U.S. Privacy Engine™

Your consent banner is configured.
Your tracking infrastructure isn’t.

Your ad tags are still firing after opt-out. Trackture’s U.S. Privacy Engine™ audits the enforcement layer across 21 state privacy laws — then fixes it, without disrupting your measurement.

See pricing How it works Talk to an engineer
21 state privacy laws
45+ vendors classified
Full audit report in ~90 seconds
No credit card required
Marketing leadership team discussing state-level privacy attribution and analytics strategy in a modern office

Why U.S. Privacy Tracking Compliance Is a Tracking Problem, Not a Legal One

Most marketing teams believe their cookie banner handles U.S. privacy compliance. It doesn’t.

A consent banner collects user preferences. Your tracking infrastructure is responsible for enforcing them. Without enforcement logic built into your tag manager, server-side setup, and ad platform configurations, your tags continue firing regardless of what a user chose — including GA4, Google Ads, Meta Pixel, LinkedIn, and any other marketing scripts deployed to your site.

This is the most common U.S. privacy tracking compliance gap in mid-market and enterprise stacks today. The banner exists. The enforcement layer doesn’t.

The consequence is two problems running in parallel:

  • Compliance exposure across California, Texas, Colorado, and 16 other states with active or imminent opt-out enforcement
  • Corrupted campaign data — because events are being collected from users who opted out, your conversion metrics, audiences, and attribution are contaminated

Trackture U.S. Privacy Engine™ is the enforcement methodology that sits between your consent banner and your tracking stack — ensuring opt-out behavior is technically honored across every tag, every state, and every user session.

The U.S. Privacy Engine™

A compliance platform — with engineers on tap when you need them.

Trackture is a scanning and enforcement platform purpose-built for U.S. state privacy laws. It audits how your tracking stack behaves after opt-out, generates defensible compliance reports, and issues time-bound certificates. Self-serve if you have in-house GTM expertise. Fully guided if you don’t.

Self-Serve Platform

For teams with in-house GTM & analytics expertise

Run unlimited audit scans on your own schedule. Fix violations with the Opt-Out Mode™ GTM template and detailed per-state remediation guidance. Issue your own compliance certificates.

  • Unlimited audit scans across 21 state laws
  • Opt-Out Mode™ GTM container + implementation guide
  • Per-state violation breakdown, vendor-level detail
  • AI-assisted remediation briefings
  • Compliance certificate on passing QA scan
Start free →
Guided Implementation

For teams that want it built & certified for them

Everything in the platform, plus hands-on implementation. Trackture engineers configure your GTM, server-side tagging, and CMP integration. You get a working enforcement layer and a certified clean scan.

  • Kickoff & architecture review call
  • GTM + server-side implementation by Trackture engineers
  • CMP integration for OneTrust, Cookiebot, Usercentrics, Osano, Termly
  • Implementation training & documentation walkthrough
  • Certified passing scan on delivery
Talk to an engineer →
What the engine enforces

Three layers of compliance, one platform.

Whether you run it yourself or have us run it for you, the platform enforces compliance at three distinct layers of your tracking stack.

01 — Tag Layer

State-Level Opt-Out Enforcement

The Opt-Out Mode™ GTM template maps consent signals from your CMP into structured denial states that suppress advertising, analytics, and personalization tags across the 21 state laws Trackture covers — including GPC enforcement as a hard block.

02 — Governance Layer

Unified Tracking Governance

Every vendor, every tag, every cookie classified and scored against per-state compliance requirements. Native CMP adapters for OneTrust, Cookiebot, Usercentrics, Osano, and Termly so enforcement is consistent regardless of which consent platform you run.

03 — Server-Side Layer

Server-Side Compliance via sGTM

When compliance requires suppressing server-side platforms — Segment, Marketo, HubSpot, Klaviyo, Mixpanel — the engine flags the violation and routes enforcement through your server-side GTM container. Your measurement stack stays intact.

How it works

Five steps to a defensible compliance posture.

