FewCookies puts your whole compliance footer behind one scan and one script: it finds the cookies and trackers on your site, classifies them, shows a GDPR-ready consent banner, generates and hosts your cookie, privacy and terms documents, and records proof that your visitors consented.
This guide walks through everything you can do, in the order you will usually do it. The short version:
- Create your account and verify your email.
- Add your website and run your first scan.
- Review the cookies we found and how they are classified.
- Copy the one-line snippet to show your consent banner.
- Generate your legal documents and, optionally, display the compliance badge.
Getting started: account, sign-in & security
FewCookies signs you in with a secure server-side session that stays valid for up to seven days. You can use a regular email and password, or your Google account. Every new account starts on a 7-day Pro trial that needs no credit card, so you get the full product from day one. Right after you sign up we take you to a short guided setup that helps you add your first website and go live; from then on your dashboard is home base for scanning sites and generating cookie policies.
Create your account
- Go to the register page and enter your email and a password. Your password must be at least 8 characters and include an uppercase letter, a lowercase letter, and a number.
- Submit the form. If the email is already registered you will see a clear message; otherwise your account is created with a 7-day Pro trial (no card needed) and you are signed in immediately.
- We send you a welcome email and a separate verification email. Open the verification link to confirm your address.
Verifying your email is required before you can add sites, run scans, or view compliance pages. Until you verify, your dashboard shows a banner with a Resend button, and account areas (dashboard, settings, billing) stay fully usable so you can complete verification.
Sign in with Google
On the login page choose Continue with Google. We handle the whole Google handshake on the server, so no Google tokens ever reach your browser. If you sign up through Google and Google has already verified that email, your FewCookies account is created already verified — you can start right away. For your safety, a Google account whose email Google has not verified cannot be used to create or take over a FewCookies account.
Already have a password account? Open Settings and connect Google there, so you can use either method to sign in.
Your guided setup
Instead of dropping you on an empty dashboard, FewCookies opens a short guided setup the first time you sign in. It walks you through the four steps that get a working banner live: confirm your email, add your first website, paste the one-line snippet (with a one-click Verify installation check), and run your first scan. You can skip it at any time and finish later — the same checklist also lives on your dashboard and ticks itself off as you complete each step, so you always know what is left before you go live.
Verify your email
Click the link in the verification email. The link works whether or not you are currently signed in and stays valid for 24 hours. After verifying, the full product becomes available. Each verification link is one-time use; if it expired, use the Resend button on your dashboard to get a fresh one.
Reset a forgotten password
- On the login page click Forgot password and enter your email.
- You will always see the same confirmation message, whether or not the address is registered — this is intentional and protects your privacy.
- If you have an account, open the reset link (valid for 1 hour), choose a new password, and confirm it.
- After resetting you are sent to the login page, and any other devices that were signed in are logged out the next time they act.
Manage your account
In Settings you can change your email, set or change your password, connect or disconnect Google, and delete your account. Changing your email signs that address out of "verified" status and sends a new verification email. You cannot disconnect Google unless you have a password set, so you are never left without a way to sign in.
Deleting your account is permanent. It immediately signs you out and erases your sites, scans, consent records, reports, and billing rows. We keep an anonymized system audit trail with your personal reference removed.
Email delivery (welcome, verification, reset) is processed in the background. In a local or test setup without a mail provider configured, the verification and reset links are written to the server log instead of being emailed, so the flows remain testable.
Adding & managing your websites
A site is one website you manage with FewCookies. Everything else — scans, the consent banner, hosted legal documents, reports — hangs off a site. You can add a site as soon as your email is verified.
Add a website
- Open Sites and click Add site (or go to
/sites/create). - Enter the website address (it must start with
http://orhttps://) and a friendly name. - Save. The site is created instantly and you land on its detail page.
Each site is issued a unique public API key in the form cg_…. This key powers your embed snippet, your hosted policy links, and the widget configuration — it is meant to be public (it sits in your page source), so there is no secret to protect here. The key is fixed for the life of the site and is not rotatable from the dashboard.
How many sites can I add?
