Skip to content

Compliance Overview

Last updated: April 26, 2026

This page is the canonical compliance positioning page for Cybexo CMP.

Cybexo CMP currently documents support for:

  • GDPR and ePrivacy implementation patterns
  • IAB TCF v2.3
  • IAB GPP (where enabled)
  • Google Consent Mode v2 (ad_storage, analytics_storage, ad_user_data, ad_personalization)
  • CCPA and CPRA implementation support
  • Shopify Customer Privacy API interoperability notes

See IAB TCF v2.3 Support and Google Consent Mode v2 Validation for technical validation details.

  • Collects and stores consent choices according to configured policy.
  • Exposes consent signals for web, mobile, and supported platform integrations.
  • Supports consent lifecycle actions: default, update, reopen, and change tracking.
  • Provides debugging and verification utilities for implementation audits.
  • Provide legal advice.
  • Replace legal review of jurisdiction-specific obligations.
  • Automatically fulfill data subject rights requests unless separately contracted.
  • Replace customer obligations for tag governance and vendor contract management.
Section titled “4. Regional Banner and Consent Defaults (Canonical)”

Cybexo CMP applies region-aware behavior to align banner UX, framework output, and Consent Mode defaults.

Region group Banner behavior Consent Mode default User controls Framework output
EEA / UK (GDPR) Full consent banner + second-layer preferences denied for ad_storage, analytics_storage, ad_user_data, ad_personalization Accept All, Reject All, granular preferences TCF enabled (TC String generated when configured)
US regimes (CCPA / CPRA / USNat where configured) Notice/opt-out banner granted by default; updates on opt-out Do Not Sell or Share, Privacy Choices, optional Continue/Allow All GPP enabled where configured
Global non-regulated regions No banner, or informational-only banner with Continue granted for all four Consent Mode keys No consent collection controls in informational-only mode No TCF, no GPP, no consent log collection in informational-only mode

4.1 Google Partner Program Requirement (No-Banner Cases)

Section titled “4.1 Google Partner Program Requirement (No-Banner Cases)”

If the banner does not appear because the user is outside banner-targeted regions, Cybexo keeps measurement intact by granting Consent Mode defaults in those no-banner cases.

This applies to deployments using global defaults/data transmission controls and avoids unintended denied states when no consent UI is shown.

  • IAB TCF v2.3 support should always be stated explicitly.
  • Google Consent Mode v2 requires ordering validation (default before tag execution).
  • Regional behavior must be documented and testable (EEA denied-by-default with banner, non-banner regions granted-by-default).
  • Keep screenshots and debug reports for each production domain/app release.

This document is technical guidance for configuration and verification. It is not legal advice.