The workflow is the same whether you run the platform yourself or hand it to our engineers. The only step that forks is step three — who builds the fix.

1

Scan

Point the engine at your live site. It simulates an opt-out, watches what actually fires, and classifies every tag, cookie, and server call.

2

Diagnose

Per-state violation breakdown across 21 laws. Vendor-level detail. AI-assisted remediation briefing calls out the top three fixes by urgency.

3

Implement

This step forks based on who’s doing the work.

Self-serve: use the Opt-Out Mode™ GTM template and implementation guide to ship the fix with your own team.
Guided: Trackture engineers configure your GTM, sGTM, and CMP integration. You review and approve.
4

Validate

Re-run the scan after implementation. Confirm zero violations across all covered laws. Iterate on anything still firing.

5

Certify

Passing QA scan issues a 90-day compliance certificate. Publicly verifiable. Re-certify on your cadence.

Start with step one.

Scan your site free — no credit card, no implementation required to see what the engine finds.

Run a free scan → Talk to an engineer
EU Consent Mode vs. U.S. Opt-Out Mode

Two privacy regimes. Two enforcement models. One common misconfiguration.

EU and U.S. privacy laws enforce from opposite directions. Many companies try to repurpose Consent Mode v2 for U.S. state laws — which leads to non-compliant tracking behavior and inconsistent measurement. The Trackture U.S. Privacy Engine™ audits and enforces the correct opt-out model for U.S. compliance, without disrupting your analytics stack.

European Union

GDPR / Consent Mode v2

Model: Opt-In

Default state
Tracking blocked until user consents
CMP requirement
Required Consent banner + storage
Consent signals
Modifies GA4 & Ads behavior based on granted/denied consent states
Ads personalization
Disabled until explicit consent is granted
U.S. opt-out rights
Not legally recognized in the EU framework
Enforcement layer
Front-end, consent-driven (banner + cookie state)

Result

A front-end, consent-driven model built for GDPR — not U.S. state laws.

United States — 21 Laws, 20 States

State Laws / Opt-Out Mode™

Model: Opt-Out

Default state
Tracking allowed by default until user opts out
CMP requirement
Optional Works with or without a CMP
GPC enforcement
Required CA, CO, CT, MT recognize Global Privacy Control
Opt-out scope
Do Not Sell/Share + targeted advertising opt-outs across 21 state laws
Platform behavior
Activates Restricted Data Processing (GA4) + Limited Data Use (Google Ads) on opt-out
Enforcement layer
Back-end enforced — tag-level suppression + server-side logic in sGTM

Result

A back-end enforced model that handles targeted advertising rules, data minimization, and restriction requirements across 20 states.

If your U.S. tracking is configured with Consent Mode v2 alone, you’re misconfigured by default. The platform audits your stack against the correct opt-out model.

Run a free scan →

Further reading: Google Consent Mode v2 — what it does and doesn’t solve for U.S. compliance

State Coverage

One enforcement model. Every U.S. state that matters.

Trackture U.S. Privacy Engine™ applies a unified enforcement framework across every active and enacted U.S. state privacy law — so your analytics stack uses a single ruleset that automatically applies the correct state-level requirements. As new states pass legislation, coverage extends without redevelopment.

21

state privacy laws

20

U.S. states covered

4

GPC-mandated states

1

unified ruleset

GPC

CA

California

CCPA / CPRA
GPC

CO

Colorado

CPA
GPC

CT

Connecticut

CTDPA

DE

Delaware

DPDPA

FL

Florida

FDBR

IN

Indiana

ICDPA

IA

Iowa

Iowa Act

KY

Kentucky

KCDPA

MD

Maryland

MODPA

MN

Minnesota

MNCDPA
GPC

MT

Montana

MCDPA

NE

Nebraska

NEDPA

NH

New Hampshire

NHPA

NJ

New Jersey

NJDPA

OR

Oregon

OCPA

RI

Rhode Island

RIDTPPA

TN

Tennessee

TIPA

TX

Texas

TDPSA

UT

Utah

UCPA

VA

Virginia

VCDPA
One system, one ruleset

Built for consistency — and for every state that passes next.