Your plan sets the limit. Every account is on Pro — free during the 7-day trial, then €6/month (or a €3 one-year invite) to keep it:
| Plan | Sites |
|---|---|
| Pro (including the free trial) | 5 |
| Business (coming soon) | Unlimited |
If you are at your limit, the Add site action is blocked and you are returned to the list with an upgrade prompt. Deleting a site frees a slot. If your trial ends before you upgrade, the dashboard becomes read-only, so adding a site pauses until you upgrade — but your existing sites and their live banners keep working untouched.
Customise the consent banner
Open Configure on any site to tailor the banner without touching code: position, theme, colours, button text, language, and your privacy-policy link. A live preview shows your changes as you make them.
- Adjust the appearance and copy on
/sites/:id/config. - Save. FewCookies bumps an internal config version so every embedded banner picks up your changes the next time it loads.
The preview is a faithful mock-up inside the dashboard. The real banner on your live site refreshes automatically shortly after you save — there is nothing to re-paste.
Embed the snippet
On a site's detail or configuration page you can copy a one-line <script> snippet. Paste it into your site's HTML (ideally in the <head>) once, and the banner loads on every page using your saved configuration. See The consent banner & embed script for what the banner does for your visitors.
Edit or remove a site
You can rename a site or change its URL at any time. Deleting a site is a soft delete: the site disappears from your dashboard and its banner, hosted policies, and widget configuration immediately stop responding, so the script on your page goes quiet. Only the site's owner can view, edit, configure, or delete it.
Scanning your site for cookies and trackers
A scan is how FewCookies discovers what your website actually loads in a real browser: cookies, tracking pixels, third-party scripts, your consent banner, fingerprinting attempts, performance and basic security. Everything reported is observed by a headless browser visiting your pages, not guessed from your URL.
Starting a scan
- Open one of your sites and click the scan or re-scan button.
- You are taken to a live scan page showing a status (pending, running, completed or failed), a running timer, and a count of pages scanned so far.
- The page refreshes itself every couple of seconds, so you can watch the page count climb. When the scan finishes the results appear in place.
If a scan is already running for the same site, clicking again just opens that in-flight scan instead of starting a second one. You can trigger at most 10 scans per site per hour.
What the scanner looks at
Starting from your home page, the crawler follows internal links and inspects each page for cookies (HTTP and JavaScript), local and session storage, third-party requests, tracking pixels and beacons (Meta, Google, Hotjar, TikTok and more), fingerprinting behaviour, and known consent platforms (OneTrust, Cookiebot, Usercentrics, Didomi, the IAB TCF API and others). On the home page it runs a before-and-after consent check: it records what loads with no interaction, clicks accept-all, then records again, revealing trackers that fired before you could consent. It also measures Core Web Vitals, HTTPS and security headers, and SEO signals (titles, meta descriptions, headings, canonical, robots.txt and sitemap).
How many pages get scanned
| Plan | Pages per scan (upper bound) |
|---|---|
| Pro (including the free trial) | 20 |
| Business (coming soon) | 50 |
These are ceilings, not targets. A cookie audit samples your site to find distinct trackers, so the crawl often stops early once new pages stop revealing anything new.
Your results and score
When the scan completes you see Core Web Vitals, whether a consent banner was detected, the before-and-after consent breakdown, and a categorised cookie table (necessary, functional, analytics, marketing). Each scan also produces a single 0-100 Compliance and Quality Score from four real pillars: cookie compliance, SEO, security and performance, weighted 40, 30, 20 and 10. Any pillar a scan could not measure is left out and the score is recalculated over the rest, so it is never padded with fabricated data.
Cookies are auto-classified from a known-cookie database and heuristics. An AI classification fallback is planned but not yet active, so some cookies show their best heuristic guess.
When a scan cannot finish
Before launching the browser, FewCookies refuses to scan private or internal addresses for security reasons. If a scan fails you see a plain-language reason and usually a Retry button. Common reasons: the site could not be reached, the URL was blocked, the scan timed out, or the scanner browser is not installed (the one case retrying will not fix). Very large sites may hit a time budget and return a partial result, flagged clearly so you know the cookie list and generated policy may not cover every page.
A scan visits your real site with a real browser and clicks the accept button on your consent banner. Run it against a site you own.
How your cookies are classified
When you run a scan, FewCookies crawls your site, records every cookie that gets set, and then sorts each one into a category so your cookie policy can describe its purpose. Classification happens automatically as part of the scan — you do not configure anything. Every cookie ends up in one of four categories: necessary, functional, analytics, or marketing.
