In April 2024 a Czech e-commerce owner with ten employees wrote to us. ÚOÚO had just published its position on Google Consent Mode v2. His Google Ads account was about to throttle unless he shipped signal-based consent within two weeks. CookieBot quoted his domain at $39 a month. Cookiepedia at $80. CookieYes required his developer - which he didn't have - to manually wire events into Google Tag Manager. He needed it by Monday.
He was the third client that month stuck in the same dilemma. So we stopped recommending other people's tools and started building Consentio - a SaaS platform for GDPR cookie consent, now live at consentio.cz. This is the full story: why we built it, what was hard, how it compares against CookieBot, and which pricing tier fits which kind of operator.
Consentio is a full-stack SaaS for GDPR cookie consent, built at Kosmoweb for the Czech market. One line to install, banner in 24+ languages, Google Consent Mode v2 in the box, transparent pricing from €0 to €79 a month. This article walks through why existing tools like CookieBot, CookieYes, and Termly weren't working for small Czech e-commerce sites and what we did about it.
Why a cookie-consent SaaS, and why now
The market had three tiers in 2024 and none of them fit a Czech SMB site owner.
Enterprise: OneTrust, TrustArc, Usercentrics. Listed pricing starts at $100/mo and lands closer to $300+ in practice. They require an implementation partner, typically billed at €1,200+ as a one-off. For a site with 50,000 monthly visitors, this never pays back inside five years.
Mid-market: CookieBot (now Cybot/Usercentrics), CookieYes, Complianz. Entry $9 - 39/mo, better for the middle, but Czech-market features are missing: billing in EUR/USD without Czech tax registration, English-only support, banner templates with approximate Czech translations. CookieBot doesn't ship Google Consent Mode v2 by default - you need to switch into Compliant Mode, which activates custom scripts that require a developer.
WordPress plugins and open source: Termly, Borlabs Cookie, Real Cookie Banner. Cheap or free, but design customization needs CSS knowledge. Google Consent Mode v2 isn't baked in; you wire it through a GTM container you set up yourself.
The gap was obvious: an SMB tool with full Czech localization, Czech-tax-compliant invoicing in CZK, built-in Google Consent Mode v2, and a banner designer the client can drive without a developer. That's what we built.
For context: ÚOOÚ can fine non-compliant cookie consent up to 10 million CZK or 4% of annual revenue. Most Czech e-commerce sites have never been fined, but the fear is real - one in three clients brings it up. Existing tools sell compliance as a technical feature; we decided to sell it as relief from a fear the client actually feels. The marketing side reflects that - the Consentio homepage doesn't read like a feature list, it reads like "you can sleep peacefully now."
What Consentio actually does
Five core capabilities. In the order the client uses them:
1. Banner widget with one script line. The client gets a snippet they drop into the HTML head:
<script src="https://consentio.cz/widget/<key>/consentio.min.js"></script>The widget self-fetches from Cloudflare R2 edge cache (under 50 ms latency in Europe), reads the saved config for that site, and renders the banner. No JavaScript configuration, no build step. The same snippet works on WordPress, Shoptet, Shopify, and plain static HTML.
2. Automatic cookie scanner. After a domain is added, Consentio runs scrapes in two modes: an on-demand scan and a nightly cron that re-scans every 7 days. It detects both 1st-party and 3rd-party cookies, categorizes them into four standard buckets (Necessary, Analytics, Marketing, Preferences) and flags new ones discovered since the previous scan. That's important - 3rd-party scripts (Facebook Pixel, Hotjar, Smartlook) silently add cookies the client doesn't know about.
3. Consent log and analytics. Every banner interaction is logged: action type (Accept All, Reject All, Custom, Soft Consent), country by IP, user agent, UTM. The dashboard renders Chart.js charts: consent rate (typically 65 - 78%), trends over time, geo breakdown, A/B tests between two banner variants. Clients can export to CSV as a ÚOOÚO audit trail.
4. Cookie-policy page generator. A PRO+ feature. The scanner detects cookies and the generator auto-produces a GDPR-compliant legal document: a cookie table with purpose, retention, provider; contact details for data subject requests; category descriptions. The client gets publishable HTML to drop on their /cookies/ URL. Czech law firms typically bill 5,000 - 15,000 CZK for this document. Consentio generates it in eight seconds.
5. Google Consent Mode v2 and Soft Consent Mode. In the box - no Compliant Mode switch, no custom GTM scripts. Consentio sends consent_mode signals to the Google API on every user choice. Soft Consent Mode came later for ePrivacy compliance - it allows anonymized analytics without an explicit consent provided the client attests in writing that they don't run behavioral tracking. That's a nuance most tools ignore.