Fragmented per-state logic creates compliance debt. The engine applies a unified framework across all covered states, with automatic extension as new laws enact.

No per-state code paths

One enforcement framework, not 21 custom implementations.

No separate implementations

One CTLA-compliant setup handles every covered state.

Consistent across infrastructure

Tag-level and server-side enforcement behave identically.

Automatically extensible

New state laws extend the ruleset without redevelopment.

Verified per state

Every scan confirms compliance state-by-state with citations.

GPC tag marks states where Global Privacy Control is a legally recognized opt-out signal (CA, CO, CT, MT). Learn more at globalprivacycontrol.org.

The CTLA methodology

Compliance Tracking Layer Architecture. The enforcement framework behind every scan.

CTLA is Trackture’s reference architecture for implementing privacy enforcement across analytics and advertising systems. Rather than a software component, it defines how and where enforcement is applied across your consent platform, Google Tag Manager, Consent Mode v2, and server-side routing.

CTLA standardizes how state-level opt-out rules, Global Privacy Control signals, event suppression, and data minimization are configured, enforced, and verified before data is transmitted to GA4, Google Ads, or downstream endpoints. The platform audits every scan against this architecture — and certifies compliance when it passes.

System Architecture Diagram
CTLA architecture diagram showing user data flowing through enforcement checkpoints before reaching the server-side tagging layer
The three enforcement layers

Where CTLA operates in your stack.

Layer 01

Frontend Layer

Captures user actions, preferences, and GPC signals. Sends events to the CTLA enforcement layer before any data reaches analytics or advertising endpoints.

  • Consent banner + CMP integration
  • GPC signal detection
  • In-page preference capture
Layer 02

CTLA Enforcement Layer

Applies state-level rules, opt-out logic, event suppression, data minimization, RDP/LDU activation, and routing logic inside a controlled, auditable system.

  • State-based rule evaluation
  • Event suppression & rewriting
  • RDP + LDU activation logic
Layer 03

Server-Side Tagging Layer

Executes final compliance logic in sGTM and forwards minimized, compliant data to GA4, Google Ads, and other downstream endpoints.

  • sGTM routing + transformation
  • Downstream endpoint governance
  • Payload minimization enforcement

Trade secret notice. The CTLA methodology and Opt-Out Mode™ enforcement patterns are proprietary to Trackture LLC. The platform audits your stack against CTLA and implements it through the Opt-Out Mode™ GTM template.

Audit your CTLA implementation →
Deliverables

What you get, and how it’s delivered.

Trackture U.S. Privacy Engine™ delivers a complete enforcement package — platform outputs every paid account receives, plus a set of guided add-ons for teams that want Trackture engineers to handle the implementation. Every deliverable is engineered for consistent enforcement, technical clarity, and long-term maintainability.

Platform Deliverables

Included in every account

What the SaaS produces automatically. No services engagement required.

FREE TIER 1 TIER 2 TIER 3

  • Automated Compliance Scan

    Full-stack audit of every tag, cookie, and request on your site against 21 state privacy laws. Detects violations, classifies vendors, maps enforcement gaps.

  • Per-State Compliance Report

    Vendor-level breakdown of violations with law citations, severity ratings, and remediation requirements for each of the 21 covered state laws.

  • Opt-Out Mode™ GTM Template

    Production-ready GTM container implementing CTLA enforcement patterns — CMP adapters, state resolver, RDP/LDU activation logic, GPC detection. Self-deploy with guide.

  • AI Remediation Briefings

    Post-scan interpretation prioritizing your top 3 remediation actions by urgency, states affected, and compliance risk.

  • Compliance Certificate

    Time-bound certificate (90-day validity) issued on passing QA scan. Publicly verifiable via unique cert ID and QR code.

  • Scheduled Re-Scans

    Monthly automated audit scans with completion notifications. Catches new violations as your stack evolves — new tags, vendor changes, CMP updates.

