Skip to content

Privacy Architecture

Last updated: February 18, 2026

This page explains what Cybexo CMP processes, and what it does not process, in standard deployments.

Cybexo CMP processes consent-related data needed to manage preference collection and signaling.

Typical data elements:

  • consent state and purpose/vendor choices
  • consent timestamps
  • framework and region flags
  • technical identifiers needed for consent continuity

By design, CMP workflows should avoid storing direct personal content fields unless explicitly required by customer configuration and legal basis.

The following should not be stored as part of core consent workflow unless separately configured:

  • plain-text personal profile information
  • free-form sensitive user content
  • unnecessary persistent identifiers

Typical model:

  • Customer: data controller for website/app consent implementation
  • Cybexo: processor for consent signal management services

Final role assignment is defined by contract and DPA terms.

  • Region-specific policy behavior should be configured per legal guidance.
  • International transfer controls should be documented in legal pack and DPA.