Consent management is how you keep a clear, auditable record of what your visitors have agreed to — and why you're allowed to process their data. The Consent Manager (under 360 Tools) is where you define the purposes you collect data for and review every grant or deny decision in one place.

It gives you three working views, plus a tab for SDK integration:

  • Purposes — the categories of data use you ask people to consent to.
  • Consent Records — a log of every grant/deny decision, per user, with where it came from.
  • Per-Purpose Breakdown — grant rates so you can see which purposes people accept and which they reject.

It's built to support GDPR, India's DPDPA, and similar privacy regimes, where you need to show both that you had a lawful basis to process data and that you can prove it.

A purpose is a specific reason you collect or process data — for example, product analytics, marketing communications, or strictly necessary site functionality. On the Purposes tab, click Create Purpose and fill in:

FieldWhat it's for
NameA clear, human-readable label users and teammates will recognise.
DescriptionPlain-language explanation of what the purpose covers.
Legal basisWhy you're allowed to process this data: Consent, Legitimate interest, Contract, or Legal obligation.
EssentialMarks the purpose as strictly necessary for your site to function.

Choose a legal basis that genuinely fits the purpose — it's the answer to "why is this processing lawful?" and it's what regulators ask about first.

Essential purposes are permanent

Marking a purpose Essential means it can't be turned off or deleted — the toggle and delete controls are disabled for it. Reserve this for the bare minimum your site truly can't run without. Everything else should stay optional so people can decline it.

Set purposes up early

It's much harder to apply consent categories after the fact. Define your purposes before you start collecting at scale, so every record lands against the right category from day one.

The Consent Records tab is a newest-first log of individual decisions. Each row shows:

  • User — who the decision belongs to.
  • Purpose — which purpose they granted or denied.
  • Decision — granted or denied.
  • Source — where the decision came from: SDK, API, Manual, Banner, or Import.
  • When — the timestamp.

This is your audit trail. If someone asks what they agreed to and when, this is where you find it.

Reading grant rates

The Per-Purpose Breakdown shows a bar for each purpose with its grant rate, color-coded so problems stand out:

  • Green — strong acceptance (70% or higher).
  • Orange — middling (40–69%).
  • Red — low acceptance (under 40%).

A low grant rate is a useful signal. It often means the consent copy is unclear, or you're asking for more than people are comfortable with. Treat it as a prompt to revisit the wording or scope of that purpose.

How enforcement works today

This is the important honest caveat: the Consent Manager is a system of record, not yet a runtime gate inside the tracker. Recording a "deny" decision here does not, on its own, stop the tracker from collecting — the in-SDK consent enforcement is still being built.

So for now, enforce consent like this:

  1. Gate collection through your existing consent platform (your CMP / cookie banner). Only load or fire the tracker once your consent tool says it's allowed.
  2. Let the tracker respect browser privacy signals. It can honour browser-level Do Not Track and Global Privacy Control signals so people who've opted out at the browser level are respected automatically.

The SDK Integration tab reflects this honestly — it's a placeholder until the in-tracker consent controls ship. When they do, this tab will give you the real integration snippet.

For developers wiring this up

The exact options for respecting browser opt-out signals, and the planned consent API, are covered in the developer consent guide.

Next steps

Last updated 2026-06-11

We use cookies for analytics — to understand how visitors use UMAP360 and improve the product. Essential cookies (session, forms) always run; analytics cookies wait for your call. See cookie policy.