Guided Implementation

Service layer add-ons

Trackture engineers implement for you. Available on Tier 2 and Tier 3 engagements.

FREE TIER 1 TIER 2 TIER 3

  • Kickoff & Architecture Review

    Discovery call with Trackture engineers. Stack assessment. Scope and timeline confirmation. Direct point of contact assigned.

  • GTM & CMP Configuration

    Full deployment of Opt-Out Mode™ in your Google Tag Manager. Native integration with OneTrust, Cookiebot, Usercentrics, Osano, or Termly.

  • Server-Side GTM Implementation

    sGTM deployment including state-based suppression logic, payload minimization, and downstream endpoint governance for GA4, Google Ads, and Meta CAPI.

  • QA Verification & Handoff

    Every enforcement rule manually tested across the 21 covered states. Passing certification on delivery. No “hope it works” deployments.

  • Implementation Training

    Documentation walkthrough with your team. Technical knowledge transfer so your team can maintain and extend the deployment post-handoff.

  • Architecture & Handoff Documentation

    State-by-state behavior maps, sGTM configuration diagrams, and QA verification procedures for your internal governance and audit trail.

Both paths enforce the same CTLA architecture. The only difference is who performs the implementation — your team or Trackture engineers.

Pricing

Four ways to run U.S. Privacy Engine™

Start free with no credit card. Scan unlimited times on Tier 1 once you’re ready. Step up to a guided implementation when your team wants engineers doing the work.

Annual saves 30%
Free

Try the Platform

See the gaps in your stack. No commitment required.

$0 forever

No credit card. Work email required.

Start free →

Includes

  • 3 audit scans per 30-day window
  • Partial compliance reports
  • Dashboard access
  • AI remediation briefings
  • Opt-Out Mode™ GTM template
  • Compliance certificate
Most Popular Tier 1 — Self-Serve

Run the Platform

Full platform access. Run, fix, and certify your own stack.

$99 $129 /month

Billed annually — $1,188/year

Billed monthly — $1,548/year

Start with Tier 1 →

Everything in Free, plus

  • Unlimited audit scans
  • Full unredacted reports
  • AI remediation briefings
  • Opt-Out Mode™ GTM template + guide
  • 3 QA certification scans per 90-day window
  • 90-day compliance certificate
  • Monthly automated re-scans
  • 1 domain included
Tier 2 — Guided

Platform + Engineers

Trackture engineers build it. You review and approve.

$99 $129 /month

Billed annually — $1,188/year

Billed monthly — $1,548/year

+ Setup: $2,500–$5,000 one-time
Talk to an engineer →

Everything in Tier 1, plus

  • Kickoff + architecture review call
  • GTM + CMP configuration by Trackture
  • QA verification + certified handoff
  • Implementation training
  • Architecture documentation package
  • Direct engineering point of contact

About the setup fee

Final fee depends on tracking complexity — tag count, vendor footprint, and CMP configuration. Quoted after the kickoff call.

Tier 3 — Enterprise

Multi-Domain Partnership

Dedicated engineering for portfolios and multi-property operators.

Proposal-based

Annual contract. SLA-backed. Not publicly listed.

Request proposal →

Everything in Tier 2, plus

  • Multiple domains per agreement
  • sGTM implementation included
  • Monthly or custom scan cadence
  • Dedicated account contact
  • SLA-backed support
  • Global / multi-territory support
  • Custom certification cadence
Add-ons & extensions

Scale beyond the base plan.

Optional services that extend Tier 1 and Tier 2 beyond the included scope. Add what you need, when you need it.

Server-Side GTM Implementation

Full sGTM deployment with payload minimization and downstream endpoint governance for GA4, Google Ads, and Meta CAPI.

$1,500–$3,500

One-time, scope-dependent

Get a quote →

Additional Domains

Extend coverage across multiple sites under one account. Each domain gets its own scans, certificates, and recipient configuration.

$39/mo

Per domain, billed annually

Add to plan →

Ongoing Support & Maintenance

Monthly retainer for engineering support — vendor changes, CMP updates, GTM modifications, and ad-hoc remediation work.