The steps we run for every cookie
We try each method in order and stop at the first confident answer. Earlier methods are more reliable, so each result carries a confidence score you can see in your scan detail.
- Known-cookie database (exact match). We compare the cookie name and domain against our built-in library of over 1,300 well-known cookies. An exact name match scores highest (0.95). This is how common cookies like Google Analytics, the Facebook Pixel, session cookies, and consent cookies get a precise provider name and a ready-written bilingual (Romanian and English) description.
- Known-cookie database (pattern match). If there is no exact hit, we match name patterns such as cookies that all start with the same prefix (0.90).
- Name-pattern heuristics. A second set of built-in patterns catches families like everything starting with
_ga,_fbp, or_hj(0.85). - Tracker-domain match. If the cookie belongs to a known advertising, analytics, or social domain, we classify by that domain (0.80).
- Script-source match. We look at which script set the cookie — for example a Google Tag Manager or Facebook script (0.75).
- Duration guess. Very short-lived or session cookies are treated as functional; cookies living longer than a year lean analytics (0.60).
- Value-shape guess. Random IDs and long hex strings look like analytics; simple true/false or numeric values look like functional (0.50).
If nothing matches, the cookie is marked unclassified with a confidence of 0 and a generic placeholder, so you can review it manually.
Descriptions in your policy
Cookies matched from the known database come with a specific, human-written description in both Romanian and English. Cookies that only match a heuristic get a generic, category-appropriate sentence instead — accurate enough for a policy, but less specific. You should expect named, detailed entries for popular trackers and shorter generic lines for the long tail.
Classification is the same on every plan. There is no premium tier that classifies cookies differently — the difference between plans is in scan frequency, page limits, and reporting, not in how a cookie is categorized.
Classification is rules-based, not AI-powered. There is no live machine-learning step today, so an unusual or brand-new cookie may land in unclassified or fall back to a duration or value guess. Always review low-confidence and unclassified cookies before publishing your policy, and treat the assigned category as a strong starting point rather than legal advice.
Re-running a scan after we expand the built-in database can upgrade a previously generic or unclassified cookie to a precise, named entry — so it is worth rescanning periodically.
The consent banner & embed script
FewCookies turns your site's cookie compliance into a single script tag. You add one line of HTML, and the widget shows a consent banner, blocks tracking scripts until the visitor agrees, talks to Google Consent Mode v2, and records each choice as signed proof you can export later.
Installing the widget
Open your site in the dashboard and copy the embed snippet from the site page or the Banner customization page. It looks like this:
<script id="cookieguard-script" src="https://your-host/widget.js" data-api-key="cg_..." data-blocking-mode="auto"></script>
- Paste the snippet into your site's
<head>, as high up as possible. - Keep it synchronous — do not add
asyncordefer. In auto mode the widget must run before any tracker to block it in time. - On WordPress, download the FewCookies plugin instead, install it via Plugins → Add New → Upload Plugin, activate it, then go to Settings → FewCookies, paste your
cg_key, tick Enable widget, and save. The plugin prints the same tag for you — no theme editing needed.
The data-api-base is optional — the widget derives the API host from its own script src, so the plugin only needs your host and key.
How blocking works
In automatic mode the widget intercepts dynamically created scripts, tracker iframes (YouTube, Facebook embeds), resource-hint links, and fetch/XHR/Image/sendBeacon calls. It matches each against a built-in list of around 200 known tracker domains plus a few inline-snippet signatures, and blocks anything in the analytics, marketing, or functional categories until consent. Necessary cookies are always allowed.
Inline tracking snippets that the HTML parser runs immediately cannot be un-run — the widget neutralises the node so it will not re-fire and so any external resources it injects are still caught, but the very first synchronous execution can slip through. Use manual mode (type="text/plain" data-cookieguard="analytics") for full control over a specific script.
Choose manual mode if you would rather tag the scripts you want gated yourself and leave everything else untouched.
What the visitor sees
The banner appears on first visit (and again whenever you publish config changes, which bumps the version). Visitors can Accept all, Reject all, or open Customize to toggle categories. Their choice is stored in a first-party cookie for 12 months, Google Consent Mode is updated, and newly allowed scripts are released immediately. You can re-open the banner from your own page by calling window.CookieGuard.show(), or clear consent with window.CookieGuard.revokeAll().
