Compliance Overview

Last updated: April 26, 2026

This page is the canonical compliance positioning page for Cybexo CMP.

1. Supported Standards and Frameworks

Cybexo CMP currently documents support for:

GDPR and ePrivacy implementation patterns

IAB TCF v2.3

IAB GPP (where enabled)

Google Consent Mode v2 (ad_storage, analytics_storage, ad_user_data, ad_personalization)

CCPA and CPRA implementation support

Shopify Customer Privacy API interoperability notes

See IAB TCF v2.3 Support and Google Consent Mode v2 Validation for technical validation details.

2. What Cybexo CMP Does

Collects and stores consent choices according to configured policy.

Exposes consent signals for web, mobile, and supported platform integrations.

Supports consent lifecycle actions: default, update, reopen, and change tracking.

Provides debugging and verification utilities for implementation audits.

3. What Cybexo CMP Does Not Do

Provide legal advice.

Replace legal review of jurisdiction-specific obligations.

Automatically fulfill data subject rights requests unless separately contracted.

Replace customer obligations for tag governance and vendor contract management.

Cybexo CMP applies region-aware behavior to align banner UX, framework output, and Consent Mode defaults.

Region group	Banner behavior	Consent Mode default	User controls	Framework output
EEA / UK (GDPR)	Full consent banner + second-layer preferences	`denied` for `ad_storage`, `analytics_storage`, `ad_user_data`, `ad_personalization`	Accept All, Reject All, granular preferences	TCF enabled (TC String generated when configured)
US regimes (CCPA / CPRA / USNat where configured)	Notice/opt-out banner	`granted` by default; updates on opt-out	Do Not Sell or Share, Privacy Choices, optional Continue/Allow All	GPP enabled where configured
Global non-regulated regions	No banner, or informational-only banner with Continue	`granted` for all four Consent Mode keys	No consent collection controls in informational-only mode	No TCF, no GPP, no consent log collection in informational-only mode

4.1 Google Partner Program Requirement (No-Banner Cases)

If the banner does not appear because the user is outside banner-targeted regions, Cybexo keeps measurement intact by granting Consent Mode defaults in those no-banner cases.

This applies to deployments using global defaults/data transmission controls and avoids unintended denied states when no consent UI is shown.

5. Audit Positioning Notes

IAB TCF v2.3 support should always be stated explicitly.

Google Consent Mode v2 requires ordering validation (default before tag execution).

Regional behavior must be documented and testable (EEA denied-by-default with banner, non-banner regions granted-by-default).

Keep screenshots and debug reports for each production domain/app release.

6. Legal Notice

This document is technical guidance for configuration and verification. It is not legal advice.

1. Supported Standards and Frameworks#

2. What Cybexo CMP Does#

3. What Cybexo CMP Does Not Do#

4. Regional Banner and Consent Defaults (Canonical)#

4.1 Google Partner Program Requirement (No-Banner Cases)#

5. Audit Positioning Notes#