Per-category enforcement
Refuse a category and the matching capture genuinely does not run — with analytics off, tracking truly stops, not just visually.
Trust · Consent & GDPR
Cookie consent & GDPR that actually stops the tags.
Design the banner, decide what counts as essential, apply the right behaviour for each visitor's region — and crucially, enforce it: analytics and marketing tags do not run until the visitor agrees. Delivered through the widget already on your site.
Auto by regionPer-category enforcementGPC & DNT honouredConsent ledger
Analytics: blocked
Consent logged ✓
Live
20+ designsbanner layouts in the studio
Per-categoryenforced at the source
Group-domainone choice shared across sites
Consent ledgertamper-evident proof
The difference
It doesn't just show a banner — it enforces the choice.
A pretty banner that lets the tracker fire anyway is not consent — it's theatre. OpsIQ wires the visitor's choice straight into the platform's own consent layer. Decline analytics, and the capture genuinely stops at the source. Nothing queues, nothing fires "just this once".
Decline = nothing runs — with analytics off, the tracker is never loaded, not merely hidden.
Tag your own scripts — third-party tags stay dormant until their category is granted, then activate instantly.
Google Consent Mode v2 emits the right gtag signals so GA4 and Google Ads obey the choice natively.
Enforcing
Not just a banner
It controls what actually runs.
Most consent tools show a banner and hope. OpsIQ enforces the choice at the source.
Auto-block your own tags
Tag any third-party script to stay dormant until its category is granted; OpsIQ activates it the instant the visitor consents — never before.
Auto by region
EU/UK visitors get opt-in; US visitors get opt-out with "Do Not Sell or Share". Browser GPC and DNT signals are honoured whichever mode you pick.
Google Consent Mode v2
Emits the right gtag signals from each visitor's choice, so GA4 and Google Ads obey consent natively. No IAB TCF needed for most sites.
Design studio
A banner that looks like your brand.
Start from 20+ layouts — bar, box, card, full-screen, corner — then own every pixel in the style studio: transparent, solid or gradient surfaces, your colours, your logo, your wording, your motion. Live preview at desktop and mobile widths before you publish.
20+ designs grouped by style — pick one and tweak, or build from scratch.
Transparent · solid · gradient colour studio with multi-stop gradients and your logo.
Multi-language content — write the wording your visitors actually read, per locale.
Designing
Your categories
You decide what counts as essential.
Define your own categories and the exact wording visitors see. Mark what's genuinely essential for your business — that stays always-on and can't be toggled off — and let everything else be the visitor's choice. An AI cookie scanner can crawl your site, find every cookie and tracker, categorise it and write a plain-language purpose.
Admin-defined categories — your names, your wording, mapped to exactly what they control.
You set what's essential — always-on, never forced on the visitor by us.
AI cookie scanner auto-detects and categorises every cookie with a written purpose.
Live
Group-domain sharing
One choice, across all your sites.
Run several domains under one workspace? A decision a visitor makes on one carries across the rest of the group for the number of days you set — so they aren't re-prompted on every property, and your consent record stays consistent everywhere.
Carry the choice across group domains for a window you control (1–730 days).
Re-consent interval — re-ask returning visitors after N days for stricter regimes.
Policy versioning — change the policy and everyone is re-prompted automatically.
Sharing
Privacy & Compliance
One screen to show the auditor.
The consent ledger proves who agreed to what and when; the access log shows who on your team touched a contact's data; residency and retention settings declare your policy; and a printable DPA fills itself in from those values.
Consent ledger — every grant and revoke by contact, channel, action and date.
DSAR built in — export a copy and erase on request, run through the Action Gateway.
Printable DPA reflecting GDPR, UK GDPR and CCPA, filled from your residency settings.
Consent ledger
Delivery
Shipped by the widget already on your site.
No second snippet, no tag manager wrestling. The banner is delivered through the same OpsIQ widget that runs your chat — so it boots before anything else, applies the visitor's region, and gates capture from the very first page-view. Geo behaviour is automatic: EU/UK opt-in, US opt-out, GPC and DNT honoured everywhere.
One script — the widget you already installed carries the banner too.
