Osano’s CMP architecture is designed to keep protected end-user data safe and keep Osano’s customers within legal compliance with various regulations, such as CCPA, GDPR, LGPD, etc. To this end, we process all Consent Manager-related data in AWS region “EU-west-1”, located in Ireland. From here, all data is encrypted before storage in our central AWS region, “us-east-1”. We process information in Ireland to keep within the European Union (EU) regulations regarding protected information data transfers outside the EU.
The CMP data flow can be described as:
Stage |
Data Exchanged |
Osano.js CM Script Delivery |
Customer tracker rules, user interface, language translations. |
CM Script Consent Recording |
User consent info delivered to Osano assets in EU-west-1via encrypted SSL. |
Consent Record Processing |
User consent info processed, encrypted, and sent for storage to us-east-1. |
Consent Record Storage |
User consent info is stored for reporting and querying in a cryptographically verifiable, immutable journaling database. |
Below is a simplified architectural + data flow diagram describing the interactions between the various pieces of the Consent Management system.