You can easily adapt it to various legislations (GDPR & ePrivacy, CCPA, ...) and customize styling and code. It's fully self-hostable and does not require any external resources, it also doesn't send any information to third parties. Interactive consent as a feature (what they call contextual consent) is coming soon as well.
I like Metomic but I wouldn't say it's "privacy-first" as they log consent in their backend. This unnecessarily sends user data to a third party. Neither the ePrivacy directive nor the GDPR requires such a thing. I can understand why they want this data as they need to monetize their service, but I think it's really pointless as you store a cookie that then allows you to retrieve consent data, which you could just as easily store directly in the cookie as well (which Klaro does). Storing consent directly in a cookie allows the website owner to check it on the server side if required, and to prove that the user was asked for his/her consent.
Otherwise it seems like a great tool with a good UI!
Regarding privacy-first - we're striving to do a good job at this so really appreciate opening up the conversation. We don't actually store consents on our server - unless you enable "logged in mode" as a Metomic customer. When this is the case, you can generate a JWT for your customer that we then use to store a record of their consent serverside.
However for most of our customers, we operate in "anonymous mode", where consents are stored on the browser only. The only thing we do is store an incremental counter on the server that allows companies to see which policies are being accepted and which are not. Whilst we're all figuring out how to be more equitable with users as companies, it's extremely helpful to know when a change you make to a policy is something that people don't support (i.e. reject) - and our dashboard shows you this information
We actually have a community slack channel dedicated towards discussing exactly this type of thing - please do join if you'd like to chat!
https://join.slack.com/t/metomiccommunity/shared_invite/enQt...
Again, this is totally fine, I wouldn't call it "privacy first" though, as it does not systematically minimize information exposed to third parties.
The issue we ran into in this area was with embeds that don't use iframes - generally it ends up being a third party script that needs innoculating (e.g. instagram / twitter embeds), with a bunch of associated dom content somewhere else on the page (the new facebook embeds work the same way).
The approach we've thus taken is to allow you to bundle related content together under a single "purpose" - when permission for that purpose is granted, all associated content gets unlocked.
There's also a bunch more info on this over at the docs: https://metomic.io/docs/placeholders