Proof of consent & the badge
Every choice is sent to FewCookies and stored with a salted IP hash (never the raw IP), the user agent, the country, and the action. From your site page you can export the full history as JSON or CSV. Each record carries an HMAC-SHA256 signature so an altered row is detectable — this is your GDPR Article 7 evidence that consent was given and, on withdrawal, revoked. You can also embed a compliance badge via /badge.svg, /badge.html, or /badge.json to display a public score.
The widget config response includes a geo / "GDPR applies" hint resolved from the visitor's country, but in the current build the banner does not change behaviour based on it — blocking is deny-by-default for everyone regardless of region. Per-site, scan-discovered tracker domains are also not yet wired into the blocker, so blocking relies on the built-in domain list.
Install with AI assistants (Claude Code, Cursor, Codex)
You do not have to wire the snippet by hand. If you build with an AI coding assistant — Claude Code, Cursor, Codex, Copilot, Windsurf or similar — FewCookies writes the integration prompt for you. Every site page in the dashboard has an Install with AI card: pick your tech stack, copy the generated prompt, paste it into your agent, and it installs the banner, links your hosted legal pages, and verifies the result.
How to use it
- Open your site in the dashboard and find the Install with AI card, right under the embed snippet.
- Choose your stack from the list. The prompt adapts to it — which file the tag goes in and the framework-specific pitfalls to avoid.
- Copy the prompt. It already contains your real API key, the exact widget script tag, and the URLs of the legal documents you have generated.
- Paste it into your AI coding tool inside your project and let it work.
- The prompt ends with a verification checklist, so the agent confirms the banner actually shows and no tracker fires before consent.
Supported stacks
Next.js (App Router and Pages Router), React / Vue / Svelte on Vite, Nuxt, Astro, SvelteKit, TanStack Start, Remix / React Router v7, Laravel (Blade), WordPress, Shopify, Django, Ruby on Rails, and plain HTML / PHP. If your stack is not listed, pick Plain HTML / PHP — the rules are universal; only the file the tag goes in differs.
What the prompt instructs the agent to do
- Insert the exact
<script>tag synchronously in the<head>— in the right file for your stack — before any analytics or marketing tags, with noasyncordefer. - Add footer links to your hosted cookie policy, privacy policy and terms (only the documents that already exist).
- Convert inline tracking snippets to the widget's manual mode (
type="text/plain" data-cookieguard="…") so nothing fires before consent. - Verify: the tag is in the raw HTML, the banner appears,
window.CookieGuardexists, and no tracker requests precede consent.
Example (shortened)
You are working in my Next.js (App Router) project. Integrate the
FewCookies cookie-consent widget and link my hosted legal pages.
## 1. Add the consent widget
Insert this exact script tag — do not change any attribute:
<script id="cookieguard-script" src="https://fewcookies.com/widget.js"
data-api-key="cg_YOUR_KEY" data-blocking-mode="auto"></script>
Where: the <head> of the root layout (app/layout.tsx) …
## 2. Link the legal pages in the footer
- Cookie policy: https://fewcookies.com/p/cg_YOUR_KEY/cookies
…
## 4. Verify
- The tag is present in the raw HTML <head> …
- The consent banner appears on first visit …
The prompt is always generated in English, even when your dashboard is set to Romanian — coding agents follow English instructions most reliably. Review the diff your agent produces before committing, as you would with any generated change.
Prefer doing it by hand? The one-line snippet and step-by-step instructions are in The consent banner & embed script above.
Legal documents & hosted policies
FewCookies turns your site's legal identity plus its latest scan into three ready-to-publish documents: a cookie policy, a privacy policy, and terms & conditions. You fill in your details once, and the documents are built, versioned, and hosted for you.
Step 1: Enter your legal details
Open a site, then go to Legal details (the ID-card tile in the Compliance section, or the /sites/<id>/legal page). You fill in:
- Company name, CUI (VAT/tax code) and Reg. Com. (trade-register) number
- Registered address, contact email and phone
- An optional DPO (data protection officer) email
- Optional ANPC dispute-resolution links (SOL/online and SAL/alternative)
Every field is optional. You can save a partial profile and come back later — the documents simply omit whatever you leave blank, and fall back to your site's operator name and email when company details are missing.
