Managed Privacy

A cookie banner is not compliance.

Twenty-four states now have privacy laws, and they don't agree with each other. Vermont became the 24th in June 2026. We run privacy compliance as an ongoing managed service, so your site keeps up without your team becoming privacy engineers.

What "Managed" Means

Ongoing, not a one-time audit

Most privacy projects end the day the banner goes live. Ours starts there. Managed privacy covers the full enforcement layer, continuously:

CMP deployment & configuration

We deploy and configure the consent management platform: categories, geo rules, banner behavior, and the records you'd need to produce later.

Every tag gated in GTM

Nothing fires before consent. We map every tag to a consent category with denied-by-default behavior, and remediate hardcoded tags that bypass the container.

Daily drift scanning

Automated scans check the site every day for tags firing before consent, new cookies, and configuration drift, with alerts when something changes.

DSAR request handling

We stand up a privacy rights request form, route submissions, and keep the process inside the response windows state laws require.

Required footer links

We implement and maintain the two links regulators look for first: a "Your Privacy Choices" opt-out and a "Privacy Rights Request" form.

Consent Mode & platform signals

Google Consent Mode v2 and Meta consent signals wired in correctly, so compliance work doesn't quietly break your ad measurement.

Why Ongoing

Compliance decays

A site that passed its privacy audit in January is rarely compliant by June. New deploys add tags. Marketing adds a pixel for a campaign. Vendors update their scripts. None of those changes go through a privacy review, and each one can put a tracker in front of the consent banner.

That's the case for continuous scanning: it catches what annual audits miss, in days instead of quarters. When a change breaks consent enforcement, we know before a regulator, a plaintiff's firm, or your ad platforms do.

See what's firing on your site today
68%

Of sites we audit have consent banners that block nothing

Multi-State Reality

One banner config for everyone no longer works

State laws differ on defaults, on sensitive data, and on what counts as a valid opt-out. A growing bloc of states requires honoring Global Privacy Control, the browser signal that opts a visitor out without touching the banner. We implement geo-aware configurations that apply the right rules to the right visitors, and GPC is detected and honored automatically.

We're CMP-agnostic: we work with CookieYes, Termly, Osano, TrustArc, and OneTrust, deploying new installations or fixing the one you already pay for.

FAQ

Managed privacy questions

What's included in the monthly managed privacy service?
CMP management and configuration updates, maintenance of consent gating in Google Tag Manager, daily automated compliance scans with drift alerts, a hosted DSAR request form with routing, upkeep of the required footer links, updates as new state privacy laws take effect, and a monthly compliance report.
Do you support multi-site and multi-location businesses?
Yes. Plans are structured by site count, and multi-site portfolios are where managed privacy matters most: one brand, dozens of domains, and a consent configuration that has to stay consistent across all of them. We manage the full portfolio from one place.
Can agencies white-label the managed privacy service?
Yes. We deliver managed privacy under your brand, the same way we handle white-label analytics and tracking work. Your clients see your name; we do the compliance engineering behind it. See our Agencies page for how partnerships work.

Find out what your banner is actually blocking

Run a free privacy scan, or talk to us about a managed program.