NexaGuard
  1. Getting-Started
NexaGuard
  • Getting-Started
    • NexaGuard Developer Documentation
    • Quickstart (5 to 10 Minutes)
    • Documentation Overview
    • Concepts and Glossary
  • Compliance-and-Standards
    • Compliance Overview
    • IAB TCF v2.3 Support
    • Google Consent Mode v2 Validation
    • TCF API Validation
    • Audit Checklist (Pre-Launch)
  • Web-and-CMS-Integrations
    • NexaGuard CMP SDK – Web & GTM Setup
    • Integrate NexaGuard CMP with Webflow and Wix
    • Integrate NexaGuard CMP with WordPress
    • Integrate NexaGuard CMP with Drupal
    • Integrate NexaGuard CMP with Shopify
  • Mobile-SDKs
    • NexaGuard CMP SDK - iOS Setup
    • iOS SDK API Reference
    • NexaGuard CMP SDK - Android Setup
    • Android SDK API Reference
    • App Attribution Partner (AAP) Integrations
  • Developer-Reference
    • Web JS API Reference
    • Consent Event Schema
    • Deployment and Environments
    • NexaGuard Debug Tool
    • Troubleshooting Playbook
    • Performance and Best Practices
    • Accessibility and UX Guidelines
    • Localization Workflow
    • Migration Guide
  • Security-and-Privacy
    • Security Overview
    • Privacy Architecture
    • Data and Logging Transparency
    • Subprocessors
    • CSP and Network Allowlist
  • Enterprise-and-Legal
    • DPA and Legal Pack
    • RFP Feature Matrix
    • Status and Reliability
    • Support and Escalation
    • NexaGuard CMP SDK – Commercial Licence
  • Operations
    • Changelog and Version Policy
  1. Getting-Started

Concepts and Glossary

Last updated: February 18, 2026

1. Core Concepts#

Settings ID#

Unique NexaGuard identifier that maps your implementation to dashboard configuration, branding, framework settings, and vendor configuration.

Environments#

Use separate settings for staging and production. Never test production consent behavior using staging IDs.

Region Logic#

Banner behavior can vary by user region. Region routing should be validated before launch using VPN or geotest tools.

Consent States#

Minimum expected states:
default (before user interaction)
accept (user grants all configured purposes)
reject (user denies non-essential purposes)
custom (granular choices by purpose and vendor)

Consent Storage#

Consent state may be stored in browser/app storage and optionally synchronized to backend consent records depending on implementation mode.

Vendor List and GVL Updates#

For TCF implementations, vendor metadata and purposes are based on IAB Global Vendor List (GVL). Update behavior and re-consent logic should be documented in deployment runbooks.

2. Consent Lifecycle#

1.
System applies consent defaults on page/app load.
2.
Banner displays first layer and optional second layer.
3.
User submits a consent decision.
4.
CMP sends consent update signals to integrated platforms.
5.
User can reopen preferences and update the decision.
6.
Expiry and renewal rules trigger re-prompt when required.

3. Glossary#

CMP: Consent Management Platform.
TC String: Encoded Transparency and Consent signal for TCF.
GVL: Global Vendor List managed by IAB Europe.
Purpose: Legal data processing purpose in framework policy.
Vendor: Processing entity declared in consent framework.
Special Feature: Additional user-facing capability under TCF.
Legitimate Interest (LI): Legal basis distinct from explicit consent.
GPP: Global Privacy Platform signal framework.
GCM v2: Google Consent Mode v2.
ad_storage: Google consent key for ad storage.
analytics_storage: Google consent key for analytics storage.
ad_user_data: Google consent key for user data use.
ad_personalization: Google consent key for personalization use.
Previous
Documentation Overview
Next
Compliance Overview