Step 2: Save — documents regenerate immediately
- Press Save. Your details are validated (emails must be valid, the ANPC fields must be real http/https URLs) and stored.
- The privacy policy and terms are rebuilt on the spot, folding in your new details.
- The cookie policy is rebuilt whenever a scan completes — it lists the actual cookies the scanner found, grouped by category, with provider, duration and purpose.
Each rebuild increases that document's version number and saves a permanent, read-only snapshot. This history is your proof-of-compliance trail: it records exactly what you published, in which language, and when.
Step 3: Link the hosted pages
Your documents are served at public, anonymous URLs you can link from your own footer or consent banner:
/p/<your-api-key>/cookies/p/<your-api-key>/privacy/p/<your-api-key>/terms
The full URLs are shown on your site's overview page. These pages are styled standalone HTML, cached for five minutes, and designed to be embedded in an iframe. Add ?lang=ro or ?lang=en to request a language.
A document only appears at its URL after it has been generated. The cookie policy needs at least one completed scan; the privacy policy and terms appear once you save your legal details. Until then the page returns a plain "Policy not found" message.
What language you get
Documents are generated in your site's configured language (Romanian by default, English supported). Only that one language is built and stored at a time — switching languages and regenerating produces the other version. The terms template is Romanian e-commerce oriented and references ANPC and the EU ODR platform.
The read-only compliance views
Alongside the documents you get three review screens driven by your real scan data, not guesses:
- Audit — a health score and per-category findings.
- Dark patterns — consent-banner problems the scanner actually observed (missing reject button, pre-ticked boxes, cookies set before consent), each with a concrete legal reference and a 0–100 score.
- Remediation — step-by-step fixes tailored to your detected platform (WordPress, Shopify, or custom).
All generation here is deterministic and template-based — there is no AI writing your legal text. Treat the output as a strong, scan-grounded starting point and have it reviewed before relying on it.
Dashboard, reports, competitors & Copilot
After you sign in and verify your email, the dashboard is your home base. It pulls together everything FewCookies has measured about your sites so you can see, at a glance, how your consent banner is performing and where your compliance stands.
The overview
Opening /dashboard shows every site you own, each with its own consent activity over the last 30 days. For each site you get a daily trend line (accept-all, reject-all, and custom choices), an action breakdown, and per-category accepted counts for the four cookie categories (necessary, functional, analytics, marketing). These numbers come straight from real visitor consents recorded by your banner. A brand-new site with no traffic yet simply shows zeros.
Monthly compliance reports
Open a site and go to its Reports page to read its monthly compliance reports, newest first. The page selects the latest completed report and renders its stored content: a health-score trend, consent accept/reject rates by month, score deltas versus the previous period, top issues, a compliance checklist, and suggested next steps.
Reports are generated automatically on the 1st of each month for the month that just ended. You do not trigger them yourself, and the page is read-only. Every figure is built from data FewCookies actually measured; anything never measured is shown as empty rather than invented. A report can show a status of generating or failed if its background job is still running or hit an error.
Competitor comparison
On a site's Competitors page you can add up to three competitor URLs and compare them side by side against your own site across cookies (by category), trackers, analytics and advertising tools, plus SEO and performance scores. Your own column is derived from your site's most recent completed scan, so it stays empty until you have run at least one scan.
- Enter a competitor URL and submit.
- The scan runs in the background; you will see a confirmation that it has started.
- Once it finishes, the competitor appears as a new comparison row.
Duplicate URLs and going over the three-competitor limit are rejected with an inline message. Competitor scans are rate-limited and crawl only a handful of pages, so results focus on the distinct trackers a site exposes rather than a full mirror.
Lighthouse deep audit (Business only)
The on-demand Lighthouse deep audit is reserved for the upcoming Business plan. Since every account today is on Pro, you currently see an upgrade prompt where the audit would run; it unlocks when Business launches. When it is enabled, triggering it launches a real headless Chrome and runs a full Lighthouse pass on your homepage, returning performance, SEO, best-practices and accessibility scores plus headline lab metrics (LCP, FCP, CLS, and more).
- Click to run the audit; you land on a result page that polls live while it works.
- Re-triggering while one is already in flight just takes you to the running audit instead of starting a second one.
- If the audit fails (timeout, unreachable URL, or no browser available), the page tells you why so you can retry.
