Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Cookie Assistant is a hosted Consent Management Platform (CMP) marketed across Italy, Spain and the wider European market. Publishers configure their banner in a dashboard and embed a single JavaScript snippet; the banner then captures granular consent, blocks third party scripts until acceptance and stores a proof of consent record. Because it is itself a compliance tool, it processes only the visitor's consent decision and basic device metadata, with EU hosting and no third country transfer in the default setup.
Cookie Assistant is a Consent Management Platform (CMP) used by European publishers to comply with the GDPR and the ePrivacy Directive. The publisher configures categories, vendor lists and look and feel in a dashboard, then drops a single JavaScript snippet on the site. The snippet renders the banner, blocks third party scripts until consent is captured, and submits a proof of consent record to Cookie Assistant''s EU back end.
The banner sets three first party cookies : cassistant_consent (1 year, the decision itself), cassistant_uid (6 months, anonymous link to the server proof) and cassistant_lang (1 year, language). On the server side, Cookie Assistant retains a hashed IP, a User Agent excerpt, a timestamp and the categories accepted for each visitor as the consent log. No personal data is transmitted to advertisers, analytics vendors or any other third party through the banner itself.
The CMP cookies themselves are strictly necessary under Article 5(3) ePrivacy and require no consent. Storing the consent log relies on Article 6(1)(c) GDPR (legal obligation, the duty to demonstrate consent under Article 7(1) GDPR). When the IAB TCF v2.2 module is enabled, the publisher must verify that the vendor list is current and that the categories shown in the banner mirror the actual vendors loaded after acceptance.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
The blocker is only effective on the scripts that have been correctly enumerated in the dashboard. Run a full audit with consent denied in the browser developer tools after each release, and add any new third party script (Maps embed, social plugin, analytics) before it ships to production. A common failure mode is a new marketing widget added by the agency team that is not yet known to the CMP.
Configure granular categories matching the actual vendors. Keep TCF off if you do not run programmatic advertising. Enable the consent log and set the retention you need to evidence consent (typically 13 months). Sign the Cookie Assistant DPA. Audit the cookie banner on every release with consent denied. Document the CMP in the processing register as the tool fulfilling the consent obligation.
Websites using Cookie Assistant must obtain user consent under GDPR regulations.
DPIA considerations
Cookie Assistant is a Consent Management Platform; its sole purpose is to fulfil the publisher's legal duty to capture and prove consent. Key considerations : (1) the visitor side cookie only carries the consent decision and never carries trackers itself; (2) the proof of consent record stored server side includes hashed IP, User Agent excerpt and timestamp, all retained for the publisher to evidence consent in case of a dispute; (3) the script blocker only blocks third party tags that have been correctly enumerated, missing scripts can still fire before consent; (4) when IAB TCF v2.2 is enabled, the TC string is published to other vendors which may interpret it as a basis for processing; (5) the publisher remains controller for the consent log, Cookie Assistant is processor under its DPA. A DPIA is not normally required for the CMP itself.
Sample consent text
Our cookie banner is delivered by Cookie Assistant, a European Consent Management Platform. Cookie Assistant stores your decision in a first party cookie on this site and replicates a proof of consent record (hashed IP, time, choices) to its EU servers so we can demonstrate compliance. No personal data is shared with third parties through the banner itself.
Third-party domains contacted
cookieassistant.comcdn.cookieassistant.comapi.cookieassistant.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| cassistant_consent | Strictly necessary | 1 year | Stores the visitor's granular consent decision (categories accepted or refused) so the banner is not shown again on subsequent visits. |
| cassistant_uid | Strictly necessary | 6 months | Anonymous identifier used to link the consent decision stored locally with the server side proof of consent record on Cookie Assistant's EU servers. |
| cassistant_lang | Functional | 1 year | Stores the chosen language for the banner so the same wording is shown on subsequent visits. |
Cookie Assistant is an essential service, but transparency matters. Manage all your consent with FlowConsent.
Three first party cookies on your domain: cassistant_consent (1 year, the granular decision), cassistant_uid (6 months, anonymous link to the server proof) and cassistant_lang (1 year, banner language). No tracking cookies are set by the CMP itself.
No. All three are strictly necessary to deliver the consent management service the user explicitly engaged with and are exempt under Article 5(3) ePrivacy.
Article 6(1)(c) GDPR (legal obligation, the duty to demonstrate consent under Article 7(1) GDPR). The blocked third party scripts each rely on Article 6(1)(a) once consent is granted.
No. Cookie Assistant hosts the consent proof in the European Union. No transfer to a third country happens through the CMP itself.
No. The CMP processing is minimal and its sole purpose is GDPR compliance. A DPIA may still be triggered by the third party scripts the CMP controls.
Enumerate every third party script in the dashboard and assign the correct category. Keep TCF off if you do not run programmatic ads. Audit the rendered HTML with consent denied at every release. Sign the Cookie Assistant DPA. Define a retention period for the consent log.
Yes : Complianz (Netherlands), Borlabs Cookie (Germany), CookieYes, Klaro, Iubenda, OneTrust, or FlowConsent for a fully European, hosted CMP. Each has different strengths in script auto detection, multilingual support and TCF integration.
List the three Cookie Assistant cookies in the strictly necessary section with domain (your own site), duration and purpose. Mention Cookie Assistant as the processor that hosts the consent log in the European Union.