Cookilio vs Axeptio: Which CMP Should You Choose?
Cookilio vs Axeptio: Is Consent a Conviction or a Marketing Lever?
Choosing a consent management platform (CMP) is not a trivial decision. It says something about how you view your users’ personal data. When CNIL (French data protection authority) issued 83 sanctions in 2025 totaling nearly 487 million euros — including 21 directly related to trackers and consent (source: CNIL 2025 report) — this is no longer about “ticking a GDPR box.” It’s about choosing a tool that embodies your vision of privacy.
Two French CMPs compete on this terrain: Cookilio, published by DPLIANCE, a sovereign Data & AI software editor, and Axeptio, a SaaS platform known for its gamified design. Same market, same origin, but two radically different philosophies.
This article compares Cookilio and Axeptio point by point — philosophy, sovereignty, consent proof, UX, script blocking, pricing — to help you make an informed choice.
Philosophy: Respecting Choice vs Optimizing Acceptance
Axeptio: Gamifying Consent
Axeptio built its reputation on a promise: making the cookie banner enjoyable. Custom illustrations, animations, a playful tone. The company promotes turning the consent banner into an “immersive marketing moment” through video, motion design, and brand voice (source: axept.io).
The result? Higher acceptance rates. Axeptio even offers A/B testing to optimize those rates. But a question arises: when you “gamify” consent, when you turn a fundamental right into a conversion lever, are you still respecting the spirit of the GDPR?
CNIL is clear: consent must be freely given, specific, informed, and unambiguous (source: CNIL - Cookie rules). “Freely given” means the user must not be incentivized to accept more than to refuse. Article 7 of the GDPR adds that consent cannot be considered free if it does not allow separate consent for different processing operations. A banner designed to maximize the overall acceptance rate directly conflicts with this requirement.
Dark patterns — interfaces designed to steer user choices — have been on CNIL’s radar since its 2020 cookie recommendations. The EDPB (European Data Protection Board) published specific guidelines on dark patterns in social media in 2022, and this doctrine is gradually extending to all consent collection interfaces. A design that makes the “Accept All” button visually more attractive than “Customize My Choices” can be classified as a dark pattern.
Cookilio: Consent as a Commitment
Cookilio takes the opposite approach. Consent is not an obstacle to work around — it’s a commitment to uphold toward your users. The multi-step banner (wizard) guides the user through their choices in a clear and structured manner, without gimmicks, dark patterns, or gamification.
The wizard breaks the process into logical steps: first a clear explanation of cookie purposes, then choice by vendor category, with the ability to refuse everything as easily as accepting everything. This educational approach produces genuinely informed consent — consent with real legal value, not a reflexive click on “Accept All” triggered by an appealing design.
At DPLIANCE, we believe privacy is a right, not an optimization variable. An artificially inflated acceptance rate is worthless if the consent isn’t authentic. And inauthentic consent exposes your organization to real legal risk: CNIL can consider that collected consents are invalid, retroactively invalidating all data processing based on those consents.
Data Sovereignty: The Fundamental Difference
This is where paths diverge radically. And for many organizations, it’s the decisive criterion.
Axeptio: Your Proof Stored on Their Servers
Axeptio is a SaaS. When a visitor gives or refuses consent on your site, that proof is stored on Axeptio’s servers. You access it through their interface. If tomorrow Axeptio changes its terms, raises its prices, or shuts down, your consent proof is in a third party’s hands.
This dependency raises several concrete questions:
- Sustainability: What happens if Axeptio is acquired, restructured, or ceases operations? Do your consent records survive the end of your contract?
- Portability: Can you export all your consent records in a usable format? Exit conditions are rarely detailed before signing.
- Jurisdiction: Where are the servers physically located? Under which jurisdiction? Even for a French company, using American cloud services (AWS, GCP, Azure) raises questions about the extraterritorial reach of US law (FISA Section 702, Executive Order 12333).
- CNIL audit: During an audit, CNIL can demand access to your consent records within a short deadline. If those records depend on a third party, response time and export format are not under your control.
Cookilio: Your Proof on Your Servers
Cookilio is self-hosted. Consent data is stored in your own database, on your own servers. Each consent is recorded server-side with a unique correlation ID, constituting robust proof in case of a CNIL audit.
CNIL specifies that “each entity relying on consent must be able to provide proof of it” (source: CNIL - Cookie FAQ). With Cookilio, this proof is sovereign: you hold it, you control it, no one can take it from you.
Concretely, this means:
- Your proof is stored in your MariaDB database, on your infrastructure, with your hosting provider
- You can export, audit, and archive this proof at any time
- No third party has access to this data without your explicit authorization
- During an audit, you produce the proof directly from your own information system, with no intermediary
For companies concerned with European digital sovereignty — and their numbers keep growing since the Schrems I and Schrems II rulings by the CJEU — this difference is decisive. France’s “Cloud au centre” government doctrine, ANSSI’s SecNumCloud requirements, and the rise of the “Health Data Hosting” (HDS) certification all point to a clear trend: data sovereignty is no longer a luxury — it’s a requirement.