Polling stops on its own after about six minutes, so a stuck worker will not spin the page forever. The audit is heavily rate-limited per site.
Compliance Copilot
The Compliance Copilot Q&A is currently not available in the app. The feature has been postponed: there is no page or working endpoint for it yet. The groundwork exists internally (including monthly question limits of 50 on Pro and unlimited on the upcoming Business plan), and the answer engine is a placeholder that returns pre-written guidance rather than a live AI model. Treat Copilot as coming-soon, not a feature you can use today.
Free public tools (instant scan, benchmark & badge)
FewCookies gives you a handful of tools you can use without an account, an API key, or even logging in. They all run anonymously and are rate-limited per IP address to keep them free for everyone.
The instant cookie check
Go to /check, type any website address, and press the button. You can also deep-link a result by opening /check?url=https://example.com — the scan starts automatically. Behind the scenes the page calls POST /api/v1/check, which fetches your site once from the server and reports what a single page response reveals.
You will see a health score out of 100, a risk level, the cookies that were set, any third-party trackers, whether a consent banner and a cookie-policy link were found (and the name of the consent tool, like OneTrust, when it can be identified), and a list of prioritised issues with recommendations. If your site has a critical problem — for example, non-essential cookies set with no consent banner — the score is forced into the red and never shows green.
This is a surface scan: one server-side fetch reading response headers and HTML. It does not run a full browser, so it sees less than the in-app audit. If a site genuinely cannot be reached, you will get a clearly labelled demo result instead of an error, so the page always shows something.
The check is limited to 5 scans per hour from the same IP address. If you hit that limit you will see a rate-limit message; wait and try again later, or create an account for full audits. Results are cached for about 10 minutes, so re-checking the same URL returns the same answer quickly.
The compliance badge
On /badge, enter your site address to generate a copy-paste embed snippet. You can embed the badge three ways: an SVG image (/badge.svg?url=...), an HTML chip in an iframe (/badge.html?url=...), or a Markdown link. There is also a raw JSON endpoint (/badge.json?url=...) if you want the numbers. The badge shows a score out of 100 and a label such as GDPR Compliant or GDPR Needs Attention, colour-coded, and links visitors back to a live check of your site.
The badge reuses a recent instant-check result when one is cached; otherwise it makes a quick lightweight request and estimates a score from HTTPS and a couple of security headers. It is meant as a public trust signal, not a legal certification. Badge responses are cached for about 10 minutes and the endpoints are deliberately embeddable on any domain.
The competitive benchmark
There is also a benchmark capability that compares your site against up to three competitors across compliance, security and SEO, scoring each from a single fetch. It is available as an API (POST /api/v1/benchmark) and is fully working server-side, but there is currently no public page in the site that drives it, so most users will not encounter it yet.
The waitlist
Before launch, the homepage shows a waitlist form. Enter your email and you are added to the list; submitting the same address twice is harmless and simply confirms you are in. You will see a success message once you join.
What is free versus paid
Everything on this page is free and requires no account. The catch is depth and rate limits: the instant check is a one-page surface scan capped at 5 runs per hour, whereas a registered account — which starts with a free 7-day Pro trial, no card required — unlocks the full browser-based audit, ongoing monitoring, the hosted consent banner and generated legal documents. The buttons throughout these tools nudge you toward registering when you need more than a quick look.
All of these tools refuse private, local, or internal addresses — they only scan publicly reachable http(s) sites — so you cannot point them at an intranet or a localhost address.
Plans & billing
FewCookies is built around a single paid plan — Pro — with a generous free trial and a second tier on the way. Every new account starts on a 7-day Pro trial that needs no credit card: you get the full product from day one and only decide whether to pay once you have seen the value.
The plans
| Feature | Pro | Business |
|---|---|---|
| Sites | 5 | Unlimited |
| Pages crawled per scan | 20 | 50 |
| Custom-branded banner (logo, colours, no “powered by”) | Included | Included |
| Lighthouse deep performance audit | — | Included |
| Price | €6/mo (launch price, normally €9) | Coming soon |
The cookie scanner, consent banner with Google Consent Mode v2, cookie classification, generated legal documents, hosted policy pages, the compliance badge, dark-pattern detection, consent logging and export are all part of Pro — which is exactly what your free trial unlocks. Business (unlimited sites, the Lighthouse deep audit, white-label reports) is not purchasable yet; you can ask to be notified from the pricing page.
