plugin-icon

Compliance by Hu-manity.co

Par Humanityco·
Intentional Consent for WordPress — GDPR, CCPA, CPRA & ePrivacy compliance with consent records, autoblocking & Google Consent Mode v2.
CCPA
consent
cookies
Évaluations
4.8
Version
3.0.3
Installations actives
900K
Mis à jour récemment
May 7, 2026
Compliance by Hu-manity.co

Compliance by Hu-manity.co (formerly known as Cookie Notice) provides a simple, customizable website banner that can be used to help your website comply with cookie consent requirements under the EU GDPR, CCPA, and other data privacy laws — with seamless integration with Cookie Compliance to help your site comply with the latest updates to existing consent laws.

Cookie Compliance is a fully featured Consent Management Platform (CMP) that provides automated compliance features and enhanced design controls in a state-of-the-art web application. Cookie Compliance enables websites to take a proactive approach to data protection and consent laws. It is the first solution to offer Intentional Consent, a new consent framework that incorporates the latest guidelines from over 100+ countries, and emerging standards from leading international organizations like the IEEE and European Center for Digital Rights (noyb.eu). Cookie Compliance provides a beautiful, multi-level experience and includes new choices and controls for site visitors to better understand and engage in data privacy decisions.

Our Cookie Compliance web application introduces a more ethical, proactive way to capture and manage consent. This early version of the emerging Intentional Consent framework is a result of Hu-manity.co’s ongoing work with top Fortune 500 companies, governments, and standards organizations, who believe that the imbalanced relationship between consumers and corporations is unsustainable when it comes to data privacy and consent online. We are making it available for all website owners and operators who share this belief and support our mission to eliminate the dark patterns in online consent. Matt Sinderbrand – Chief Platform Officer, Hu-manity.co

Compliance (plugin only)

Compliance by Hu-manity.co provides a simple, customizable website banner to help your website comply with certain cookie consent requirements.

Banner features:

  • Customizable notice message
  • Consent on click, scroll or close
  • Plusieurs options d’expiration des cookies
  • Lien vers la page de politique de confidentialité
  • Synchronisation avec la page de politique de confidentialité de WordPress
  • Compatible avec les extensions multilingues WPML et Polylang
  • SEO compatible

Cookie Compliance (plugin + web application)

Cookie Compliance gives you access to the most up-to-date formatting guidelines and technical compliance requirements for over 100 countries and legal jurisdictions.

Banner features:

  • Intentional Consent provides 3 equal buttons to give site visitors the ability to accept none, some, or all cookies through packaged choices called Data Access Levels. Data Access Levels improve consent conversion and eliminate the dark pattern of deceptive, non-equal choices in the first layer. Complies with equal choice principle prescribed under GDPR and other data protection laws.
  • Consent duration selector gives visitor control over how long their consent remains valid for your site. Enables your site to align with recent guidelines from EU Data Protection Authorities, which state that cookie consent should be valid for no longer than a period of 6 months.
  • Cookie purpose categories make it easy for website visitors to customize their consent by category. Complies with affirmative, opt-in consent requirements prescribed under GDPR and other data protection laws.
  • Consent metrics displays the visitor’s consent record and a list of blocked / allowed 3rd parties directly in the expanded level of the banner. Complies with latest guidance from EU Data Protection Authorities like CNIL (France) and ICO (UK).
  • Customizable Privacy Paper provides helpful information to improve visitor comprehension and understanding of the data sharing risks and benefits. Allows you to summarize core components of your sites privacy notice and aligns with the informed principle prescribed by GDPR rules for valid consent capture.
  • Configurable Privacy Contact allows you to provide contact information for a business’ data privacy admin, as well as helpful links to data subject request forms and other data privacy resources. Aligns with the informed principle prescribed by GDPR rules for valid consent capture.