$399/mo

4 engineering hours/month

Talk to us →

Quarterly Compliance Audits

Manual deep audit beyond automated scans. Engineering review of edge cases, custom integrations, and complex tracking architectures.

$299/qtr

Billed quarterly

Schedule audit →

Custom CMP Integration

Native adapter for any CMP not covered by our default integrations (OneTrust, Cookiebot, Usercentrics, Osano, Termly).

$750

One-time, per CMP

Request adapter →
Who We Build For

Common customer profiles — not a checklist.

Trackture U.S. Privacy Engine™ is built for any organization running analytics, advertising, or marketing tags on a website with U.S. visitors. The profiles below are who we see most often — not who we’re limited to.

If your website runs ad pixels, analytics, or any third-party tracking, and you have customers in any U.S. state with a privacy law — Trackture applies to you. The profiles below are illustrative, not exhaustive.

B2B SaaS Companies

Enterprise buyers are increasingly asking U.S. privacy compliance questions during procurement. A documented enforcement layer is now a procurement differentiator, especially when your prospects operate in regulated industries themselves.

Ecommerce Brands (Shopify & Custom)

Running remarketing audiences that include California, Texas, or Colorado users? State-based suppression is not optional. Opt-Out Mode handles it without killing your performance data or breaking your attribution.

Multi-Location Operators

Dealership groups, home service franchises, and multi-location retailers operating across several states face compounding compliance exposure. One enforcement layer covers all locations under unified governance.

Organizations with a CMP in Place

If your CMP was implemented for GDPR and hasn’t been configured for U.S. opt-out enforcement, you have a gap. Your banner is live but your enforcement layer isn’t. Trackture extends the configuration without ripping out what you already built.

Server-Side Tagging (sGTM) Adopters

Teams moving to first-party, server-side infrastructure need compliant enforcement at the server tier, not just the browser. CTLA architecture treats sGTM as a first-class enforcement layer rather than a downstream destination.

Regulated & Trust-Sensitive Verticals

Retail, healthcare-lite, and finance-lite businesses with elevated expectations around privacy and user trust, but without heavy HIPAA or GLBA classification. Demonstrable compliance becomes a market signal as much as a legal one.

Don’t see your exact category? It probably still applies. Every U.S. business running tracking on their website is in scope — the personas above are the ones we see most often, not the ones we’re limited to.

Organizational Benefits

Operational outcomes, not just compliance checkboxes.

U.S. Privacy Engine™ consolidates fragmented privacy logic into a single auditable enforcement layer. The result is reduced operational risk, cleaner data, and a foundation that scales as state laws evolve — without rebuilding your stack every time a new bill passes.

01

Reduced Legal Exposure

Automated enforcement of opt-out rules, GPC signals, and Do Not Sell/Share requirements across 21 laws in 20 states. The platform reduces the surface area for non-compliant data flows that drive regulatory complaints.

02

Consistent Tracking Behavior

A single enforcement framework governs how every tag, vendor, and server-side endpoint behaves — regardless of which state a user is in. One ruleset, not twenty.

03

No Custom Engineering Required

The Opt-Out Mode™ GTM template, CMP adapters, and CTLA enforcement logic ship pre-built. Your team configures — they don’t build state suppression logic from scratch.

04

Future-Proof Coverage

As new state laws enact, the platform’s ruleset extends without changes to your analytics or advertising infrastructure. You don’t re-implement every time legislation passes.

05

Cleaner Measurement Data

Tags that should suppress, suppress. Tags that should fire, fire. The result: GA4, Google Ads, and remarketing audiences run on compliant, uncontaminated event streams instead of mixed signal.

06

Defensible Compliance Posture

Time-bound certificates, per-state violation reports, and architecture documentation give legal, IT, and procurement teams a verifiable record — not a vendor claim.

Scope Clarifications

Where the platform stops, and your legal team starts.