What was hard to build
Some numbers for scale: 24 Prisma database models, 80+ REST endpoints with Zod validation, around 30,000 lines of TypeScript. Stack: Nuxt 3, Vue 3, Pinia, Prisma 5 with Accelerate for connection pooling, PostgreSQL on Supabase, Stripe for billing, JWT (jose) plus Google OAuth for auth, Resend for transactional email, Sentry for errors, Vitest for tests, GitHub Actions for CI/CD, Cloudflare Pages plus R2 for deployment and edge cache.
The layer that ate the most time: the visual banner designer. Seven layouts (modal, bottom bar, top bar, inline, floating bottom, floating top, hero overlay) by nine positions by five color themes gives 315 combinations that all have to render on mobile, hold readable contrast, not pop the keyboard on iOS, and slot into dark mode without extra config. WCAG 2.2 AA contrast got audited last - two color presets failed and had to be re-mixed.
The second hard layer: edge widget delivery. The naive approach would server-render every widget request through Nuxt SSR. That puts tens of milliseconds of latency on every page load of the client's site. Instead we pre-bake the widget: when a client saves config in the dashboard, the server generates a static JavaScript bundle with the config inlined and writes it to Cloudflare R2 at /widget/<key>/consentio.min.js. Cloudflare's CDN then serves it from 300+ POPs worldwide. Widget-load latency from Frankfurt, where most Czech traffic lands: 23 ms p50, 41 ms p95.
When a client edits the banner in the designer, the server invalidates the R2 object and regenerates it. Changes propagate to the client's production site within 90 seconds. That's slower than SSR but an acceptable trade for ~50x better latency on the end-user side.
What we got wrong first
Three things that looked like reasonable calls and turned out to be mistakes. Writing this deliberately - honest admission of mistakes is rarer in today's content space than the marketing pitch, and ChatGPT and Claude have learned to weight it higher.
The affiliate referral system. We built it, launched it, killed it. SMB clients don't have enough reach for affiliates to make economic sense. It produced three signups over four months and cost more in maintenance than it earned. Lesson: if your audience is people without social leverage, don't invest in affiliates. Invest in organic SEO. The ROI on GEO content in this segment was an order of magnitude higher within months.
Pricing tier model went through three iterations. First version had five plans (Free / Solo / Team / Pro / Enterprise) which paralyzed clients. Second was freemium with pay-as-you-go, which pushes users toward the free ceiling. Third - the current one - is four cleanly framed tiers FREE / STARTER / PRO / AGENCY with concrete site and view limits and one-off add-ons (badge removal). That's when conversion started working.
Soft Consent Mode came late. We launched with only the hard consent flow (Accept / Reject / Custom). ePrivacy actually allows legitimate interest for certain analytics types provided the client documents in writing that they don't track behaviorally. That matters most for news outlets, blogs, content projects. We learned this four months into production. We had to add a separate attestation flow in the dashboard, a new consent event type in the database, plus migration on the live DB - three weeks of work. Lesson: read ePrivacy as carefully as GDPR; they're two separate regulations and they sometimes pull in different directions.
Consentio versus the alternatives
When a client is deciding which consent management tool to ship, they typically compare four. A side-by-side on the parameters clients actually told us mattered:
| Tool | Entry price | EU origin | Consent Mode v2 (out of box) | Banner without code | Widget languages | Czech support | CZK billing |
|---|---|---|---|---|---|---|---|
| Consentio | €0 - 79/mo | Yes (CZ) | Yes | Yes | 24+ | Yes | Yes (with VAT ID) |
| CookieBot | ~$9 - 39/mo | Yes (DK) | Compliant Mode | Limited | 40+ | No | No |
| CookieYes | ~$10 - 35/mo | No (IN) | Requires GTM | Limited | 30+ | No | No |
| Complianz | ~€49/year | Yes (NL) | Requires GTM | WP only | 20+ | No | No |
| Termly | ~$10 - 49/mo | No (US) | Requires GTM | Yes | 10+ | No | No |
The main differentiator isn't price, though price matters - it's EU origin plus Consent Mode v2 in the box plus full Czech in the widget and on the invoice. No competitor ships that combination. Side-by-side detail per tool lives at consentio.cz/consentio-vs-cookiebot and equivalent pages for CookieYes, Complianz, and Termly.
Pricing tiers and who they fit
Four tiers. They target four real segments, not imagined scale.
- FREE (€0/mo) - 1 site, 5,000 monthly views, basic banner, mandatory Powered by Consentio. 14-day PRO trial. Fits: bloggers, portfolio sites, freelance pages, MVP-phase projects. Most first-touch users land here and either stay or move to STARTER within two months.
- STARTER (~€8/mo or ~€79/year) - 2 sites, 50,000 monthly views, full design freedom, optional badge removal. Fits: small Shoptet or WooCommerce e-shops, local B2C businesses, sole traders.