Detailed Comparison Table
| Criterion | Cookilio | Axeptio |
|---|---|---|
| Type | Self-hosted (on-premise) | SaaS cloud |
| Banner | Multi-step wizard | Gamified banner, animations |
| Consent proof | Server-side, correlation IDs, on your servers | Stored on Axeptio’s servers |
| Automatic cookie scan | No (manual vendor configuration) | Yes (Shake Cookie Scanner) |
| Vendor library | No (manual configuration) | Yes (Google Analytics, FB Pixel, etc.) |
| A/B testing | No | Yes |
| Native multi-language | No (French UI, customizable text) | Yes |
| WordPress / GTM plugin | No | Yes (WordPress, GTM, Shopify) |
| Visual customization | 8 colors, position, logo, delays | Gamified design, custom illustrations |
| Script blocking | Approval/rejection scripts per vendor, zero scripts before consent | Automatic blocking after scan |
| TCF / IAB | No | Yes (Google CMP Partner Gold) |
| Consent data | On your servers (total sovereignty) | On Axeptio’s servers |
| Tech stack | Preact widget + NestJS + MariaDB + Angular admin | Proprietary SaaS |
| Price | EUR 9 excl. tax/month + EUR 250 excl. tax setup | From EUR 29/month per domain |
| Free plan | No | Yes (limited to 200 visitors/month) |
Consent Proof: An Underestimated Issue
Consent proof is not a technical bonus. It’s a legal obligation. During an audit, you must demonstrate that each user gave their consent in a compliant manner before any tracker was deployed.
Article 7.1 of the GDPR is explicit: “Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.” This is not a recommendation — it’s an obligation.
How Cookilio Handles Proof
Cookilio records each consent server-side with:
- A unique correlation ID linking the proof to a specific user session
- A precise timestamp of each interaction (date, time, timezone)
- Detailed choices per vendor (acceptance or refusal, vendor by vendor)
- Storage in your own MariaDB database, on your infrastructure
- An immutable history viewable through the Angular admin interface
This server-side approach is far more robust than a simple cookie or client-side token, which can be deleted, modified, or lost. The correlation ID allows reconstruction of the complete proof chain: which user, at what time, consented to what, on which page, via which version of the banner.
During a CNIL audit, you can export this data directly from your database, in a structured format, without depending on an external provider. This guarantees a fast and complete response.
How Axeptio Handles Proof
Axeptio generates a pseudonymized identifier for each visitor and stores consent proof on its own platform. This approach works, but it introduces dependency on a third party for a legally critical element.
In case of a dispute or audit, you must contact Axeptio to obtain the proof. Response time, data format, and export completeness depend on the provider, not on you. For a legal obligation that engages your liability, this loss of control deserves serious consideration.
Script Blocking: Zero Compromise
An essential technical point: no third-party script should execute before the user has given explicit consent. That’s the law. Article 82 of the French Data Protection Act, transposing the ePrivacy directive, is unambiguous: deploying trackers requires the user’s prior consent, with limited exceptions (trackers strictly necessary for the site’s operation).
The Cookilio Approach: Total Control
With Cookilio, blocking is native and granular. Each vendor is manually configured with its approval and rejection scripts. Zero scripts run before the user’s explicit agreement. This manual approach requires slightly more initial work, but it offers total control and eliminates the risks of false positives from an automatic scan.
Concretely, for each vendor (Google Analytics, Facebook Pixel, Hotjar, etc.), you define:
- The approval script: the code that runs when the user accepts that vendor
- The rejection script: the code that runs when the user refuses (cleaning existing cookies, for example)
Until the user has made their choice, nothing executes. No partial loading, no network requests to third-party servers, no cookie deposited. Zero.
The Axeptio Approach: Automation
Axeptio offers an automatic scan (Shake Cookie Scanner) that detects cookies and generates a configuration. It’s faster to set up, but introduces an automation layer that can miss undetected or miscategorized scripts.
The limitations of automatic scanning are well-known:
- Dynamically loaded scripts (via JavaScript) can evade detection
- First-party cookies created by third-party scripts are sometimes miscategorized
- Invisible tracking pixels (1x1 pixel images) are not always detected
- Automatic categorization can be inaccurate (a functional cookie classified as analytics, or vice versa)
For a simple site with a few well-identified trackers, automatic scanning works. For a complex site with dozens of third-party scripts, tags loaded via Google Tag Manager, and dynamic integrations, Cookilio’s manual configuration offers a completeness guarantee that automation cannot always provide.
Pricing: Transparency vs Escalation
Cookilio: A Fixed, Transparent Price
- EUR 9 excl. tax/month for the subscription
- EUR 250 excl. tax for setup (one-time fee)
- No traffic-based tiers
- No surprises
Whether your site receives 1,000 or 100,000 visitors per month, the price stays the same. This budget predictability is valuable, especially for SMBs and public organizations operating with fixed annual budgets.
Axeptio: Escalating Tiers
Axeptio offers a free plan limited to 200 visitors per month — insufficient for any professional site. Paid plans start at EUR 29/month per domain and go up to EUR 129/month depending on pageview volume (source: Capterra). Users have reported price increases without notice (source: G2 reviews).