Web Application features:

  • Consent analytics dashboard shows event data for number of visits and provides a “trust score” to help you track how site visitors are setting their consent. Make adjustments to your banner to improve your cookie acceptance rate and monitor progress via the consent activity graph.
  • Default configurations for GDPR, CCPA and more help to remove dark patterns and allow for quick and easy deployment of the consent banner without any guesswork. Customize the design of any default configuration to match the look and feel of your site.
  • Automatic script blocking blocks all non-essential cookie scripts and iFrames by default and complies with valid consent rules under GDPR and other data protection laws; in order to be compliant, your site must record visitor consent before setting or sending cookies.
  • Google Consent Mode ensures that your website can still gather valuable insights and perform effectively while respecting users’ privacy preferences by dynamically adjusting the behavior of Google services according to user consent.
  • Facebook Consent Mode allows your website to measure the impact of your ads on Facebook, track website activities and conversions and automatically deliver ads to Facebook if the user has agreed to.
  • Consent record storage automatically stores a record of each consent and makes these records available for export. Complies with proof-of-consent requirements prescribed under GDPR and other data protection laws.
  • Multilingual support automatically translates all banner text strings and allows you to provide custom translations for every text field to ensure visitors get a consistent consent experience.
  • Multidomain management allows you to manage additional Free or Professional domains under a single account and enables you to customize banner configuration and design for each domain independently.

Cookie Compliance proactive approach:

For all businesses, the resources required to stay ahead of the latest regulations increases with the passage of each new law. With enforcement of compliance violations increasing daily, we believe it is critical for us as a trusted consent vendor to do everything in our power to help you stay ahead of these laws and remove the risk to your business

Cookie Compliance covers all current and upcoming regulations:

  • GDPR (EU)
  • ePrivacy Directive (EU)
  • ePrivacy Regulation (EU)
  • PECR (UK)
  • LGPD (Brazil)
  • PIPEDA (Canada)
  • PDPB (India)
  • CCPA (California, US)
  • VCDPA (Virginia, US)
  • Colorado Privacy Act (US)
  • CPRA (California, US)

Cookie Compliance incorporates all recent formatting guidance:

  • European Data Protection Supervisor (EDPS)
  • ICO (United Kingdom)
  • CNIL (France)
  • GPDP (Italy)
  • BfDl (Germany)
  • AEPD (Spain)
  • European Center for Digital Rights (noyb.eu)

Cookie Compliance targets dark patterns

Dark Patterns are user interface (UI) techniques that push site visitors to make decisions (such as agreeing to the installation of cookies on their devices) that they might not otherwise make. The most common Dark Pattern is the lack of an equal “reject all” button on the first layer of the consent notice. Dark Patterns are explicitly banned under GDPR and other data protection laws.

As a part of our proactive approach, Cookie Compliance is configured by default to prevent Dark Patterns through our unique Intentional Consent design.

Privacy

Compliance by Hu-manity.co is a Consent Management Platform client. Depending on how you use it, the plugin may send data to Hu-manity.co services on your behalf. This section describes what data leaves your WordPress server and when. It is kept up to date as the plugin evolves; material changes are noted in the changelog.

Plugin-only mode (Banner Only / Basic)

If you install the plugin and choose « Banner Only » in the Welcome screen — or never open the Welcome screen at all — the plugin operates entirely on your WordPress site. No account is created and the plugin does not initiate calls to Hu-manity.co services.

Connected mode (Free or Professional)

If you create a Cookie Compliance account from the Welcome screen (or log into an existing one), the plugin connects your site to the Hu-manity.co platform. While connected, the plugin sends data over HTTPS to Hu-manity.co’s platform services (hosted under *-api.hu-manity.co) for the following purposes:

  • Account sign-up and sign-in, and registering your site as an application.
  • Fetching and updating your banner configuration.
  • Fetching consent analytics and individual consent records shown in the Audit Trail.
  • Processing subscription payments (Professional plans only).

The data sent depends on the feature you are using and typically includes:

  • Account-identifying data such as the email address and password used for sign-up or sign-in.
  • Site-identifying data such as your site’s URL, title, description, and language.
  • Application credentials (App ID and Secret Key) issued to your site at registration, included with subsequent platform requests.
  • Subscription and billing data for Professional plans, such as the selected plan identifier and a one-time payment token described below.
  • Integration telemetry such as the plugin version and which admin interface (React or Legacy) you are using, sent as HTTP headers so we can understand integration adoption and support the plugin.
  • Operational metadata such as the timestamp and locale of a request, as is normal for HTTPS API calls.

As the plugin evolves, additional non-personal fields of the same categories listed above may be sent to support new features. Material changes are noted in the changelog.

Payments (Professional plans only)

Payment card details are collected by Braintree’s hosted-fields SDK running in your browser and are tokenized there. The plugin and Hu-manity.co servers do not receive raw card data. A one-time, non-replayable Braintree token is sent to Hu-manity.co’s platform to create the subscription.

