GDPR Cookie Banner

What is the GDPR Cookie Banner?

The GDPR Cookie Banner is a native, fully GDPR-compliant cookie consent banner for your Portal. It lets visitors accept or reject non-essential cookies, holds your tracking scripts in a consent-gated Cookie Tag Manager, and keeps a per-Portal audit log of every consent choice.

It replaces the old do-it-yourself approach of pasting cookie banner code into Custom JS, which could break your login and registration pages when a visitor clicked Reject. With the native banner, your non-essential scripts stay completely dormant until a visitor opts into their category, so nothing ever blocks a form or fires a cookie without consent.

The banner is off by default and appears on every surface once you enable it, including the authenticated Portal, all login screens, registration, and public Landing Pages.

How do I enable and configure the GDPR Banner?

Open Flyout>Platform Branding and navigate to the Advanced area where your Custom CSS and Custom JS live. 

Turn on the enable toggle to make the banner live, then configure:

  • Banner Message: This is where you can customize the text shown to visitors explaining your use of cookies.
  • "Privacy/Cookie Policy URL" link: A link to your cookie or privacy policy that appears on the banner.
  • Script Manager: The four standard categories (Strictly Necessary, Functional, Analytics, Marketing) are shown automatically however you can add your own script to each category by clicking the + Add Script icon.

The banner automatically matches your Portal's brand colors, so there is no separate color setup. Disabling the toggle removes the banner and the reopen tab everywhere at once.

IMPORTANT: The GDPR Banner section is visible and configurable only to Super Admin, Account Managers, and Admin Managers. A standard Admin and other Staff will not see it.

How do I add my tracking scripts with the Cookie Tag Manager?

Inside the enabled GDPR Banner section, use the Cookie Tag Manager to register each tracking script you want to run. Click Add Script and a right-side drawer opens with three fields:

  • Script Name: A label so you can recognize the script (for example, "Google Analytics").
  • Category: Choose Functional, Analytics, or Marketing.
  • Script: Paste the script snippet, exactly as you would from Google Analytics, Meta Pixel, or any other provider.

Each saved tag appears in the list with its category shown as a color-coded pill. Tags are scoped to your Portal only and never affect another Portal.

IMPORTANT: Move your tracking scripts out of the legacy Custom JS box and into the Cookie Tag Manager. Code left in the Custom JS box always runs and is not consent-gated, so any analytics or marketing tags there would fire before a visitor consents.

TIP: Put each script in the category that matches what it does, so a visitor who accepts only some categories gets exactly what they agreed to and nothing more.

What do my visitors see?

When the banner is enabled, visitors meet a non-blocking Cookie preferences banner. It offers Accept all and Reject all with equal prominence, plus Manage preferences, your Learn more link, and a close (X) control.

Choosing Manage preferences reveals the four category toggles:

  • Strictly Necessary: Always on and cannot be turned off, because these are required for the Portal to work.
  • Functional: Scripts that enable extra functionality.
  • Analytics: Scripts that measure traffic and usage.
  • Marketing: Scripts for advertising and retargeting.

Non-essential categories default to off, so nothing is pre-checked. The banner never blocks the page, so login and registration forms stay fully usable while it is shown. Closing the banner without choosing does not grant consent, and the banner returns on the next visit until a real choice is made. Once a visitor chooses, the choice is remembered across pages and visits, and a choice made while logged out carries into their session.

How does consent control my scripts?

Every registered tag is rendered in a dormant state that the browser will not run and that sets no cookies. The banner reads the visitor's choice on every page, including before login, and then activates only the scripts whose category was accepted.

  • Strictly Necessary scripts always run.
  • Accepted categories activate their matching scripts.
  • Declined or undecided categories stay dormant and set no cookies.

Because non-consented scripts never start, they can never block a page. This is the root-cause fix for the login and registration breakage of the old custom-code approach.

How do visitors change or withdraw their consent?

While the banner is enabled, a persistent cookie control sits in the bottom-right tab rail on every surface. A visitor can open it at any time to reopen Manage cookies with their current choices pre-set.

Changing consent is as easy as giving it. Turning every non-essential category off is a valid full withdrawal, and the Portal keeps working normally. After a withdrawal, affected scripts stop running on the following pages and their cookies are cleared where technically possible.

How do I access my consent records?

Every accept, reject, or change is saved as a new, timestamped record, so your consent history is append-only and nothing is overwritten. Each record captures the visitor's identity (account holder or anonymous id), the categories accepted and declined, the timestamp, the device and browser, the network address, and the banner and policy version shown.

While the banner is enabled, export that Portal's full consent history using the CSV export icon button, which sits at the right of the enable-toggle line. The export is scoped strictly to your own Portal.

Does the banner carry over to SUITE Child accounts or AUTOP1LOT accounts?

No. Cookie consent is a per-Portal legal responsibility, so the GDPR Banner configuration is never inherited through SU1TE or AUTOP1LOT accounts. 

IMPORTANT: When a dedicated account is created on AUTOP1LOT activation, or a child account is created on a SU1TE Dashboard, the new account starts with the banner disabled and no carried settings, intro message, policy link, or tracking scripts. The Reseller's own configuration is untouched, and no consent log is ever copied. Each account owner enables and configures the banner themselves.