Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
CookieHub is an Icelandic consent management platform (CMP) that scans websites for cookies, displays a configurable banner in 47 languages, records granular consent and produces an automatically updated cookie declaration.
CookieHub is a consent management platform operated by CookieHub ehf, a private company headquartered in Reykjavik, Iceland. The platform combines an automated cookie scanner, a configurable banner template, multilingual translations and an audit grade consent log within a SaaS interface aimed at small and medium European websites.
After a one line script is added to the site head, CookieHub crawls the website on a recurring schedule, classifies every cookie it discovers, renders a banner that asks the visitor to opt in per category and stores the resulting decision. Other scripts can read the decision via the cookiehub global API or by checking the cookiehub cookie before firing.
CookieHub sets a strictly necessary first party cookie called cookiehub (default duration 12 months) that contains the granular consent decisions plus a configuration hash. Server side, the platform stores a hashed consent identifier, a truncated IP for geolocation, the timestamp, the user agent and the browser language. No advertising or profiling identifier is processed by CookieHub itself.
Because CookieHub is the layer that gates every other tracker, its own cookie falls under the strictly necessary exemption of Article 5(3) ePrivacy. Consent is therefore not required for the banner itself, but the controller still has to demonstrate consent for the downstream services. CookieHub provides exportable consent logs that satisfy Article 7(1) GDPR and the EDPB Guidelines 05/2020 on consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Consent records and the platform infrastructure are hosted in the EEA (Iceland, Ireland), which the GDPR treats as an internal area without the Schrems II problem. The CDN that serves the script can fall back to Cloudflare points of presence, but the consent payload itself stays within the EEA. CookieHub provides a Data Processing Agreement and a sub processor list that confirms the EEA only setup.
Sign the CookieHub DPA, place the CookieHub script before any non essential tag, enable default deny on all categories, activate Google Consent Mode v2 from the dashboard, embed the automated cookie declaration on your privacy policy page and review the weekly scan report before each release. Keep the consent log accessible for at least 12 months to meet the burden of proof in Article 7(1) GDPR.
Websites using CookieHub must obtain user consent under GDPR regulations.
DPIA considerations
CookieHub processes only the minimum data required to record consent (truncated IP, hashed identifier, timestamp, browser metadata) on EEA based infrastructure, so a standalone DPIA is rarely required. Document CookieHub in your record of processing activities as the consent layer that mitigates risk for downstream trackers, and store the consent log for at least 12 months for evidentiary purposes.
Sample consent text
We use CookieHub to record your cookie preferences. The cookiehub cookie is strictly necessary, stores your choices for up to 12 months and is the only cookie set by the consent layer itself. By clicking Accept you consent to the non essential cookies listed below; you can withdraw or change your consent at any time via the Cookie settings link.
Third-party domains contacted
cookiehub.netcookiehub.eucdn.cookiehub.eucdn.cookiehub.eudash.cookiehub.euCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| cookiehub | first_party | 12 months | Stores the visitor cookie preferences and a unique consent identifier used to prove valid consent. |
| cookiehub | http_cookie | 12 months | Strictly necessary first party cookie that stores the visitor granular consent decisions and a configuration hash so the banner does not reappear while the consent is valid. |
| cookiehub | local_storage | 12 months | Optional local storage mirror of the consent decision used by the CookieHub script when local storage is preferred over cookies. |
| cookiehub_session | http_cookie | Session | Strictly necessary session cookie used to track whether the banner has been displayed during the current browsing session before a long term choice is recorded. |
CookieHub is an essential service, but transparency matters. Manage all your consent with FlowConsent.
CookieHub sets a single first party cookie family (cookiehub) that stores the categories accepted and a unique consent identifier. Server side, a truncated IP and a timestamp are kept as proof of consent.
CookieHub sets a single strictly necessary first party cookie called cookiehub, valid for 12 months by default. It contains the granular consent decisions and a configuration hash. No advertising or analytics cookies are placed by CookieHub itself; the platform governs the cookies of other services on your site.
No. CookieHub is treated as strictly necessary under Article 5(3) ePrivacy. The trackers it manages still require valid consent.
No. The cookiehub cookie falls under the strictly necessary exemption of Article 5(3) ePrivacy because it stores the visitor consent decision that has been explicitly requested. Consent is required only for the third party services governed by CookieHub.
Legitimate interest and the proof of consent obligation under Article 7(1) GDPR. Underlying services rely on consent.
CookieHub is deployed under legitimate interest pursuant to Article 6(1)(f) GDPR for the controller, combined with the legal obligation under Article 5(3) ePrivacy and Article 7(1) GDPR to obtain and document consent for any non essential trackers. The platform only processes the data necessary to evidence that consent.
No in standard configuration. CookieHub is operated from Iceland and stores data in AWS EU regions, so the CMP layer is unaffected by Schrems II.
No. CookieHub ehf hosts the consent records on infrastructure inside the EEA (Iceland and Ireland). Iceland is part of the EEA and is covered by the GDPR, which removes the Schrems II exposure typical of US owned CMPs. The CDN may use Cloudflare points of presence, but the consent payload stays within the EEA.
Usually no. A DPIA may still be triggered by the third party trackers controlled through CookieHub when they involve large scale profiling or transfers.
A standalone DPIA is generally not required because CookieHub processes only the minimum data necessary to record consent (truncated IP, hashed identifier, timestamp, browser metadata). If the overall stack triggers a DPIA, document CookieHub inside it as the consent layer that mitigates the risk of higher risk processors such as advertising pixels.
Insert the loader in the head, run the auto scanner, classify each script, block non essential tags before consent, mirror the visual weight of accept and reject, and expose a preference link in the footer.
Place the CookieHub script in the head section before any non essential tag, enable default deny on all categories, activate Google Consent Mode v2 from the dashboard, embed the automated cookie declaration on your privacy policy page and configure the script to rescan weekly. Use the cookiehub global object (cookiehub.hasConsented) to gate custom scripts.
Comparable consent management platforms include Cookiebot, OneTrust, Iubenda, Didomi, Sourcepoint, Usercentrics, Axeptio, CookieFirst and Klaro. Cookiebot and CookieFirst are the closest direct competitors on price and feature set; Didomi and Sourcepoint are better suited to large publishers because of their TCF v2.2 support.
Cookiebot, CookieFirst, Axeptio, Didomi, Complianz, OneTrust, Klaro. Choose on hosting, TCF support and price.
Use the auto scan to keep the inventory current, document every cookie purpose and duration, and version the policy.
Enable the automated cookie declaration block in the CookieHub dashboard and embed it on your privacy policy page using the provided script tag. CookieHub rescans the site automatically on a weekly basis and republishes the updated declaration. Review the change log before each release to catch newly introduced vendors.