1. Security-and-Privacy
NexaGuard
  • Getting-Started
    • NexaGuard Developer Documentation
    • Quickstart (5 to 10 Minutes)
    • Documentation Overview
    • Concepts and Glossary
  • Compliance-and-Standards
    • Compliance Overview
    • IAB TCF v2.3 Support
    • Google Consent Mode v2 Validation
    • TCF API Validation
    • Audit Checklist (Pre-Launch)
  • Web-and-CMS-Integrations
    • NexaGuard CMP SDK – Web & GTM Setup
    • Integrate NexaGuard CMP with Webflow and Wix
    • Integrate NexaGuard CMP with WordPress
    • Integrate NexaGuard CMP with Drupal
    • Integrate NexaGuard CMP with Shopify
    • Google Tag Manager (GTM) Template Guide
  • Mobile-SDKs
    • NexaGuard CMP SDK - iOS Setup
    • iOS SDK API Reference
    • NexaGuard CMP SDK - Android Setup
    • Android SDK API Reference
    • App Attribution Partner (AAP) Integrations
  • Developer-Reference
    • Web JS API Reference
    • Consent Event Schema
    • Deployment and Environments
    • NexaGuard Debug Tool
    • Troubleshooting Playbook
    • Performance and Best Practices
    • Accessibility and UX Guidelines
    • Localization Workflow
    • Migration Guide
  • Security-and-Privacy
    • Security Overview
    • Privacy Architecture
    • Data and Logging Transparency
    • Subprocessors
    • CSP and Network Allowlist
  • Enterprise-and-Legal
    • DPA and Legal Pack
    • RFP Feature Matrix
    • Status and Reliability
    • Support and Escalation
    • NexaGuard CMP SDK – Commercial Licence
  • Operations
    • Changelog and Version Policy
  1. Security-and-Privacy

Privacy Architecture

Last updated: February 18, 2026
This page explains what NexaGuard CMP processes, and what it does not process, in standard deployments.

1. Data Processing Scope#

NexaGuard CMP processes consent-related data needed to manage preference collection and signaling.
Typical data elements:
consent state and purpose/vendor choices
consent timestamps
framework and region flags
technical identifiers needed for consent continuity

2. Data Minimization#

By design, CMP workflows should avoid storing direct personal content fields unless explicitly required by customer configuration and legal basis.

3. What Is Not Stored by Default#

The following should not be stored as part of core consent workflow unless separately configured:
plain-text personal profile information
free-form sensitive user content
unnecessary persistent identifiers

4. Controller and Processor Roles#

Typical model:
Customer: data controller for website/app consent implementation
NexaGuard: processor for consent signal management services
Final role assignment is defined by contract and DPA terms.

5. Regional Processing Notes#

Region-specific policy behavior should be configured per legal guidance.
International transfer controls should be documented in legal pack and DPA.

6. Related Pages#

Data and Logging Transparency
DPA and Legal Pack
Compliance Overview
Previous
Security Overview
Next
Data and Logging Transparency