KaaTai Consent Manager

KaaTai Consent Manager is a privacy-first WordPress plugin that gives your visitors full control over cookies and tracking scripts — while keeping you GDPR and ePrivacy compliant.

Key Features

• Google Consent Mode v2 — Built-in support, always enabled. Sends proper consent signals to Google Tag Manager, GA4, and Google Ads.
• Cookie Scanner — Deep-scan your site to automatically detect cookies, tracking scripts, and third-party services (67 known services).
• Vendor Registry — Pre-configured database of common services (Google Analytics, Meta Pixel, Microsoft Clarity, YouTube, etc.) with accurate cookie descriptions.
• Content Blocking — Automatically blocks YouTube embeds, Google Maps, and other iframes until the visitor gives consent. Shows privacy-friendly placeholders with click-to-load.
• Granular Consent — Visitors can accept/reject individual vendors, not just categories. Choices persist across sessions.
• Banner Editor — Customize your consent banner: Bottom Bar, Centered Popup, or Corner Box layout. Choose colors, logo, border-radius, and overlay.
• Accessibility — WCAG 2.1 compliant: ARIA roles, focus trap, keyboard navigation, semantic HTML.
• Global Privacy Control (GPC) — Automatically honors browser-level privacy signals.
• Consent Logging — Local consent logs with unique record IDs for GDPR Art. 7(1) compliance. Retention: 36 months.
• Internationalization — Fully translatable. Bundled German (de_DE) translation included. Switch language via settings or WordPress locale.

Optional SaaS Integration

Connect your plugin to the KaaTai Consent Manager dashboard (free account available) to unlock additional features. Pricing per domain, incl. 19% VAT:

All Plans (including Free):

• Cookie banner with all designs, positions and layouts
• Colors, overlay, border radius, custom CSS
• Local consent logging
• Vendor registry (4 vendors on Free, 66+ on Starter and above)

Starter — 1,90 EUR/month:

• Everything in Free, plus:
• Banner logo upload
• JS cookie scanner (local)
• Impressum generator
• Auto script blocker
• White-label (remove branding)
• Ticket support

Business — 2,49 EUR/month:

• Everything in Starter, plus:
• Legal text generator (privacy policy via SaaS)
• Playwright deep scan
• Audit scanner
• E-commerce presets (WooCommerce)
• Central consent logging
• Multi-domain support (graduated pricing)

Pro — 2,90 EUR/month:

• Everything in Business, plus:
• Analytics dashboard (trends, geo)
• Conversion impact calculator

The SaaS integration is entirely optional. The plugin works fully standalone for the Free tier features.

How It Works

1. Install and activate the plugin
2. Configure your consent categories and vendors in WP Admin → Consent Manager
3. Optionally connect a KaaTai API key to unlock premium features
4. The cookie banner appears on your frontend — fully GDPR compliant

External Services

Third-party service references (detection patterns, NOT dependencies)

This plugin is a Consent Management Tool. Its purpose is to detect, categorize, and block third-party tracking scripts until the visitor gives consent. To do this, the plugin contains a database of known tracking services with their hostnames and script patterns.

These references (e.g., googletagmanager.com, connect.facebook.net, cdn.jsdelivr.net, cloudflare.com) are identification patterns only. The plugin does not load, connect to, or transmit any data to these services. It uses the patterns to recognize scripts already present on the site (loaded by other plugins or the theme) and block them until consent is granted.

The following services are referenced as detection patterns in the vendor registry and/or auto-blocker:

• Google Analytics — detected and blocked until “statistics” consent. Privacy Policy, Terms
• Google Tag Manager — detected and blocked until “marketing” consent. Privacy Policy, Terms
• Meta Pixel (Facebook) — detected and blocked until “marketing” consent. Privacy Policy, Terms
• Cloudflare — detected and categorized as “essential”. Privacy Policy, Terms
• Google reCAPTCHA — detected and categorized as “functional”. Privacy Policy, Terms
• Piwik PRO / Matomo — detected and blocked until “statistics” consent. Privacy Policy
• Microsoft Clarity — detected and blocked until “statistics” consent. Privacy Policy, Terms

No data is sent to any of these services by this plugin. The plugin only manages consent for scripts that other plugins or the theme may load.

KaaTai Consent Manager SaaS (optional, requires API key)

This plugin optionally connects to external servers operated by KaaTai (consent-management.kaatai.de). These connections are only made when the site administrator has entered an API key in the plugin settings. Without an API key, no external connections occur.

Service: KaaTai Consent Manager SaaS
Service URL: https://consent-management.kaatai.de
What it does: Provides license validation, consent analytics dashboard, cookie scanner quota, service library, and legal text generation.
What data is sent: API key, domain, consent configuration, anonymized consent events (no PII), scan results. Details below.
Privacy Policy: https://consent-management.kaatai.de/datenschutz
Terms of Service: https://consent-management.kaatai.de/agb

Data transmitted when an API key is configured

The following API calls are made to consent-management.kaatai.de:

1. License Validation (/api/license/validate) — Sends the API key to verify the license status, plan, and available features. Called on admin page load, cached for 24 hours.

2. Config Sync (/api/consent/config) — Sends the current consent configuration (category names, vendor list, banner settings) to the SaaS dashboard when settings are saved. No personal visitor data is included.

3. Consent Events (/api/consent/event) — When a visitor interacts with the consent banner, an anonymized consent event is sent via navigator.sendBeacon(). The event contains: consent action (accept/reject/granular), selected categories, a hashed session ID (not an IP address), and a policy snapshot hash. No personally identifiable information is transmitted.

4. Legal Texts (/api/legal/impressum, /api/legal/privacy-policy) — If the Legal Texts feature is enabled (Starter plan+), the plugin fetches impressum and privacy policy content from the SaaS. Cached for 24 hours.

5. Newsletter (/api/newsletter/subscribe-by-key) — Only triggered when the administrator explicitly clicks the “Subscribe” button on the License tab.

6. Scanner (/api/scan/results) — When using the Cookie Scanner (Business plan+), scan results are synced to the SaaS dashboard. The response includes quota information (scans used/remaining).

7. Cookie Definitions (/api/cookies/definitions) — When the Service Library is accessed, cookie definitions are fetched from the SaaS to provide accurate cookie descriptions for known services. Sends the API key and domain.

Data stored on the external server

• License/API key association and plan details
• Aggregated consent statistics (no personal data)
• Consent configuration snapshots
• Scan results (URLs and detected services on your site)

User consent

The site administrator gives explicit consent to these data transfers by entering and saving an API key. The API key can be removed at any time to stop all external communication.