Ketch Implementation Guide

Ketch and Ours Privacy work together to provide a comprehensive consent management solution that supports healthcare, GDPR, CCPA, and other privacy regulations. This guide explains the capabilities, operating modes, and integration patterns available when using Ketch as your Consent Management Platform (CMP).

Overview

Ketch controls when the Ours Privacy SDK loads and provides granular consent data that flows through your entire data pipeline. This approach delivers:

• Regulatory Compliance: Full support for GDPR, CCPA, CPRA, LGPD, and healthcare regulations
• Granular Control: Category-based and vendor-specific consent management
• Complete Audit Trail: Visibility into every consent decision and change
• Flexible Integration: Works with any Ketch configuration or consent strategy

How the Ketch Frontend SDK Works

Once the Ketch Smart Tag is installed on your site, it exposes a global ketch() function. Ketch fires a consent event whenever consent is resolved — whether from a cached cookie, a remote lookup, or a user interaction with the consent banner.

// Fires every time consent is resolved or updated
ketch('on', 'consent', function (consent) {
  // consent.purposes = { analytics: true, advertising: false, ... }
  console.log('Consent updated:', consent.purposes);
});

// Fires only once (useful for initialization)
ketch('once', 'consent', function (consent) {
  console.log('Initial consent:', consent.purposes);
});

The consent.purposes object keys are the purpose codes configured in your Ketch dashboard (e.g. advertising, analytics, data_sales, email_mktg). Values are booleans.

See the Ketch developer docs for the full list of events and configuration options.

Operating Modes

Ours Privacy supports three distinct operating modes for consent management with Ketch, each offering different levels of data collection and consent enforcement:

Mode 1: Strict Consent Mode (Zero Data Collection)

Ours Privacy SDK is not loaded until explicit consent is granted through Ketch, ensuring zero data collection before user permission.

Can I ensure nothing is sent to Ours Privacy if someone opts out? Yes. If someone opts out, nothing is sent to Ours Privacy.

How it works:

• Ketch controls when the Ours Privacy SDK loads
• No data is sent to Ours Privacy until consent is granted
• Complete control over tracking initiation
• Zero data collection before user permission

Example: Load Ours Privacy only after consent is granted

ketch('on', 'consent', function (consent) {
  var purposes = consent.purposes;

  if (purposes.analytics || purposes.advertising) {
    ours('init', '<ours web api key>', {
      default_event_properties: {
        consent_marketing: !!purposes.advertising,
        consent_analytics: !!purposes.analytics,
        consent_functional: !!purposes.functional,
        cmp_vendor: 'ketch',
      },
    });
  }
});

Mode 2: Mapper-Controlled Mode

Ours Privacy loads immediately and collects all events, but the mapping layer stops dispatch to destinations based on consent conditions.

How it works:

• Ours Privacy SDK loads immediately and collects all events
• Events are sent to Ours Privacy regardless of consent status
• Consent status is passed as event properties
• Ours Privacy mappers conditionally route events to destinations based on consent
• Events without proper consent are filtered out at the mapping layer (not sent to destinations, but still collected by Ours Privacy)

Important: In this mode, data is still sent to Ours Privacy even if users opt out. Only the forwarding to destinations is controlled. If you need to ensure no data is sent to Ours Privacy when users opt out, use Mode 1 instead.

Choosing the Right Mode

The choice between these modes depends on your organization's privacy requirements, compliance needs, and technical architecture. We recommend:

• Consult with your privacy officer and/or legal team to determine the appropriate consent management approach for your use case
• Reach out to us to start a conversation about privacy and consent management strategies

Our team can help you evaluate your specific requirements and recommend the best approach for your organization.

Implementing Consent Events and Mapping

We recommend firing a "consent_change" event when consent is granted or changed. This allows you to track consent decisions and use them in your mapping logic.

Mapping Ketch Purposes to Ours Categories

Ketch purpose codes are configurable per organization. A common mapping looks like this:

Your exact Ketch purpose codes depend on how your Ketch dashboard is configured. Adjust the mapping below to match.

Firing Consent Events

Use Ketch's consent event to get the consent status whenever it changes. Then pass this information into event properties and visitor properties:

// Initialize Ours Privacy SDK
ours('init', '<ours web api key>', {
  default_event_properties: {
    cmp_vendor: 'ketch',
  },
});

// Listen for Ketch consent changes and fire consent_change events
ketch('on', 'consent', function (consent) {
  var purposes = consent.purposes;

  var consentStatus = {
    marketing: !!purposes.advertising,
    analytics: !!purposes.analytics,
    functional: !!purposes.functional,
    necessary: true,
  };

  ours(
    'track',
    'consent_change',
    {
      // Event properties
      ...consentStatus,
      cmp_vendor: 'ketch',
    },
    {
      // Visitor properties - consent object
      consent: consentStatus,
    }
  );
});

Implementing Mapper Logic

For each destination, you should create a "stop" mapper that prevents dispatch if the required consent isn't granted. You can also use logic builders for more granular control.

Example: Stop mapper for marketing destinations

• Condition: visitor.consent.marketing != true
• Action: Stop dispatch

Example: Stop mapper for analytics destinations

• Condition: visitor.consent.analytics != true
• Action: Stop dispatch

Example: Advanced logic with event properties

• Condition: event.consent_marketing == true && visitor.consent.marketing == true
• Action: Allow dispatch to marketing destinations

This approach ensures that:

• Consent decisions are tracked and stored on the visitor
• Destinations only receive data when appropriate consent is granted
• You have granular control over data flow based on consent status
• Compliance is maintained throughout your data pipeline

Mapping and Routing Capabilities

Destination-Based Routing

Ours Privacy's mapping layer routes events based on Ketch consent:

• Analytics destinations - Only send data when analytics consent is granted
• Marketing destinations - Route to advertising platforms only with marketing consent
• Functional destinations - Enable enhanced features with functional consent
• Necessary destinations - Always route essential operational data

Conditional Data Processing

Beyond simple routing, the mapping layer can:

• Transform data - Modify event properties based on consent level
• Filter sensitive data - Remove PII/PHI when consent is limited
• Aggregate data - Combine events differently based on consent
• Delay processing - Hold events until appropriate consent is granted

Conclusion

Integrating Ketch with Ours Privacy enables:

• Full Regulatory Compliance: Support for GDPR, CCPA, CPRA, and healthcare regulations
• Granular Consent Control: Category-based and vendor-specific consent management
• Complete Audit Trail: Visibility into every consent decision and change
• Flexible Integration: Works with any Ketch configuration or consent strategy

The Ours Privacy platform respects these consent properties throughout your data pipeline, ensuring compliance while maintaining data integrity and user privacy.

For additional support or questions about Ketch integration, contact our support team at support@oursprivacy.com.