Compliance Overview
Last updated: April 26, 2026
This page is the canonical compliance positioning page for Cybexo CMP.
1. Supported Standards and Frameworks
Section titled “1. Supported Standards and Frameworks”Cybexo CMP currently documents support for:
- GDPR and ePrivacy implementation patterns
- IAB TCF v2.3
- IAB GPP (where enabled)
- Google Consent Mode v2 (
ad_storage,analytics_storage,ad_user_data,ad_personalization) - CCPA and CPRA implementation support
- Shopify Customer Privacy API interoperability notes
See IAB TCF v2.3 Support and Google Consent Mode v2 Validation for technical validation details.
2. What Cybexo CMP Does
Section titled “2. What Cybexo CMP Does”- Collects and stores consent choices according to configured policy.
- Exposes consent signals for web, mobile, and supported platform integrations.
- Supports consent lifecycle actions: default, update, reopen, and change tracking.
- Provides debugging and verification utilities for implementation audits.
3. What Cybexo CMP Does Not Do
Section titled “3. What Cybexo CMP Does Not Do”- Provide legal advice.
- Replace legal review of jurisdiction-specific obligations.
- Automatically fulfill data subject rights requests unless separately contracted.
- Replace customer obligations for tag governance and vendor contract management.
4. Regional Banner and Consent Defaults (Canonical)
Section titled “4. Regional Banner and Consent Defaults (Canonical)”Cybexo CMP applies region-aware behavior to align banner UX, framework output, and Consent Mode defaults.
| Region group | Banner behavior | Consent Mode default | User controls | Framework output |
|---|---|---|---|---|
| EEA / UK (GDPR) | Full consent banner + second-layer preferences | denied for ad_storage, analytics_storage, ad_user_data, ad_personalization |
Accept All, Reject All, granular preferences | TCF enabled (TC String generated when configured) |
| US regimes (CCPA / CPRA / USNat where configured) | Notice/opt-out banner | granted by default; updates on opt-out |
Do Not Sell or Share, Privacy Choices, optional Continue/Allow All | GPP enabled where configured |
| Global non-regulated regions | No banner, or informational-only banner with Continue | granted for all four Consent Mode keys |
No consent collection controls in informational-only mode | No TCF, no GPP, no consent log collection in informational-only mode |
4.1 Google Partner Program Requirement (No-Banner Cases)
Section titled “4.1 Google Partner Program Requirement (No-Banner Cases)”If the banner does not appear because the user is outside banner-targeted regions, Cybexo keeps measurement intact by granting Consent Mode defaults in those no-banner cases.
This applies to deployments using global defaults/data transmission controls and avoids unintended denied states when no consent UI is shown.
5. Audit Positioning Notes
Section titled “5. Audit Positioning Notes”- IAB TCF v2.3 support should always be stated explicitly.
- Google Consent Mode v2 requires ordering validation (default before tag execution).
- Regional behavior must be documented and testable (EEA denied-by-default with banner, non-banner regions granted-by-default).
- Keep screenshots and debug reports for each production domain/app release.
6. Legal Notice
Section titled “6. Legal Notice”This document is technical guidance for configuration and verification. It is not legal advice.