Cookiebot or Sendora — pick the trade-off, not the marketing.
Cookiebot does the banner UI well — automated cookie scan, audit reports, regulator-ready ledger. The downstream enforcement (does the messaging tool stop emailing revoked users?) is on every code path. Sendora Privacy reads consent state on every module before acting — Email, Push, SMS, Analytics, Workflows all honour it automatically. Combine: keep Cookiebot for the banner, use Sendora for the enforcement.
Cookie consent banner + scan + audit. Standalone — downstream enforcement is your job.
Banner UI from Cookiebot (or any), enforcement on every Sendora module automatically.
Side-by-side
| Capability | Cookiebot | Sendora |
|---|---|---|
| Cookie banner UI + scan | ✅ industry-standard | ❌ (bring your own) |
| Consent ledger + audit | ✅ | ✅ first-class log |
| Downstream enforcement across channels | Manual plumbing | ✅ every module reads natively |
| DSAR / right-to-erasure | Limited | ✅ cascade-delete |
| Data residency | Limited | ✅ per-org EU/US |
| Pricing model | Per-domain tiered | Bundle |
Why teams switch to Sendora
- Sendora doesn't replace the banner UI — Cookiebot does that well. Use Sendora for downstream enforcement.
- Consent revoked in your Cookiebot banner → Sendora honours it across every channel automatically.
- DSAR cascade across every Sendora table in one operation.
When Cookiebot is the right call
- You only need the banner UI + scan + audit reports — Cookiebot standalone is fine.
- You'd rather plumb downstream enforcement manually across your stack.
Common questions
If I have Cookiebot for the banner, what does Sendora add?
Send-time enforcement on email broadcasts + DSAR cascade across 7 Sendora tables + audit log on erasure with recent-passkey-UV step-up. Cookiebot's ledger sits outside the senders; Sendora's sits in the same tenant as `email_sends`, so flipping `enforce_consent` actually refuses revoked recipients at dispatch.
Can Cookiebot + Sendora work together?
Yes — recommended pattern. Cookiebot's banner calls Sendora's `consent.record({ purpose, granted, email })` API on every grant/revoke. From then on Sendora honours it on every email broadcast that org has `enforce_consent` enabled.
Privacy
GDPR / CCPA / DPF compliance enforced at the platform layer — flip one toggle, every marketing email checks consent at dispatch.
OneTrust / Cookiebot manage a consent banner. They don't stop your messaging tool from emailing someone who revoked consent — that's on you to plumb. Sendora puts consent state on the Customer profile + flips a single org-level switch (`enforce_consent`) that makes Email refuse to dispatch broadcast / workflow sends to recipients without a granted `marketing` row. No record OR revoked record → `email_sends` row with `status='failed' provider='suppressed' suppressed_reason='no_consent'` for audit visibility. Transactional / auth / ticket bypasses — those are platform-critical. Push + SMS enforcement follow the same posture (in-flight; phone column + indexes already shipped). DSAR / right-to-erasure cascades across every Sendora module. Audit trail of every consent change is a first-class log.
Switch from Cookiebot. Keep your weekend.
Free plan covers real product use, no credit card. Bulk hash import for auth, CSV import for profiles, schema-validated event import for analytics — Data Sync module handles the migration in a day.