There is no longer a permanent Free plan. Instead everyone gets the full Pro experience free for 7 days, then chooses how to continue.
How to pay
When you are ready to keep Pro, open Billing and choose one of two options:
- Monthly subscription — €6/month. A launch price (normally €9), shown with the old price struck through. Click Upgrade and you are taken to Stripe's secure checkout; when you return, your account is Pro. Prices are tax-inclusive — you always pay exactly €6, with any VAT worked out and included automatically for your country.
- One year for €3 — invite only. A one-time payment that gives a full year of Pro. The €3 button stays disabled until you enter a valid invite code on the billing page. We hand these codes out individually; redeem yours, then complete the one-time checkout.
Card details, receipts and cancellations are handled by Stripe. Once you are a paying subscriber, a Manage billing button opens the Stripe customer portal, where you can update your card, download invoices, or cancel anytime.
What the billing page shows
Open Billing to see, in one place:
- your current access state — how many trial days are left, that you are subscribed, that you hold a one-year pass until a given date, or that your trial has ended;
- your subscription status, price and billing period once you are paying;
- your invoice history, with amounts shown in euros;
- the invite-code box and the €6 / €3 upgrade buttons.
Before you have paid, the page shows your trial countdown (or, once it lapses, an upgrade wall) and no invoices yet. It is where every billing action lives.
When the trial ends without upgrading
Nothing breaks for your visitors. Your live consent banner keeps serving on every site exactly as configured — we never take down a banner that is protecting a real website. What changes is your dashboard: it becomes read-only. You can still sign in, view everything, export your consent records, and reach the billing page, but you cannot add or edit sites, change banner settings, or start new scans until you upgrade.
How plan limits feel in the product
- Sites: trying to add a site beyond your limit returns you to the sites list with an upgrade prompt.
- Lighthouse: the deep performance audit shows an upgrade prompt — it arrives with the Business plan.
- Scan depth: each scan crawls up to your plan's page budget — enough to discover the trackers that matter.
- Trial ended: changes (add or edit a site, save banner settings, start a scan) are paused and send you to the billing page; viewing your data stays open, and your live banners keep serving.
Behind the scenes: data, privacy, languages & reliability
A few cross-cutting things worth knowing about how FewCookies behaves, what it stores, and what to expect when work happens in the background.
English & Romanian
The entire product — the marketing pages, this documentation, and the dashboard — is available in English and Romanian. Use the EN / RO switch in the header to change language; your choice is remembered for a year. English is the reference language, so if a Romanian phrase is ever missing you will see the English version rather than a broken page.
What we store about your visitors
FewCookies is a privacy tool, so it collects as little as possible about the people who visit your site. When a visitor makes a consent choice, we record:
- a one-way hash of their IP address — never the raw IP, and it cannot be reversed back to an address;
- their choice (accept all / reject all / a custom selection) and which categories they allowed;
- the banner version they saw, an anonymous visitor id, the browser's user-agent, and a country code derived from your CDN.
Because the IP is hashed with your account's secret, the same visitor produces the same hash (useful for grouping) while remaining anonymous. This is what lets you prove consent without holding personal data you do not need.
Proof of consent
You can export your consent records (see The consent banner & embed script). Each exported receipt is cryptographically signed, so it is tamper-evident — exactly what GDPR Article 7 expects when you need to demonstrate that consent was given.
Scans run in the background
Scanning drives a real headless browser, which takes time, so it runs as a background job rather than blocking your screen.
- The scan page shows live progress and settles on a clear completed or failed result — never an endless spinner.
- If you trigger a scan while one is already running for that site, FewCookies reuses the in-flight scan instead of starting a second one.
- Transient failures are retried automatically; a scan that cannot finish is marked failed with a reason rather than hanging.
Email & reliability
Account emails — verification, password reset, the welcome message and monthly reports — are sent off the main request path so a momentary email-provider hiccup does not break your action; delivery is retried. Behind the scenes, an operations view lets our team see and re-run any failed scan, and a lightweight health check keeps the service monitored.
FewCookies helps you reach and document compliance, but it is a tool, not a law firm. The generated documents are a strong starting point — for anything legally sensitive, have them reviewed by a qualified professional.