From kostja94-marketing-skills-5
Generates or optimizes cookie policy pages with cookie inventory, consent requirements, and jurisdiction-specific guidance.
How this skill is triggered — by the user, by Claude, or both
Slash command
/kostja94-marketing-skills-5:cookie-policyThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Guides cookie policy page content for transparency and regulatory compliance. Often presented as a standalone page or as part of the Privacy Policy.
Guides cookie policy page content for transparency and regulatory compliance. Often presented as a standalone page or as part of the Privacy Policy.
When invoking: On first use, if helpful, open with 1–2 sentences on what this skill covers and why it matters, then provide the main output. On subsequent use or when the user asks to skip, go directly to the main output.
Identify:
_ga, _ga_*, session cookies, CSRF tokens, preference cookies, ad cookies| Cookie | Type | Purpose | Duration | How to Opt Out |
|---|---|---|---|---|
_ga | Analytics | Distinguishes users; used for aggregate usage measurement | 2 years | GA opt-out browser add-on, block third-party cookies, or enable Do Not Track |
_ga_<container-id> | Analytics | Persists session state; used with _ga for session-level metrics | 2 years | Same as _ga |
Disclosure requirement: If the site uses Google Analytics, the cookie policy MUST list these cookies. GA ToS §7 requires posted privacy/cookie notice.
| Cookie | Type | Purpose | Duration | How to Opt Out |
|---|---|---|---|---|
| Session ID | Essential | Maintains user session across page loads | Session (deleted on browser close) | Required for service; cannot be disabled |
| CSRF Token | Essential | Prevents cross-site request forgery attacks | Session | Required for security; cannot be disabled |
| Fair-use quota | Functional | Counts daily usage for rate limiting | 24 hours | Clear browser data; resets on next visit |
| Language preference | Functional | Remembers user's language choice | 30 days – 1 year | Clear browser data |
| Dark mode / theme | Functional | Remembers display preference | 30 days – 1 year | Clear browser data |
| Cookie | Type | Purpose | Duration | How to Opt Out |
|---|---|---|---|---|
_fbp | Marketing | Meta/Facebook pixel — tracks ad conversions | 90 days | Meta ad preferences or block third-party cookies |
_gcl_au | Marketing | Google Ads conversion linker | 90 days | Block third-party cookies |
_rdt_uuid | Marketing | Reddit Ads conversion tracking | 90 days | Block third-party cookies |
This is the most common compliance confusion. Determining which mechanism is needed depends on cookie type:
When to use: Site uses only strictly necessary and analytics cookies (no advertising, no tracking, no third-party marketing cookies).
What it is: A banner or page section stating "We use cookies for [analytics/functionality]. By continuing, you accept this." No accept/reject toggle needed.
Sufficient for: GA4 analytics only, session cookies, CSRF tokens, functional preference cookies.
When to use: Site uses any of: advertising cookies, third-party tracking cookies, social media pixels, or cookies that share data with ad networks.
What it is: An interactive banner with accept/reject/customize options. Must allow granular consent by cookie category. Must be as easy to reject as to accept. Must not use dark patterns (pre-checked boxes, confusing language, "accept all" only).
Required for: Meta pixel, Google Ads conversion tracking, retargeting cookies, any cross-site tracking.
State whether the site responds to browser DNT signals. Most sites do not, which is acceptable as long as disclosed. Example: "[Product] does not currently respond to Do Not Track signals because no uniform standard exists."
Brief, plain-language explanation: "Cookies are small text files stored on your device by websites you visit. They help sites remember your preferences and understand how you use them."
Categorize by function:
Table format for every cookie:
| Cookie Name | Type | Purpose | Duration | How to Opt Out |
|---|---|---|---|---|
| [name] | [essential/functional/analytics/marketing] | [1-sentence purpose] | [duration] | [specific actionable instruction] |
The "How to Opt Out" column is critical — don't just list cookies, tell users how to control them. This builds trust and satisfies regulatory expectations.
npx claudepluginhub joshuarweaver/cascade-data-analytics --plugin kostja94-marketing-skills-5Drafts GDPR- and ePrivacy-compliant cookie policies using CNIL 2020 guidelines, a reference template, and best practices.
Scans websites and codebases for data collection signals (cookies, forms, payments, trackers) and generates tailored privacy policies with GDPR/CCPA rights. Trigger via /privacy-generator.
Generates structured Privacy Policy pages with 14-section framework, covering GDPR, CCPA, AI disclosures, and data collection details for compliance documentation.