Highlights → Tracking consent controls — comply without third-party tools

Tracking consent controls — comply without third-party tools

May 5, 2026. Cookie banners, consent logs, and per-visitor preference storage are native to SGEN. No third-party plugin, no separate vendor.

What changed

Before: a SGEN site that needed GDPR/CCPA compliance bolted on a third-party consent tool — CookieYes, OneTrust, Cookiebot. Each tool came with its own configuration UI, its own subscription cost, and its own risk of breaking when the platform updated.

After: tracking consent is part of the SGEN admin. Configure the banner, set the cookie categories, store the preferences, surface the audit log — all in one place.

What you can configure

The native consent surface includes:

  • Cookie banner — the dismissable bar/popup that appears for new visitors. Configure copy, position (top/bottom/inline), colors, and the categories shown.
  • Cookie categories — Strictly necessary (always on), Analytics, Marketing, Functional. Each category controls which trackers fire when the visitor opts in.
  • Preference center — the "Manage cookies" page where visitors can revise their consent later. Auto-generated, accessible at /cookie-preferences on every SGEN site.
  • Consent logs — every consent decision is logged with timestamp, visitor anonymized identifier, and chosen categories. Useful for audit trails.
  • Per-region rules — different defaults for visitors from different regions (e.g., GDPR opt-in for EU, CCPA opt-out for California).

How it integrates with analytics + marketing

The consent state controls which trackers fire:

  • Analytics opted-out → SGEN's first-party analytics still runs (anonymized, no IP), but third-party scripts (Google Analytics, Meta Pixel) don't load.
  • Marketing opted-out → No Meta Pixel, no Google Ads conversion tag, no LinkedIn Insight.
  • Functional opted-out → No live-chat widget, no embedded media analytics.
  • Strictly necessary → Always fires (session cookies, CSRF tokens, etc.). Not optional.
Cross-site analytics (the April 25 Highlight) respects this — visitors who opt out of analytics don't appear in the Cross-site rollup either.

Banner customization

The banner inherits your site's theme tokens automatically:

  • Background color = your theme's surface token
  • Text color = your theme's text token
  • Button colors = your theme's primary action token
  • Typography = your theme's body font
If your brand needs the banner to look different from the site itself, override per-token in Admin → Settings → Tracking Consent → Banner Style.

Consent log audit trail

Every consent decision logs:

  • Timestamp
  • Visitor anonymized identifier (a hash, not the IP)
  • Categories accepted / declined
  • Banner version at time of decision
  • Region detected
  • Revision (if the visitor changed their mind later)
The audit log is queryable in Admin → Tracking Consent → Logs. Useful when a regulator asks "how do you handle consent for visitor X."

Per-region rules

Different jurisdictions have different consent defaults. SGEN's surface supports per-region behavior:

  • EU / UK — opt-in default. Banner blocks tracking until accept.
  • California — opt-out default. Banner offers "Do not sell" toggle.
  • Other regions — no banner by default, configurable.
Region detection is based on the visitor's CDN edge location, not a geo-IP guess. Accurate enough for compliance, no third-party geolocation service needed.

Why this matters

GDPR fines and CCPA enforcement keep rising. Most third-party consent tools cost $50-200/month per site and add a layer that can break on platform updates. Many small operators skip the compliance work entirely — which works until it doesn't.

Bringing consent native to the platform changes the math: every SGEN site has compliance available, configured in minutes, with the audit trail to defend an investigation. No subscription, no plugin maintenance, no integration risk.

Common patterns

  • A US site adding EU traffic. Configure EU per-region rule, set banner copy, point Privacy Policy link at your existing policy page. Compliance ready in 10 minutes.
  • A multi-region operator. Configure per-region defaults once. EU visitors see opt-in banner, California visitors see CCPA toggle, rest of world sees no banner. Audit log captures everything.
  • An agency white-labeling for clients. Each client site gets its own consent config, branded with that client's theme. The audit log is per-site so different clients' data doesn't mix.
  • Switching off a third-party tool. Disable the existing CookieYes/OneTrust integration. Configure the native banner. The cost saving funds another year of platform tier.

What's not in this release

  • A/B testing different banner copy. Some teams want to test whether "Accept all" vs "Accept necessary only" drives different opt-in rates. Banner A/B is in NEXT.
  • Custom consent categories. Today the four categories (necessary, analytics, marketing, functional) are fixed. Custom categories are in LATER.
  • CMP TCF v2 integration. The IAB TCF framework for programmatic advertising is in NEXT. If you run programmatic ads today, the native banner covers user-facing consent but doesn't yet emit TCF strings.

Behind the work

The audit log layer leans on the same logging infrastructure that powers form submissions and ecommerce orders. The April 15 changelog entry (backup workflows + support context + documentation updates) is the work that made the audit log durable + restorable.

Next steps

  • Read the Reference at Reference → Tracking Consent for field-level detail.
  • Configure the banner at Admin → Settings → Tracking Consent — first-time setup is ~10 minutes.
  • If you're currently using a third-party consent tool, the native surface is a drop-in replacement. Migrate at your next plan renewal.
On this page