Skip to main content

Menu

Choose a theme and configure high-contrast mode. Preferences are saved in your browser only.

User Preferences

Theme

Pick a palette or follow your system preference.

High Contrast

Sharper text and borders. System follows your OS setting.

Alex Zappacmp, compliance, open-source

Why every CMP subscription is a compliance time bomb

Picture this: your payment method expires. You miss the email. Three days later, your consent banner stops loading. Every visitor to your site is now being tracked without consent. You just broke the law, not because you changed anything, but because a subscription lapsed.

This is not a hypothetical. It happens, and it is completely avoidable.

The subscription trap

Most consent management platforms follow the same playbook: free tier for a few thousand pageviews, credit card required beyond that, banner hosted on their infrastructure. Everything shuts off the moment payment fails.

Your legal compliance (GDPR, CCPA, whatever applies) depends on a recurring invoice. Payment fails, banner stops, consent disappears, and you are tracking people illegally.

Self-hosted means self-reliant

A self-hosted CMP like Zest lives on your domain. It is a static file. No server to authenticate against, no dashboard to log into, no payment processor standing between your users and their privacy rights.

You drop the script. It runs. Forever. Whether you remember to update your credit card or not.

The cost of “free” platforms

“Free” hosted CMPs are not free. You pay with vendor lock-in, per-pageview caps, and the inability to audit what the banner is actually doing. When the free tier runs out, the price is rarely the one on the pricing page. And if the CMP’s servers sit in the US, every consent decision from an EU visitor crosses a border without adequate safeguards. That is a Schrems II liability you did not sign up for.

What to look for

If you are evaluating a CMP right now, ask three things:

Does it run from your domain? If not, someone else controls your compliance.

Is the source available? If not, you cannot audit what it does.

What happens when you stop paying? If the answer is “the banner stops,” walk away.

Consent infrastructure should be boring. It should sit there and work, indefinitely, without anyone thinking about it. Open source gives you that. Self-hosting guarantees it.

May the source be with you.

Alex @ FreshJuice

Own your cookie banner.

Zest is free and MIT-licensed, and it doesn't phone home to anyone.
Drop the script in and you're done.