Deactivation feedback

If you deactivate the plugin and fill in the optional deactivation feedback form, the reason you select, any free-text comment you type, and your site URL are sent once to Hu-manity.co so we can improve the product. Submitting the form is optional; clicking « Skip » sends nothing. This applies to both Plugin-only and Connected modes.

The banner shown to your site visitors

The consent banner shown to your site visitors is served from cdn.hu-manity.co/hu-banner.min.js. When a visitor interacts with the banner, the banner script (running in the visitor’s browser, not the plugin) communicates directly with Hu-manity.co services to record the consent decision — this is what makes consent records available to you in the Audit Trail. This data flow is between the visitor’s browser and Hu-manity.co and does not pass through your WordPress server. Because these requests originate in the visitor’s browser, the visitor’s IP address is visible to Hu-manity.co as part of standard HTTPS network handling.

Local state set by the plugin

The plugin stores operational state in three places. None of this is transmitted to Hu-manity.co:

  • On your WordPress server (options and transients) — for example, a welcome-modal dismissal timestamp (cookie_notice_welcome_dismissed) and short-lived caches of API tokens and configuration.
  • In the admin user’s browser (localStorage) — for example, first-run setup flags such as cn_setup_wizard_complete_* and cn_has_platform_config_*.
  • In visitor browsers (a short-lived hu-form cookie, 5 minutes) — set when forms with consent integration are submitted. Used locally by the form-consent flow.

As the plugin evolves, additional keys may be stored in any of these locations. They remain local state on your site or in the user’s browser — not data sent to Hu-manity.co. Material changes to this pattern would be noted in the changelog.

Data the plugin does not send

  • The plugin does not transmit visitor IP addresses, cookies, page URLs, or page content as data fields. IP addresses are, as with any HTTPS request, visible to the receiving server as part of standard network handling.
  • The plugin does not transmit the content of your posts, pages, users, or WordPress database.
  • The plugin does not send data to third parties other than Hu-manity.co and, for Professional plan payments, Braintree (a PayPal service).

Service providers

  • Hu-manity.co / Cookie Compliance — primary service provider.
    • Terms of Service: https://cookie-compliance.co/terms-of-service/
    • Privacy contact: https://cookie-compliance.co/documentation/privacy-contact/
  • Braintree (a PayPal service) — processes Professional plan signups initiated from the plugin (not invoked for Basic or Free).
  • When you manage your subscription from the Cookie Compliance web application, additional payment gateway providers may process your billing information.
  • Hu-manity.co’s email subscription service — receives your account email address and name to manage newsletter and operational email preferences. You can unsubscribe at any time via the email footer or by deleting your account.

Account and consent data is processed in the European Union (AWS Ireland region). Hu-manity.co’s public marketing websites (hu-manity.co, cookie-compliance.co) are hosted separately in the United States.

How long we retain your data

  • Plugin-side caches on your WordPress server (API tokens, subscription data, configuration) are short-lived, with TTLs typically up to 24 hours. The visitor hu-form cookie expires after 5 minutes.
  • On the Hu-manity.co platform, account information and consent records are retained as long as your Cookie Compliance account is active, and are removed when the account is deleted or via an erasure request.

What rights you have over your data

  • Stop further sends. Deactivate the plugin from the Plugins screen — no further plugin-initiated API calls will be made.
  • Export consent records. Site owners can export cookie-consent and privacy-consent logs as CSV from the Cookie Compliance web application.
  • Delete your account and all associated data. The Cookie Compliance web application has an account-deletion flow. Triggering it cancels active subscriptions, deletes your apps and banner configuration, removes your consent records from the platform, and nullifies free-text personal data before deleting the account.
  • Erasure of visitor data (GDPR Article 17 / CCPA Delete). To request erasure of a specific visitor’s records (by email, session ID, IP, or consent ID), contact Hu-manity.co via the privacy contact page above. Hu-manity.co processes the request and erases the matching records from its storage systems within 30 days, in line with GDPR Article 12.
  • Manage consent (visitors). Site visitors can adjust their consent at any time through the consent banner.
Gratuitsur les plans payants
Commencer
En procédant à l’installation, vous acceptez les Conditions d’utilisation de WordPress.com ainsi que les Conditions de l’extension tierce.
Testé jusqu’à version
WordPress 6.9.4
Cette extension est disponible en téléchargement pour votre site .
Télécharger