U.S. Privacy Engine™ is a technical enforcement platform, not a legal services provider. It handles the engineering layer of compliance — tag-level suppression, server-side enforcement, GPC detection, certificate issuance. It does not replace the work your legal counsel performs. The split below makes the boundary explicit.

The Platform Handles

Technical enforcement layer

What U.S. Privacy Engine™ configures, audits, and certifies automatically.

  • State-level opt-out enforcement across 21 laws in 20 states

  • GPC signal detection and enforcement (CA, CO, CT, MT)

  • Tag-level suppression, payload minimization, and routing logic

  • GA4 Restricted Data Processing + Google Ads Limited Data Use activation

  • Server-side enforcement via sGTM (when configured)

  • Per-state violation reports with vendor-level breakdown

  • CMP integration for OneTrust, Cookiebot, Usercentrics, Osano, Termly

  • Time-bound compliance certificates issued on passing scan

Stays With Your Legal Team

Legal & governance work

What your counsel, privacy team, or DPO retains responsibility for.

  • Legal interpretation and advice

  • Privacy policy drafting and revisions

  • State-mandated legal disclosures and consumer notices

  • Children’s data compliance (COPPA, state-level minor protections)

  • Sensitive data classification and governance

  • Vendor contract updates — DPAs, SCCs, and processor agreements

  • Consumer rights request handling (DSAR, deletion, portability)

  • Internal record-keeping and regulatory filings

Trackture is not a law firm and does not provide legal advice. Compliance certificates issued by the platform attest to the technical state of your tracking stack at the time of scan — not to your organization’s overall legal compliance posture.

Frequently Asked Questions

Answers for marketing, engineering, and legal teams.

Common questions about how the platform works, what it covers, and how it fits alongside your existing CMP, GTM, and analytics infrastructure.

U.S. privacy tracking compliance is the technical enforcement of state-level opt-out rights inside your analytics and advertising stack. When a user opts out of targeted advertising or data sale and sharing, your tracking tags — GA4, Google Ads, Meta Pixel, LinkedIn, and any other scripts on your site — must stop collecting and transmitting data for that user.

A cookie banner alone does not achieve this. The banner captures preference; the enforcement layer applies it. That layer lives in your tag manager logic, your server-side configuration, and your CMP integration.

The free tier gives you 3 audit scans per 30-day window, dashboard access, and partial compliance reports. No credit card required. It’s designed to let you see what the engine finds in your stack before deciding whether to upgrade.

Free tier does not include the Opt-Out Mode™ GTM template, AI remediation briefings, or compliance certificates. Those unlock at Tier 1.

Tier 1 self-serve is built for teams that have someone — in-house or via an agency — comfortable in Google Tag Manager and Consent Mode v2 configuration. The Opt-Out Mode™ template ships pre-built, but it still needs to be installed in your GTM container, connected to your CMP, and tested.

If your team doesn’t have that capacity, Tier 2 Guided is the right fit. Trackture engineers handle GTM, sGTM, and CMP integration end to end. You review and approve. The platform itself is identical — the difference is who performs the implementation.

Tier 1 and Tier 2 accounts run monthly automated re-scans by default, plus unlimited on-demand scans whenever you want to verify a change. Tier 3 Enterprise supports custom scan cadences — weekly, bi-weekly, or aligned to your release cycle.

QA certification scans, which issue the time-bound compliance certificate, are limited to 3 per 90-day window on Tier 1 and Tier 2.

Certificates are valid for 90 days from issuance. Re-certification requires running a fresh QA scan that confirms zero violations across all covered laws. Each certificate is publicly verifiable via a unique cert ID and QR code.

The 90-day window reflects the reality that tracking stacks change — new tags get added, vendors update, CMPs are reconfigured. A short validity window forces re-verification rather than a one-time stamp that drifts out of date.

None. The scanner runs from Trackture-controlled headless browser environments, not from your visitors’ sessions. It simulates an opt-out flow, observes which tags fire, classifies the network requests, and records vendor behavior. No real user data, no PII, no session data is involved.