Geo-aware on boot — the right mode and language for each visitor, automatically.
Live consent analytics — accept rates by category and domain, scoped to your workspace.
Booting
How it works
Five steps from banner to proof.
Set it up once in the studio; it runs and records itself from then on.
1
Define categories
List the categories that matter to you, write the visitor wording, and mark what is essential. The AI scanner can seed the list for you.
2
Design the banner
Pick from 20+ layouts, set transparent / solid / gradient colours, add your logo and copy, and preview at every width.
3
Deliver via the widget
Publish. The OpsIQ widget already on your site carries the banner — no new snippet, geo-aware on boot.
4
Enforce the choice
Declined categories never load. Tagged third-party scripts stay dormant; Consent Mode v2 signals fire for Google.
5
Log & prove
Every grant and revoke lands in the consent ledger. DSAR export, erasure and a printable DPA are ready for the auditor.
Compare
How it differs from a standalone CMP.
Generic consent platforms (Cookiebot, OneTrust and the like) do the banner well. OpsIQ does the banner — and the enforcement, the platform context, and the pricing — differently.
| What matters | Standalone CMP | OpsIQ |
|---|---|---|
| Beautiful, configurable banner | Yes | Yes — 20+ designs + studio |
| True enforcement at the source | Blocks scripts it knows about | Capture stops in the platform itself |
| Part of one platform | Separate product | Built into your widget & CDP |
| Consent ledger you own | Add-on / export | Built in & searchable |
| DSAR export & erasure | Often a higher tier | Included |
| Printable DPA | Usually not | Auto-filled from your settings |
| Pricing model | Often per-pageview / per-domain | No per-pageview metering |
Product names belong to their owners and are used only for comparison. For IAB-framework programmatic ads, OpsIQ also offers a TCF surface; most sites don't need it.
Everything in the studio
Consent, done properly.
Design studio
A large library of banner designs and a full colour system — transparent, solid or gradient — to match your brand.
Your categories
Define your own categories and wording. You decide what is essential; everything else is the visitor's choice.
AI cookie scanner
Scan your site and let AI auto-detect every cookie and tracker, categorise it and write a plain-language purpose.
Law & region
Opt-in, opt-out, or auto-by-region; GPC and DNT honoured; re-consent intervals for strict regimes.
Google Consent Mode v2
Emit the right gtag signals so GA4 and Google Ads obey each visitor's choice natively.
Auto-block tags
Mark any third-party script to stay dormant until its category is granted, then activate it instantly.
Consent analytics
Live accept rates by category and domain from your visitors' real choices, scoped to your workspace.
Group-domain sharing
A choice made on one of your sites carries across the others in the group for the days you set.
Consent ledger
A searchable, tamper-evident record of every grant and revoke — your proof for an audit.
DSAR export & erasure
Find the person, prove consent, hand them a copy, and erase on request.
Printable DPA
A Data Processing Addendum that fills in your controller, DPO, residency and retention automatically.
Multi-language
Write the wording each visitor reads, per locale, with the right behaviour for their region.
Built for the auditor
Honest about what this is.
OpsIQ gives you the tooling to operate a defensible consent programme. It is not legal advice, and a tool can't certify your compliance — but it gives you the controls, records and documents to demonstrate it.
GDPR & UK GDPR
Opt-in by default for EU/UK, granular categories, freely-given choice, easy withdrawal, and a consent record you can produce on request.
CCPA / CPRA
Opt-out mode with a "Do Not Sell or Share My Information" control and GPC honoured as a valid opt-out signal.
Records & DPA
A tamper-evident consent ledger, an admin access log, and a printable DPA auto-filled from your residency and retention settings.
Questions
Consent, answered.
What do you mean by "it actually enforces"?
Most consent tools render a banner and assume scripts behave. OpsIQ wires the visitor's choice into the platform's own consent layer: with a category declined, the matching capture is never loaded — it doesn't fire "just once" and isn't merely hidden. Your own third-party tags can be marked to stay dormant until their category is granted, and Google Consent Mode v2 signals are emitted so GA4 and Google Ads obey natively.
