (2) refusal as simple as acceptance (symmetrical refusal), (3) purpose-level granularity, (4) clear information before the choice, (5) 13-month max retention, (6) exportable proof. ConsentLab honors all six, on every plan including free.

The Refuse button has the same size, same font, same visual hierarchy as Accept. No primary-color Accept with a hidden grey-link Refuse — CNIL has explicitly fined this design. You cannot configure it otherwise; that's deliberate to protect you.

It's the timestamped and signed record of every user choice: when, what (accepted and refused purposes), with which version of your policy. In case of a CNIL audit or a GDPR article 7.1 request, you must produce this proof. ConsentLab generates it automatically and exports it as CSV on demand.

Yes. The entire ConsentLab infrastructure (database, storage, processing) runs on OVH servers in France (Strasbourg and Roubaix regions). No data transfer to the United States, no sub-processor outside the EU. The standard DPA is available on request for your GDPR records.

Not by default, because TCF is designed for high-volume publishers (press, media). For 95% of sites — SMBs, e-commerce, B2B — TCF adds complexity without value. If you genuinely need TCF (premium ad networks, real-time bidding), contact us: a TCF module is available on Business+ plans.

Yes, the standard ConsentLab DPA is available directly in your dashboard, in the Compliance section. Download, counter-sign if needed, archive in your GDPR records. For specific clauses (large enterprise, healthcare sector), contact us for a custom DPA.

Yes. The ConsentLab free plan gives 5,000 sessions per month and unlimited domains, forever, no credit card. No 14-day trial that flips paid — it's a real free product. You stay on it as long as your traffic allows.

Your banner keeps working — never cutting it off is a GDPR obligation we take seriously. You receive an email at 80% of quota and an upgrade proposal when you actually exceed it. If you don't react, we keep serving the banner and follow up — no cut-off.

A session = one unique visitor over a period = one consent. It's the real business unit of a CMP. Billing by page views inflates the volume artificially (a visitor browsing 10 pages would count 10 times). Competitors that do this know — it's deliberate to push the bill up.

No. Every paid plan is available monthly with no commitment (1-click cancel, access until end of paid period). You can also pick annual to save ~20% — in that case you pay the year upfront but get two months free.

From your billing dashboard, self-serve. Upgrade: the difference is prorated and billed immediately, the new tier applies right away. Downgrade: you keep the current tier until the end of the paid period, then auto-switch. No human intervention required on our side.

Credit card (Stripe) on every plan. SEPA bank transfer on Business and Agency plans (above €99/month) with annual billing. For public organizations and large accounts with PO/SAP processes, contact us: a dedicated billing onboarding is possible.

The cookie-cmp.min.js widget is under 30 kB gzipped. Served via our CDN (Cloudflare front, OVH France origin) with 24h cache. Async loading (defer): it never blocks your page render. Zero impact on Core Web Vitals — tested on PageSpeed Insights.

Yes, from the Pro plan. The API lets you (1) read consent status programmatically, (2) trigger the banner manually, (3) listen to consent events via callbacks, (4) integrate with your Tag Manager. Full docs at /docs.

Yes, on Business and Agency plans. Configure an HTTPS endpoint, we send an HMAC-signed POST on every event (consent given, modified, withdrawn). Ideal for syncing your CRM, your data warehouse, or your internal analytics tool.

Yes, perfectly. Either drop the ConsentLab script directly in the <head>, or fire it via GTM (Custom HTML Tag, All Pages trigger). ConsentLab then emits the Google Consent Mode v2 signals your GA4 / Google Ads tags expect — no extra GTM config.

Yes. The widget detects client-side route changes and doesn't need a server round-trip. For Next.js App Router, integrate it in the root layout via a Script tag with strategy="afterInteractive". For Nuxt, Astro, SvelteKit: same idea, root component integration.

Essential cookies (shopping cart, login session, CSRF security) don't require consent under GDPR article 6.1.f (legitimate interest). They are automatically classified as essential by ConsentLab and never blocked. Visitors cannot refuse them because they are necessary to the site's operation.