Twenty-four states now have privacy laws, and they don't agree with each other. Vermont became the 24th in June 2026. We run privacy compliance as an ongoing managed service, so your site keeps up without your team becoming privacy engineers.
Most privacy projects end the day the banner goes live. Ours starts there. Managed privacy covers the full enforcement layer, continuously:
We deploy and configure the consent management platform: categories, geo rules, banner behavior, and the records you'd need to produce later.
Nothing fires before consent. We map every tag to a consent category with denied-by-default behavior, and remediate hardcoded tags that bypass the container.
Automated scans check the site every day for tags firing before consent, new cookies, and configuration drift, with alerts when something changes.
We stand up a privacy rights request form, route submissions, and keep the process inside the response windows state laws require.
We implement and maintain the two links regulators look for first: a "Your Privacy Choices" opt-out and a "Privacy Rights Request" form.
Google Consent Mode v2 and Meta consent signals wired in correctly, so compliance work doesn't quietly break your ad measurement.
A site that passed its privacy audit in January is rarely compliant by June. New deploys add tags. Marketing adds a pixel for a campaign. Vendors update their scripts. None of those changes go through a privacy review, and each one can put a tracker in front of the consent banner.
That's the case for continuous scanning: it catches what annual audits miss, in days instead of quarters. When a change breaks consent enforcement, we know before a regulator, a plaintiff's firm, or your ad platforms do.
See what's firing on your site todayOf sites we audit have consent banners that block nothing
State laws differ on defaults, on sensitive data, and on what counts as a valid opt-out. A growing bloc of states requires honoring Global Privacy Control, the browser signal that opts a visitor out without touching the banner. We implement geo-aware configurations that apply the right rules to the right visitors, and GPC is detected and honored automatically.
We're CMP-agnostic: we work with CookieYes, Termly, Osano, TrustArc, and OneTrust, deploying new installations or fixing the one you already pay for.
Run a free privacy scan, or talk to us about a managed program.