Brazil LGPD compliance

CookieBoss is built to help websites meet the consent requirements of the Lei Geral de Proteção de Dados (LGPD) — Brazil's comprehensive data protection law (Law No. 13,709/2018), enforced by the Autoridade Nacional de Proteção de Dados (ANPD).

The legal requirements

The LGPD defines 10 legal bases for processing personal data — consent is one of them. When consent is the chosen basis, it must be free, informed, and unambiguous, given for a specific purpose.

Data subjects have the right to revoke consent at any time through a free and accessible process. Controllers must be able to demonstrate that valid consent was obtained.

The LGPD applies to any organization that processes personal data of individuals located in Brazil, regardless of where the organization is based. If your website has Brazilian visitors, you need to comply.

How CookieBoss helps

  • Consent collection

    Non-essential cookies are blocked until the visitor actively opts in. No pre-ticked checkboxes, no implied consent — meeting the LGPD standard of free and informed consent.

  • Granular categories

    Visitors choose consent per purpose: necessary, analytics, marketing, and preferences. Each category maps to specific cookies and scripts, ensuring purpose-specific consent as required by LGPD.

  • Easy withdrawal

    A persistent settings link lets visitors revoke consent at any time through a free and accessible process, as the LGPD requires.

  • Audit-ready logging

    Every consent decision is recorded with a timestamp, visitor ID, and the categories chosen. Exportable logs let you demonstrate compliance to the ANPD during audits.

  • Geo-targeting for Brazil

    Show LGPD-compliant consent experiences to visitors located in Brazil while applying different rules for other regions. One script handles all your compliance needs.

  • Portuguese language support

    CookieBoss supports 50+ languages including Brazilian Portuguese. Your consent banner speaks your visitors' language out of the box.

Extraterritorial scope

Like the GDPR, the LGPD has extraterritorial reach. It applies whenever personal data is collected or processed from individuals in Brazil, even if your servers and company are outside the country. If your website receives traffic from Brazil, LGPD compliance is not optional.

For full details on how we handle data, see our privacy policy and terms of service. Questions? Email [email protected].

Scan your site for LGPD issues

Enter your URL to see which cookies and trackers your site sets before consent. Get a free report showing what needs to change for LGPD compliance.

Get LGPD compliant today

No credit card required. Every account includes a 14-day Pro trial with geo-targeting, Portuguese translations, and audit-ready consent logging.

Get Started Free View Pricing