Home
Start typing to search…

Consent Overview

Learn how to integrate and configure consent management with Ours Privacy using your Consent Management Platform (CMP) and event properties.

Consent Overview

Ours Privacy gives you flexibility:

  • Always load Ours Privacy or categorize Ours Privacy as a required provider that loads when permitted — both options work.
  • Always Send all events to Ours Privacy, and let Ours Privacy mappers decide which destinations (analytics, ads, etc.) should receive them based on current user consent.
  • Respect "Do Not Track" and state-level privacy laws by centralizing consent enforcement in the mapping layer, not your frontend.
  • Keep your frontend simple — send consistent events to us regardless of location or consent status. No conditional logic or edge-case handling in the browser.

Your Consent Management Platform (CMP) should control when the Ours Privacy SDK loads and pass consent choices (like accepted categories and vendor status) to us as part of your events.

This model ensures:

  • Simpler integrations.
  • Full support for any CMP.
  • Consent visibility on every event.
  • Clean separation of responsibilities between your app and our infrastructure.

Integration Model

Ours Privacy supports three distinct operating modes for consent management:

Mode 1: Strict Consent Mode (Zero Data Collection)

  • CMP First: Your CMP controls when the Ours Privacy SDK loads
  • No SDK Loading: Ours Privacy SDK is not loaded until explicit consent is granted
  • Zero Data Collection: No data is sent to Ours Privacy before user permission
  • Complete Control: Your CMP has full control over tracking initiation

Mode 2: Mapper-Controlled Mode (Recommended)

  • Always Load SDK: Ours Privacy SDK loads immediately and collects all events
  • Pass Consent as Event Properties: Your CMP's consent status and categories are passed as event properties
  • Mapper Enforcement: Ours Privacy mappers conditionally route events to destinations based on consent
  • Granular Control: Events without proper consent are filtered out at the mapping layer

Mode 3: Destination-Level Consent Mode

  • Always Load SDK: Ours Privacy SDK loads immediately and collects all events
  • Always Dispatch: All events are sent to destinations regardless of consent status
  • Destination Handling: Consent information is passed to destinations that support consent-level fields
  • Destination-Specific: Only destinations with built-in consent handling capabilities can properly respect consent

Important: Mode 3 is destination-specific and not all destinations support consent-level fields. Mode 2 (Mapper-Controlled) is recommended for most use cases as it provides the best balance of flexibility and control.

Choosing the Right Mode

The choice between these modes depends on your organization's privacy requirements, compliance needs, and technical architecture. We recommend:

  • Consult with your privacy officer and/or legal team to determine the appropriate consent management approach for your use case
  • Reach out to us to start a conversation about privacy and consent management strategies

Our team can help you evaluate your specific requirements and recommend the best approach for your organization.

You can pass consent information as event properties either:

  • As part of each event (e.g., in the ours('track', ...) call)
  • Or as default event properties attached to every event via the SDK's initialization.

Example: Attach consent globally:

ours('init', '<ours web api key>', {
  default_event_properties: {
    consent_marketing: true,
    consent_analytics: false,
    cmp_vendor: 'onetrust'
  }
});

Example: Attach consent to a single event:

ours('track', 'form_submit', {
  consent_marketing: true,
  consent_analytics: false,
  cmp_vendor: 'onetrust'
});

Example Mapper Logic For Above Event

With consent properties like consent_marketing or consent_analytics attached to your events, you can use Ours Privacy mappers to conditionally control where each event is sent.

For example:

  • If consent_analytics is false, prevent the event from being forwarded to tools like Google Analytics or Amplitude.
  • If consent_marketing is true, allow the same event to be forwarded to Facebook Ads or HubSpot.
  • You can also drop the event entirely if no valid consent is present — all using a few lines of logic in your mapping UI or API.

These mappings can be configured per destination, giving you granular control over how each destination handles consented or non-consented data.

Why This Model?

  • Flexibility: You can use any CMP and any consent categories.
  • Transparency: Consent status is visible on every event, making compliance and downstream mapping easy.
  • Simplicity: No need to configure or maintain consent logic in the SDK.

Mapping and Routing

  • Use the Ours Privacy mapping layer to stop, transform, or route events based on the consent properties you attach.
  • For example, you can prevent events with consent_analytics: false from being sent to analytics destinations.

Best Practices

  • Load Order: Load your CMP first. You can load the Ours Privacy SDK either after consent or immediately — depending on your compliance strategy.
  • Global Properties: Use default event properties to attach consent status to every event.
  • Single Initialization: Avoid initializing the SDK multiple times on the same page.

Re-sending Critical Events After Consent Changes

When implementing consent management, you may need to re-send critical events that occurred before consent was granted. This is especially important for analytics destinations that rely on specific events for accurate reporting.

Common Critical Events to Re-send

Google Analytics page_view Events:

  • Why: GA4 uses page_view events to establish sessions and track user journeys
  • When: After analytics consent is granted, re-send the page_view event with proper session properties
  • How: Include these event properties to ensure proper GA4 session tracking: 
    ours('track', 'page_view', {
  is_first_visit: 1,        // 0 or 1 to flag if this is the first visit
  is_new_session: 1,        // 0 or 1 to flag if the session is new
  is_engaged_session: 1,    // 0 or 1 to flag if the session is engaged
  consent_analytics: true   // Your consent status
});

Other Critical Events:

  • Form submissions that occurred before consent
  • E-commerce events (purchases, add to cart, etc.)
  • Conversion events that are essential for business metrics

Implementation Strategy

Before implementing event re-sending, we recommend:

  • Consult with your privacy officer and/or legal team to ensure your approach complies with applicable privacy regulations and your organization's policies
  • Reach out to us to discuss your specific use case and get guidance on the best implementation approach

Once you have the appropriate approvals, follow these steps:

  1. Store Events Temporarily: Keep track of critical events that occur before consent
  2. Listen for Consent Changes: Monitor your CMP for consent status updates
  3. Re-send with Consent Properties: Re-send stored events with current consent status
  4. Use Mapper Logic: Configure your Ours Privacy mappers to handle re-sent events appropriately

Conclusion

By letting your CMP control SDK loading and passing consent status as event properties, you ensure maximum flexibility and compliance. The Ours Privacy platform will respect these properties throughout your data pipeline.

Whether you always load Ours Privacy or delay until consent, the platform respects consent properties at every step of the data pipeline.

Updated 15 days ago