Privacy Architecture
Last updated: February 18, 2026
This page explains what Cybexo CMP processes, and what it does not process, in standard deployments.
1. Data Processing Scope
Section titled “1. Data Processing Scope”Cybexo CMP processes consent-related data needed to manage preference collection and signaling.
Typical data elements:
- consent state and purpose/vendor choices
- consent timestamps
- framework and region flags
- technical identifiers needed for consent continuity
2. Data Minimization
Section titled “2. Data Minimization”By design, CMP workflows should avoid storing direct personal content fields unless explicitly required by customer configuration and legal basis.
3. What Is Not Stored by Default
Section titled “3. What Is Not Stored by Default”The following should not be stored as part of core consent workflow unless separately configured:
- plain-text personal profile information
- free-form sensitive user content
- unnecessary persistent identifiers
4. Controller and Processor Roles
Section titled “4. Controller and Processor Roles”Typical model:
- Customer: data controller for website/app consent implementation
- Cybexo: processor for consent signal management services
Final role assignment is defined by contract and DPA terms.
5. Regional Processing Notes
Section titled “5. Regional Processing Notes”- Region-specific policy behavior should be configured per legal guidance.
- International transfer controls should be documented in legal pack and DPA.