Back to all case studies
Next.jsReactTypeScriptPostgreSQL

CookieBox: GDPR Cookie Consent SaaS Platform

Engineered a SaaS platform for GDPR-compliant cookie consent management — Next.js dashboard with an embeddable React SDK under 5KB, built for developers who need transparent pricing and fast integration.

Key Deliverables

  • Architected with Next.js 15, React 19, TypeScript 5, Prisma, and PostgreSQL in a pnpm monorepo. The dashboard lives at the root, the SDK is an independently versioned package.
  • Authentication uses GitHub OAuth via NextAuth.js v5 with tier data embedded in the JWT so middleware can check permissions without hitting the database.
  • Stripe handles subscriptions across 4 tiers (Free, Pro, Business, Enterprise). Webhooks manage the full lifecycle — upgrades, downgrades, cancellations — and the SDK enforces tier limits automatically.
  • Privacy-focused analytics by design: hashed IP + User Agent for billing-level DailyPageviews, with detailed PageView and InteractionEvent records stored only on user consent.
  • Fully customizable consent banner with live preview, configurable categories (necessary, analytics, marketing, preferences), position and color controls. Supports strict blocking or Google Consent Mode V2.
  • Third-party integrations cover Google Analytics, GTM, Meta Pixel, Hotjar, and Mixpanel. The SDK's script blocker enforces consent rules automatically.
  • GDPR compliance baked in: every consent record includes timestamp, hashed user ID, consent categories, policy version, geolocation, method, and user agent — full audit trail for Articles 7 and 30.
  • Rate limiting on public SDK endpoints uses Upstash Redis. Dashboard analytics run on Recharts. Zod validates every input to the service layer.