Privacy and security architecture

Our Consent Manager is carefully designed to protect its own internal state and regulation capabilities from other potentially malicious scripts running in the same environment. We employ the following techniques to ensure the security of our Consent Manager:

We use an extensive runtime reference caching & utility framework as the standard library through which all of our security-critical code is built. This library is completely resistant to all prototype pollution attacks, and dynamically adjusts for implementation differences between browsers to always provide the most secure level of abstraction available.

We do not use any third-party dependencies in airgap.js or Transcend XDI as nothing else meets our strict security standards. Our JavaScript bundler (esbuild) injects some utilities to assist with transpilation.

We require a genuine user-initiated 'click' or 'submit' event or a trusted Transcend XDI consent sync to change consent after initialization.

Although we use a reference cache & utility framework to secure against prototype pollution attacks, there are still some gaps introduced by our JavaScript bundler’s transpilation process.

In order to fill these gaps, we employ active tamper resistance interventions that prevent third-party code from redefining some built-in JavaScript iterators and methods which are insecurely used by the utilities generated by our JavaScript bundler.

Our Consent Manager does not use cookies to track user consent preferences or quarantined events across site visits. Instead, we use localStorage, sessionStorage, and IndexedDB which are not propagated over the network by default. The following are the storage areas used by each Transcend Consent component and their purpose:

  • localStorage.tcmConsent: A JSON object storing the user's consent state. The format of the JSON object is documented here.
  • localStorage.tcmMPConsent: A JSON object keyed by site-defined partitions. Each entry represents an individual entry in the same format as localStorage.tcmConsent. This is used to segregate consent for sites with multiple discrete same-origin sub-sites.
  • localStorage.tcmQuarantine: A stringified JSON object storing the requests and cookies that are held in "quarantine" before the user consents to having their data be used for various tracking purposes. You can read more about event quarantine capabilities here. Transcend Consent can be configured to not store this information by following the instructions here.
  • localStorage.tcmu: Unreported count of "page views" that we track for reporting purposes and for triggering pageview-based auto-consent-prompting. This data is sent to our backend and processed as an aggregate count.
  • localStorage.tcmr: Reported count of "page views" that we track for reporting purposes and for triggering pageview-based auto-consent-prompting.
  • sessionStorage.tcms: Random session identifier used to track cumulative browser sessions for reporting purposes. This data is not directly shared with our backend, but it is used to generate a session count that is sent to our backend.
  • Future: IndexedDB tcm database: This database will be used to store quarantined events.
  • localStorage.tcm1PConsent: A JSON object storing user consent state associated with a first-party sync group.
  • localStorage.tcm3PConsent: A JSON object storing user consent state for multiple third-party sync groups. This is used by the default provisioned sync endpoint provided by Transcend.