Scan results contain technical metadata about your tracking stack — tag names, vendor classifications, cookie inventories, network call destinations — not customer data.

The platform enforces the technical components of CPRA’s Do Not Sell/Share signals and targeted advertising opt-outs through event-level suppression, GA4 Restricted Data Processing, and Google Ads Limited Data Use.

Legal disclosures, privacy policy language, and regulatory filings remain the responsibility of your legal team. Trackture is not a law firm and does not provide legal advice.

Yes, in California, Colorado, Connecticut, and Montana. These four states require businesses to honor Global Privacy Control signals as a valid opt-out of data sale or targeted advertising.

Opt-Out Mode™ detects and enforces GPC signals automatically as a hard block, overriding in-page preferences where GPC takes legal precedence.

The platform is built for incremental expansion. As new states enact privacy legislation, the enforcement ruleset extends without changes to your analytics or advertising infrastructure.

CTLA — the Compliance Tracking Layer Architecture behind the engine — was designed specifically for this. You don’t re-implement every time a new bill passes.

GDPR uses an opt-in model — no tracking until the user consents. U.S. state laws use an opt-out model — tracking is allowed by default until the user opts out.

Consent Mode v2 was designed for GDPR’s opt-in model and does not correctly handle U.S. opt-out requirements. Applying GDPR logic to U.S. markets results in either over-suppression (losing valid measurement data) or under-suppression (non-compliant tracking).

Yes. The Opt-Out Mode™ template ships as a GTM container import. CTLA enforcement runs at both the client-side GTM layer and inside server-side GTM, where suppression cannot be bypassed by browser extensions, ad blockers, or client-side script interruptions.

For teams already running sGTM, the platform adds compliance enforcement as a first-class layer rather than a downstream destination. Your measurement stack stays intact — what changes is what’s allowed to fire and what gets minimized.

No. Consent Mode v2 is designed for EU and EEA markets under GDPR, which uses an opt-in model. U.S. state laws use an opt-out model — fundamentally different enforcement logic.

Companies operating in both regions run Consent Mode v2 for EU traffic and Opt-Out Mode™ for U.S. traffic. The platform engineers both layers so they coexist without conflict.

A CMP is not legally required for U.S. state compliance, but most organizations run one for operational consistency and to surface opt-out preferences to users. Opt-Out Mode™ functions with or without a CMP.

Native CMP adapters ship for OneTrust, Cookiebot, Usercentrics, Osano, and Termly. Custom adapters for any other CMP are available as a one-time add-on.

Minimal impact on aggregate reporting. For opted-out users, identifiers and advertising signals are minimized or suppressed as required. GA4 Restricted Data Processing keeps measurement stable, and server-side enforcement preserves accurate event delivery for compliant traffic.

For most organizations, a proper Opt-Out Mode™ implementation actually improves data quality by removing contaminated events from users who opted out but were still being tracked due to missing enforcement logic.

Tier 1 and Tier 2 are per-domain subscriptions. The base plan covers one primary domain with unlimited audit scans and unlimited team seats. Additional domains are $39/month each, billed annually.

Tier 2 Guided adds a one-time setup fee of $2,500 to $5,000 depending on tracking complexity — tag count, vendor footprint, CMP configuration. Quoted after the kickoff call. Tier 3 Enterprise is proposal-based for multi-domain portfolios and operators with custom requirements.

Subscription fees on Tier 1 and Tier 2 are refundable within 14 days of initial purchase. After that, you can cancel auto-renewal anytime and retain access through the end of your paid term, but partial refunds are not issued for the unused portion.

Implementation and setup fees on Tier 2 Guided are non-refundable once kickoff occurs, since the engineering work begins immediately. Tier 3 Enterprise terms are negotiated per contract.

Still have questions?

Talk to a Trackture engineer about your specific stack, your CMP, and how the platform fits.

Talk to an engineer →

Get Your Free Compliance Snapshot

No obligations. We review your setup and tell you exactly where your exposure is.

Start with a Free Rapid Compliance Snapshot — no system access required.