Do I need to add another script to my site?
No. The banner is delivered through the same OpsIQ widget that already powers your chat. One tag carries both, so consent is applied from the first page-view without a second snippet or tag-manager setup.
Can I decide what counts as "essential"?
Yes. You define your own categories and wording, and you choose what is essential for your business. Essential stays always-on and can't be switched off by visitors; everything else is genuinely their choice. Nothing is forced on by OpsIQ.
How does region behaviour work?
Auto-by-geo gives EU/UK visitors opt-in (nothing non-essential runs until they accept) and US visitors opt-out with a "Do Not Sell or Share" control. Browser Global Privacy Control (GPC) and Do-Not-Track (DNT) signals are honoured whichever mode you pick. You can also force opt-in or opt-out everywhere.
Does a choice carry across my other domains?
If you enable group-domain sharing, a decision made on one of your workspace's domains carries to the others for the number of days you set (1–730), so visitors aren't re-prompted on every property. A re-consent interval can re-ask returning visitors after N days, and changing your policy version re-prompts everyone automatically.
What proof do I have for an auditor?
The consent ledger is a searchable, tamper-evident record of every grant and revoke by contact, channel, action and date. Alongside it sit an admin access log, residency & retention settings, and a printable DPA that fills in your controller, DPO, residency and retention values automatically.
Can a visitor get a copy of their data or be erased?
Yes. DSAR export and erasure are built in and run through the Action Gateway, so the operations are role-checked and logged. You can find the person, prove their consent state, hand them a copy, and erase on request.
Do I need the IAB TCF framework?
Usually not. Google ads already obey Consent Mode v2 and every other tag is handled by auto-blocking — no CMP ID required. TCF is only for sites running IAB-framework programmatic ads; if you need it, OpsIQ can expose a __tcfapi surface and a per-visitor TC string.
New · Capture policy
Choose how much you capture when consent is partial.
Even with a category granted, you set the ceiling. The visitor capture mode decides how much detail the platform records — from full fidelity down to a strict, privacy-first minimum — so your data practice matches your appetite, not just the law's floor. One setting, applied everywhere capture happens.
Capture all — full fidelity when every relevant category is granted.
Balanced & PII-only — keep the signal, trim what you don't need to hold.
Strict — the minimum the platform needs to function, nothing more.
Live
New · Studio & insight
Save a look once, then let AI read the numbers.
Three quiet upgrades that make the studio faster and the dashboard smarter: save your colours, type, effects and motion as a reusable style preset; hold the banner back with a show-after delay so content paints first; and let AI read your accept rates and hand you the insights and next steps.
Saved style presets — capture colours, typography, effects and motion, then reuse them anywhere.
Show-after delay — let the page load first, then bring the banner in after a set delay.
AI consent analysis — AI reads your KPIs and writes the insights plus the next steps to take.
Analysing
Tamper-evident proof
A consent record that can't be quietly edited.
Every grant and revoke is chained: each entry carries an HMAC hash of the one before it, so any after-the-fact change to an old row breaks the chain and shows. That's the difference between a log you keep and proof you can hand an auditor — searchable by contact, channel, action and date, and never silently rewritten.
HMAC hash chain — each entry seals the previous one; tampering breaks the link.
Searchable proof — pull any contact's grant and revoke history in seconds.
Admin access log — every view, edit, export and erasure recorded with a reason.
Sealing
Full feature list
Everything in Consent & GDPR.
Every capability, grouped. ★ marks a stand-out.
