Privacy regimes
Transcend Consent Management uses a layered privacy regime detection solution. By default, both IP geolocation data and user browser settings are evaluated to determine any user-applicable privacy legal regimes.
Client IP address geolocation data is used to determine applicable privacy regimes from geographical jurisdictions. IP address geolocation data is provided by CloudFront at runtime and is not stored by Transcend.
To use only IP geolocation for regime detection, set data-regime-detection="ip-only" on your airgap.js script tag.
Users' browser settings including timezone and language configuration are evaluated to determine privacy regimes that can be inferred from these settings. For example, if a user's browser is set to a timezone in Europe or their browser language contains an EU country code, then the GDPR regime is inferred.
To use only browser settings for regime detection, set data-regime-detection="heuristics-only" on your airgap.js script tag.
Regime detection mechanisms can stack, and each mechanism can infer zero or more regimes. For example, if a user's IP address is from California, their browser timezone is set to somewhere in Brazil, and their browser language contains an EU country code, then the user is afforded the rights granted by GDPR, LGPD, and CPRA all at once.
You can directly set the privacy regime (e.g. if you want to use your own first-party tools to aid in regime detection) by adding a data-regime="CPRA" (or "GDPR", etc.) attribute on your airgap.js script tag.
You can customize the default privacy regime (that is, the regime that is reported whenever no applicable regimes are otherwise detected) by adding a data-default-regime="CPRA" (or "GDPR", etc.) attribute on your airgap.js script tag.
You can configure the mapping of privacy regimes to user interfaces by visiting Consent Management → Regional Experiences in your Admin Dashboard.