Data Privacy & GDPR
Compliance Help Center

Essential cookies (also called strictly necessary cookies) are required for your website to function properly. They include session management, authentication, shopping cart, and security cookies (like CSRF tokens). Under GDPR and the ePrivacy Directive, these cookies do not require user consent because the website cannot operate without them. Secure Privacy automatically classifies these and enables them by default.

Yes. Each subdomain (e.g., shop.example.com, blog.example.com) is treated as a separate property because it can set its own cookies and trackers independently. A license for example.com does not cover its subdomains. Subpages (e.g., example.com/blog) are covered under the main domain license. Contact our sales team for volume discounts on multiple subdomain licenses.

Secure Privacy stores all service data securely within the European Union using trusted cloud infrastructure providers including Microsoft Azure and Amazon AWS. Our data centers comply with ISO 27001, SOC 2 Type II, and GDPR requirements. Consent records, scan results, and configuration data are encrypted at rest and in transit.

If your website uses a firewall, CDN (like Cloudflare), or WAF, you may need to allowlist our scanner IP addresses to ensure reliable compliance scans. Our IP list is updated periodically for security reasons. Contact [email protected] to request the current list of scanner IPs, and add them to your allowlist or firewall rules.

No. Under GDPR, only non-essential cookies must be blocked before consent. Essential cookies that are strictly necessary for the website to function (session cookies, authentication, security) should always be allowed. You should block analytics, marketing, preference, and social media cookies until the user explicitly grants consent for each category.

This message appears in the developer console when a visitor accesses your site from a geographic region that is not covered by any of your configured legal templates. For example, if you only have a GDPR template for EU visitors, someone visiting from a non-covered region may see this message. The cookie banner will not display for that visitor. To resolve this, add legal templates for all regions where your website has visitors, or configure a default/global template.

Secure Privacy is designed for minimal performance impact. The script loads asynchronously so it does not block page rendering or affect Core Web Vitals. The compressed script is under 40KB and is served via a global CDN. The banner uses fixed positioning to avoid layout shifts. For SEO, we automatically add noindex tags to generated consent pages and our banner does not interfere with search engine crawlers.

Secure Privacy supports the latest 2 major versions of all popular browsers: Google Chrome, Mozilla Firefox, Safari, Microsoft Edge, and Opera. We also support mobile browsers on iOS (Safari) and Android (Chrome). For the best experience and full functionality, we recommend keeping your browser updated to the latest version.

Under CPRA regulations, businesses must honor Global Privacy Control browser signals as valid opt-out requests. Secure Privacy automatically detects GPC signals when you enable CCPA/CPRA compliance mode. When a GPC signal is detected, the system treats it as a "Do Not Sell or Share" request without requiring any additional action from the visitor. Enable this in Settings > Regulations > CCPA/CPRA > Detect and honor GPC signals.

Yes. Secure Privacy offers a Mobile SDK compatible with Native iOS and Android, React Native, and Flutter. The SDK provides cross-platform consent management with GDPR and CCPA compliance, customizable UI components, multilingual support, and the same consent storage and proof capabilities as the web version. Contact our team for SDK documentation and integration guides.