Trust and certifications
An honest view of what ConsentX does today and what we are still building toward.
Live today
ImplementedGoogle Consent Mode v2
All four consent signals are supported, with defaults set before any tags fire so tracking respects consent from the first page view.
Geo-aware consent
Region-aware policy across GDPR, UK GDPR, CCPA/CPRA, DPDPA, LGPD and more, so each visitor sees the experience their jurisdiction requires.
Prior-script blocking
Tags and trackers are blocked before consent is given, so nothing non-essential runs until the visitor opts in.
Tamper-evident evidence
Consent receipts and audit logs are bound into a per-record SHA-256 hash chain, so any change to a record is detectable and your evidence is provable.
DSAR workflow with SLA timers
Data subject and grievance requests are tracked end to end with statutory SLA timers, so deadlines are visible and nothing is missed.
Encryption in transit and at rest
Data is encrypted in transit with TLS, and data at rest is encrypted using the storage-layer encryption of our cloud provider.
Stripe for billing
Payments are handled by Stripe. ConsentX does not store card data on its own systems.
In progress and roadmap
Not yet certifiedThe items below are planned or under way. ConsentX does not hold these certifications or registrations today, and they are labelled accordingly so you always know where things stand.
IAB Europe TCF v2.2
PlannedRegistration as a Transparency and Consent Framework CMP is on our roadmap. ConsentX is not a registered TCF CMP today.
IAB GPP
PlannedSupport for the Global Privacy Platform string is planned. It is not yet available.
Google CMP Partner Program
In progressOur application to the Google CMP Partner Program has been submitted and is under review. Membership is not yet granted.
SOC 2 Type II
PlannedA SOC 2 Type II audit is planned. ConsentX does not hold a SOC 2 report today.
ISO/IEC 27001 and 27701
PlannedCertification to ISO/IEC 27001 and the 27701 privacy extension is planned. ConsentX is not yet certified.
India DPDPA Consent Manager
PlannedRegistration as a DPDPA Consent Manager is planned, subject to the registration framework being opened by the regulator.
WCAG 2.2 AA accessibility
In progressWork toward WCAG 2.2 AA conformance for the consent banner is in progress. A formal conformance claim is not yet published.
Europrivacy (EU GDPR Art 42)
PlannedEuroprivacy certification under GDPR Article 42 is planned. ConsentX does not hold this certification today.
Data protection
ConsentX can act as your GDPR Article 27 representative arrangement where you have no establishment in the relevant region, so you have a point of contact for supervisory authorities and data subjects. Contact us to confirm the current scope for your jurisdiction.
A data processing agreement is available at /dpa for your legal team to review and sign. The providers in our supply chain are published on our subprocessors page.
See the evidence for yourself
Start free or book a walkthrough of how ConsentX makes consent provable.
Frequently asked questions
Is ConsentX a certified CMP?+
Google Consent Mode v2 is implemented in the product today, and our application to the Google CMP Partner Program is in progress and under review. Full IAB Europe TCF v2.2 certification is on our roadmap and is not yet in place. We do not claim certifications we do not hold.
Where is data stored?+
The ConsentX application is hosted on Amazon Web Services and customer data location follows the configured region. Data is encrypted in transit with TLS and at rest with storage-layer encryption. The providers in our supply chain are listed on our subprocessors page.
Do you have a DPA?+
Yes. A data processing agreement is available at /dpa for your legal team to review and sign.
Is the consent banner accessible?+
We are actively working toward WCAG 2.2 AA conformance for the consent banner. That work is in progress and we have not yet published a formal conformance claim.