| Feature | What it does |
|---|---|
| Design studio | |
| 20+ premium design layouts ★ | 13 bars, 11 cards, 5 sheets and 5+ modals — genuinely distinct structures, not recolours. |
| Design palettes & colour system | 12+ named palettes give every layout a coherent, visually-distinct starting look. |
| Colour studio: solid / gradient / transparent ★ | Per-element colour modes with multi-stop gradients, angle control and live updates. |
| Typography control | Pick the font stack and set heading, message and label sizes and colours. |
| Effects & visual finishes | Glassmorphism, shadow, blur and opacity with automatic light/dark adaptation. |
| Motion & entrance animations | 10 entrance animations plus button variants and hover colours. |
| Brand logo upload | Put your logo on the banner and the preferences panels — upload or link. |
| Saved style presets NEW | Save colours, typography, effects and motion as a reusable preset and apply it anywhere. |
| Position & layout control | 10 placements for card layouts plus width control. |
| Corner radius control | From sharp to fully rounded to match your brand shape. |
| Persistent reopen tab | A floating "Cookie settings" tab so visitors can change or withdraw consent anytime. |
| Live preview (desktop & mobile) | WYSIWYG at real device sizes, with animations replaying as you tweak. |
| Categories & enforcement | |
| Admin-defined cookie categories ★ | Your own categories and wording — you decide what is essential. |
| Per-category enforcement ★ | Refuse a category and the matching capture genuinely stops at the source. |
| Auto-block third-party scripts ★ | Tag any script to stay dormant until its category is granted, then activate instantly. |
| AI cookie scanner & categorisation ★ | AI crawls your site, detects every cookie, categorises it and writes its purpose. |
| Cookie declaration table | A plain-language audit table of what you track, shown inside preferences. |
| Law & compliance | |
| Auto-by-region (geo-aware) ★ | EU/UK opt-in, US opt-out with "Do Not Sell", a banner for the rest of the world. |
| Global Privacy Control (GPC) honour ★ | Treat a GPC signal as a valid opt-out, no banner needed. |
| Do-Not-Track (DNT) honour ★ | Treat a browser DNT signal as an opt-out automatically. |
| Do Not Sell or Share (CCPA) ★ | A CCPA/CPRA control for US visitors in opt-out mode. |
| Group-domain consent sharing ★ | One choice carries across your group domains for 1–730 days. |
| Re-consent interval | Re-ask returning visitors after N days for stricter regimes. |
| Policy versioning & auto-re-prompt | Bump the policy version and everyone is re-prompted automatically. |
| Google Consent Mode v2 ★ | Emits the right gtag signals so GA4 and Google Ads obey consent natively. |
| IAB TCF v2.2 framework support | Optional __tcfapi surface and TC string for programmatic ads. |
| Content & localization | |
| Multi-language with AI translation ★ | AI translates your wording into 30+ languages with browser auto-detect. |
| Editable button & link text | Set every label and place policy links inline or below. |
| Additional custom links | Add Terms, Imprint or other links with your own labels. |
| Consent choice duration | How long a choice is remembered — 1–730 days, default 180. |
| Show-after delay NEW | Hold the banner back by a set delay so page content paints first. |
| Compliance & audit | |
| Consent ledger (tamper-evident) ★ | HMAC-chained hashes make a searchable, un-rewritable proof of every grant and revoke. |
| Admin access log ★ | Every view, edit, export and erasure recorded with a reason tag. |
| Data residency declaration | Declare EU / US / UK / APAC / other for your DPA. |
| Activity retention policy | Set an auto-delete window, or 0 to keep forever. |
| Consent Mode visitor capture NEW | Choose Capture-all, Balanced, PII-only or Strict — even within a granted category. |
| Controller & DPO details | Name, address and DPO details that flow into the DPA. |
| Printable DPA template ★ | Auto-filled GDPR, UK GDPR and CCPA addendum, ready to print to PDF. |
| Data subject rights | |
| DSAR export ★ | Export a contact's full archive as JSON — profile, activity, consent and access. |
| DSAR erasure ★ | Soft-delete and redact now, hard-delete after 30 days, with an audit trail. |
| Action Gateway for DSAR | Every DSAR operation is role-checked and access-logged. |
| Analytics & insight | |
| Consent analytics dashboard ★ | Live accept rates by category and domain, with a funnel and KPI cards. |
| AI consent analysis NEW | AI reads your KPIs and writes the insights plus the next steps to take. |
| Delivery | |
| Single-script delivery (via widget) ★ | The same opsiq.js that runs your chat carries the banner too — no second snippet. |
| Geo-aware boot | Detect the visitor region on boot and apply the right law mode and language. |
| Master enable / disable toggle | Show or hide the banner for all visitors immediately. |