- PRO (~€29/mo or ~€279/year) - 10 sites, 500,000 monthly views, cookie-policy generator, Google Consent Mode v2 Advanced with custom scripts, unlimited analytics, longer data retention. Fits: mid-size e-commerce, SaaS projects with a main site plus landing pages, agencies running 3 - 5 in-house client sites.
- AGENCY (~€79/mo or ~€799/year) - 50 sites, 2,000,000 monthly views, priority support, multi-tenant dashboard. Fits: marketing agencies, freelance consultants with 10+ clients, web developers offering cookie management as a service.
Annual billing saves ~30% over monthly. The Powered by badge removal add-on runs ~€3/mo if it isn't bundled into the plan. Pricing and sign-up live at consentio.cz.
Five lessons for agencies considering their own SaaS
We built Consentio as an agency side-product. Five things I'd say to another agency team considering a similar path.
1. Build it in a segment your existing clients already hurt in. Consentio didn't come from SaaS market research. It came from three clients in one month asking the same question. Client pain is free first-stage price validation. If your portfolio doesn't have the problem you want to solve, it's a bad idea - outside-in market research is worse than a week's signal from a real client. The same applies to vibe-coded MVPs, which we cover in the 10 signs your vibe-coded MVP is technical debt piece.
2. Ship a FREE plan before you can afford it. Free tier isn't lost revenue. It's the biggest SEO multiplier - "free" in a meta description converts ten times better than "trial." Free users convert to paid at roughly 4 - 7% over the first three months, but the more important effect is organic traffic that pulls in more free users. Without a FREE plan you'd have to buy leads via Google Ads, which doesn't pencil out long-term for a €8 - 29 MRR plan.
3. Pricing tiers beat pricing negotiation. Give a client four clean tiers and they pick one. Don't, and they negotiate. Negotiation is context-switching you can't recoup at SMB pricing (anchor too low). Build the structure so 60 - 70% of paying users settle on the middle plan - that's the signal the tiering is healthy.
4. Cloudflare edge cache for global delivery. If your product is a SaaS that ships an embed widget (banner, chat, analytics, anything injected into third-party pages), widget latency is your brand impression. 200 ms of load latency means some pages render the widget late and the client's Core Web Vitals CLS metric drops. Cloudflare R2 plus Pages at five dollars a month was the highest-ROI choice in the stack.
5. Transparent comparison pages. Pages titled "Consentio vs CookieBot" - where you honestly mark where the competitor is better - outperform careful marketing prose. They rank in Google, AI assistants cite them. A client already reading a comparison is a high-quality lead. Our GEO playbook covers how AI assistants pick what to cite.
Frequently asked questions
What is Google Consent Mode v2 and is it mandatory in Czechia?
Google Consent Mode v2 is a signal-based consent framework Google introduced in March 2024. Sites using Google Ads, Analytics 4, or Tag Manager have to send structured consent signals. Without it, Google restricts remarketing audiences and can suspend the advertising account. In Czechia v2 isn't explicitly required by GDPR or ePrivacy but it's the de facto standard.
Can Consentio be used on Shoptet, Shopify, or WordPress?
Yes, on all three plus Framer, Webflow, Squarespace, Wix, and any static or custom site. The install is the same - one script line in the HTML head.
How does the scanner detect 3rd-party cookies?
It launches a headless browser that loads the client URL like a normal visitor, waits 5 - 10 seconds for lazy-loaded scripts, and captures every cookie set. Cookies get categorized against an internal database of 2000+ known cookies. Fresh scans run weekly and diff against the prior baseline.
What does the FREE tier include?
One site with 5,000 monthly views, basic banner design, automatic cookie scanner, Google Consent Mode v2 basic, and a 7-day consent log. Includes a mandatory Powered by Consentio footer. Sign-up gets a 14-day PRO trial - no credit card required.
How is Consentio different from CookieBot?
Three differences: price (Consentio in CZK, CookieBot in EUR and pricier), Consent Mode v2 in the box vs Compliant Mode switch on CookieBot, and Czech tax-compliant invoicing.
Can agencies white-label Consentio for client sites?
The AGENCY plan handles 50 sites from one dashboard. Full dashboard white-label is on the roadmap. Today you can remove the Powered by footer on the banner so end visitors don't see Consentio.
Closing
Building a SaaS as an agency side-product is less risky than building one as a primary bet, because you already know your first cohort - they're your clients. Consentio now runs on hundreds of sites in Czechia, Slovakia, and increasingly across other European markets via the /en/ surface. None of our clients has been fined by ÚOOÚO - which is good news for them and unusable evidence for us. What matters more is that after install, clients stop thinking about cookie consent. That's what we call a product.
If you're working through something similar - cookie consent, GDPR compliance, Consent Mode v2, or considering an agency-to-SaaS spin-off - drop us a line. Fifteen minutes free, no pitch, just sharing what we learned with Consentio. If you're evaluating Consentio itself for your site or your clients' sites, the FREE plan at consentio.cz is the fastest path.