The traffic-based pricing model creates a structural problem: the more successful your site, the more you pay for your CMP. A seasonal traffic spike (sales, event, marketing campaign) can blow up your bill without warning.
The 3-Year Calculation
| Period | Cookilio | Axeptio (EUR 29/month plan) | Axeptio (EUR 79/month plan) |
|---|---|---|---|
| Year 1 | EUR 358 excl. tax | EUR 348 | EUR 948 |
| Year 2 | EUR 108 excl. tax | EUR 348 | EUR 948 |
| Year 3 | EUR 108 excl. tax | EUR 348 | EUR 948 |
| 3-year total | EUR 574 excl. tax | EUR 1,044 | EUR 2,844 |
Over 3 years, Cookilio costs EUR 574 excl. tax — with data sovereignty and server-side proof included. The Axeptio EUR 29/month plan costs nearly double, without these guarantees. And if your traffic grows and pushes you to the higher tier, the gap widens further.
User Experience: Two Visions of the Banner
Axeptio: Entertainment
The Axeptio banner is designed to please. Custom illustrations, smooth animations, brand voice. The stated goal is to transform a regulatory obligation into a branding moment. For some B2C brands, this approach makes marketing sense.
But let’s be honest about what this implies: when the consent banner becomes a marketing element, the goal is no longer to inform the user — it’s to charm them into accepting. The line between “making it pleasant” and “incentivizing acceptance” is thin.
Cookilio: Clarity
Cookilio’s multi-step wizard chooses clarity. No animations, no illustrations — structured information, explicit choices, logical navigation. The user understands what they’re accepting and refusing, vendor by vendor.
Customization remains possible: 8 configurable colors, banner positioning (bottom, top, center), logo placement, configurable display delays. But this customization serves visual consistency with your site, not manipulation of choice.
Who Is Each Solution For?
Choose Axeptio if:
- You need quick setup with automatic cookie scanning
- You need TCF / IAB support for programmatic advertising
- You want native integrations (WordPress, Shopify, GTM)
- Gamified banner design is an important criterion for your brand
- You have no data sovereignty constraints
- You operate a B2C site where branding every touchpoint is strategic
Choose Cookilio if:
- Sovereignty over your consent data is non-negotiable
- You want robust server-side consent proof stored on your own servers
- You prefer a fixed, predictable price without traffic-based escalation
- You believe consent should be respected, not optimized
- You’re an SMB, a public organization, or an entity that values sovereign hosting
- You’re in a regulated sector (healthcare, finance, legal, public sector) where data control is critical
- You want to respond to a CNIL audit without depending on a third-party provider
FAQ
Does Cookilio offer automatic cookie scanning like Axeptio?
No. Cookilio works through manual vendor configuration. Each third-party service is explicitly declared with its approval and rejection scripts. This approach requires initial work but guarantees total control over what runs on your site. No script slips through the cracks.
Is server-side consent proof really necessary?
Yes. CNIL requires that any entity relying on consent be able to provide proof of it. A server-side record with a correlation ID, stored in your own database, constitutes the strongest proof in case of an audit. A simple client-side cookie can be deleted or modified by the user — that’s not reliable proof.
Article 7.1 of the GDPR leaves no room for interpretation: the controller must be “able to demonstrate” consent. A cookie that the user can delete demonstrates nothing.
Does Cookilio work in multiple languages?
The banner interface is in French by default. The text displayed to users is fully customizable, allowing manual adaptation to other languages. Axeptio, on the other hand, offers native multi-language support. For a French-only site, the difference is nonexistent. For a site in 10+ languages, Axeptio has the advantage.
Can you migrate from Axeptio to Cookilio?
Yes. Migration involves configuring your vendors in Cookilio and integrating the Preact widget on your site. New consent records will be stored directly in your database. Historical records remain with Axeptio until your contract expires. Contact DPLIANCE for personalized support.
Is Cookilio compatible with Google Analytics, Facebook Pixel, etc.?
Yes. Any third-party service can be configured as a vendor in Cookilio. There is no pre-configured library, but any script can be managed through manual configuration of approval and rejection scripts. Google Analytics, Facebook Pixel, Hotjar, HubSpot, LinkedIn Insight Tag, TikTok Pixel — anything that runs via a JavaScript script can be controlled by Cookilio.
Is the Preact widget a real performance advantage?
Yes. The Cookilio widget is built with Preact, an ultra-lightweight framework of approximately 3 KB. By comparison, a typical CMP widget can weigh between 50 and 200 KB. This lightness translates directly into your Core Web Vitals: less JavaScript to load, parse, and execute means better Largest Contentful Paint (LCP), better First Input Delay (FID), and better Cumulative Layout Shift (CLS). For a business website where every millisecond counts for SEO, it’s a concrete advantage.
Consent is not a technical detail. It’s the first trust interaction between your site and its visitors. Make it a sincere commitment, not a marketing trap.
Discover Cookilio — the sovereign CMP that respects your users and your data.