Privacy and security architecture

Our consent manager is carefully designed to protect its own internal state and regulation capabilities from other potentially malicious scripts running in the same environment. We employ the following techniques to ensure the security of our consent manager:

We use an extensive runtime reference caching & utility framework as the standard library through which all of our security-critical code is built. This library is completely resistant to all prototype pollution attacks, and dynamically adjusts for implementation differences between browsers to always provide the most secure level of abstraction available.

We do not use any third-party dependencies in airgap.js or Transcend XDI as nothing else meets our strict security standards. Our JavaScript bundler (esbuild) injects some utilities to assist with transpilation.

We require a genuine user-initiated 'click' or 'submit' event or a trusted Transcend XDI consent sync to change consent after initialization. A 'load' event that fired before/as airgap.js initialized may also be used as authorization, and is exclusively required for more dangerous APIs such as airgap.toggle(auth: AirgapAuth, protectionState?: boolean) that can toggle protections.

While our request and cookie watcher APIs requires no authorization, our request and cookie override APIs require a 'load' event that fired before/as airgap.js initialized as authorization.

Note that an interaction between Chrome 117, Transcend Consent's Tamper Resistance mode, and versions of regenerator-runtime (a common JavaScript library) older than v0.13.8 can cause errors and could negatively impact your website. To resolve these errors please update airgap.js to version 8.11.11 or higher to automatically disable Tamper Resistance mode. If you're using an earlier version of airgap.js and are unable to update, you can also manually disable Tamper Resistance by setting the the data-tamper-resist="off" attribute on your airgap.js script.

Tamper Resistance is an optional advanced mode that helps airgap.js avoid interference from potentially malicious adtech installed on a website.

When this mode is enabled, we employ active tamper resistance interventions that prevent third-party code from redefining some built-in JavaScript iterators and methods which are insecurely used by the utilities generated by our JavaScript bundler. This protection augments our use of a reference cache & utility framework to secure against prototype pollution attacks.

Note that Tamper Resistance mode is not required for Transcend Consent's regulation functionality and is an optional additional protection.

Tamper resistance mode was formerly enabled by default. Beginning in airgap.js version 8.11.11 it is now disabled by default. If you're running airgap.js 8.11.11 or higher and would like to enable Tamper Resistance, you can set the data-tamper-resist="on" attribute on your airgap.js script.

The following are the storage areas used by each Transcend Consent Management component and their purpose:

  • localStorage.tcmConsent: A JSON object storing the user's consent state. The format of the JSON object is documented here.
  • localStorage.tcmMPConsent: A JSON object keyed by site-defined partitions. Each entry represents an individual entry in the same format as localStorage.tcmConsent. This is used to segregate consent for sites with multiple discrete same-origin sub-sites.
  • localStorage.tcmQuarantine: A stringified JSON object storing the requests and cookies that are held in "quarantine" before the user consents to having their data be used for various tracking purposes. You can read more about event quarantine capabilities here. Transcend Consent Management can be configured to not store this information by following the instructions here.
  • localStorage.tcmu: Unreported count of "page views" that we track for reporting purposes and for triggering pageview-based auto-consent-prompting. This data is sent to our backend and processed as an aggregate count.
  • localStorage.tcmr: Reported count of "page views" that we track for reporting purposes and for triggering pageview-based auto-consent-prompting.
  • sessionStorage.tcms: Random session identifier used to track cumulative browser sessions for reporting purposes. This data is not directly shared with our backend, but it is used to generate a session count that is sent to our backend.
  • Future: IndexedDB tcm database: This database will be used to store quarantined events.

Information that may be stored if you're using Transcend's Preference Store to store and persist consent for known users. Learn more.

Encrypted IdentifierEncrypted identifier provided by the Transcend Customer for the end user associated with the consent record.
PartitionThe bundle ID of the Transcend Consent Management instance that collected consent. For customers with multiple partitioned airgap bundles, this will be the partition ID.
PurposesMap of consent purposes associated with the record
TimestampWhen consent record was created in ISO format (e.g. "2023-05-11T19:32:31.707Z")
Airgap.js Version (Optional)airgap.js version in use at time of collection
Metadata (Optional)Storage of additional metadata - can be configured by the customer as needed
Metadata Timestamp (Optional)Timestamp for last optional metadata update
  • localStorage.tcm: A JSON object storing user consent, consent metadata, and quarantine data for multiple third-party sync groups. This value was stored at localStorage.tcm3PConsent prior to airgap.js 8.38.0.