Compliance

Compliance overview

Our platform is built to help you meet common privacy and data protection requirements while running surveys and feedback flows. This page summarizes the controls we provide and how they map to widely used frameworks.

Frameworks we support

We are designed to support compliance programs aligned with:

• GDPR (EU) and UK GDPR
• CCPA/CPRA (California)
• LGPD (Brazil)
• ePrivacy / PECR (cookie and tracking rules)

Customer controls

You control when and how data is collected. The platform provides:

• Consent gating for analytics and events via consent configuration and scope-based permissions.
• Regional policy overlays to restrict certain scopes by geography.
• Data minimization defaults that allow anonymous measurement when storage-based consent is not granted.
• Identity handling controls so you can avoid attaching identifiers unless consent allows it.
• Transparent traffic via host-visible events and command queues for auditing and verification.

How consent works

Consent is evaluated using the intersection of:

• User consent (what the end user accepted)
• Organization policy (your business rules)
• Regional policy (geographic constraints)

This lets you align the widget to your CMP or tag manager policies without custom code.

Practical guidance

To align with your compliance program:

• Map your CMP or consent signals to scopes such as analytics.measurement and analytics.storage.
• Use regional policies to deny or allow scopes by geography.
• Avoid attaching user identifiers unless consent permits storage-based analytics.
• Audit outbound traffic using the host-side traffic events.

Legal note

This document is informational and not legal advice. You are responsible for determining how to apply these controls to your specific legal obligations.