Universal Consent and Preference Management
Manage every end-user privacy choice — cookie consent, opt-outs, marketing preferences, and AI controls — from one place, kept in sync across your systems.
MineOS provides universal consent and preference management: a single system for collecting, consolidating, synchronizing, and applying every choice your end users make about their personal data. This goes well beyond cookie consent — deletion requests, sale and sharing opt-outs, marketing preferences, sensitive-data limitations, and AI-related choices are all captured in one place, governed by one record of truth, and enforced across your entire stack.
One record of truth for every user choice
At the center of the capability is the MineOS suppression list — a managed registry that holds the current privacy choices of each end user, per identifier. Every entry records the user's active choices (deletion, do-not-sell, targeted-advertising opt-out, marketing opt-out, automated decision-making opt-out, AI-training opt-out, and sensitive-data limitation), along with when it was last updated, where the choice came from, and how it was resolved.
Identifiers are stored as cryptographic hashes rather than raw email addresses or phone numbers, so the registry itself holds no directly identifying data — a privacy-by-design safeguard consistent with GDPR data-minimization principles (Article 5).
Collecting choices from every channel
User choices enter the registry from every touchpoint where they are expressed:
- Consent banner — the MineOS Consent Management Platform (CMP) captures opt-in consent and opt-outs for cookies and trackers, including Global Privacy Control (GPC) signals, and writes the resulting consent records to the registry.
- Privacy Center — your branded, self-service portal where end users manage their preferences and exercise their privacy rights directly, at any time.
- Data Subject Requests — deletion and opt-out requests submitted through MineOS request workflows update the registry automatically as they are fulfilled.
- Regulatory deletion lists — identifiers received through the California Delete Act's DROP mechanism are ingested on the required cadence, matched, and recorded — including identifiers retained for matching against future data.
- API — your own applications and back-office systems can add, update, and look up choices programmatically.
Consolidating choices across sources
Because every channel writes to the same registry, a user's choices are consolidated rather than scattered across a consent tool, an email platform, and a ticketing system. Each entry carries its full context — source, timestamp, and resolution outcome (for example, whether a deletion-list identifier was matched and erased, or retained pending a future match) — giving privacy teams a defensible, audit-ready account of every choice, in line with GDPR Article 7's requirement to demonstrate consent and CCPA record-keeping obligations.
Synchronizing choices with your systems
Choices only matter if the systems acting on personal data respect them. MineOS keeps downstream systems aligned in two ways:
- Marketing integrations — native integrations sync the registry with your marketing and engagement platforms, so an opt-out captured anywhere is reflected where campaigns are actually sent. Each integration subscribes to the choice types relevant to that destination.
- Lookup and delivery API — systems can query a user's current choices in real time, or pull incremental updates to stay continuously in sync.
Applying choices — including to AI
Applied enforcement closes the loop. The CMP enforces tracker consent on your websites; marketing integrations enforce opt-outs at the point of send; and the registry's AI-related choices — opting out of automated decision-making and of AI model training — give your data science and ML pipelines a definitive exclusion set to honor. This positions your organization for emerging obligations such as the CCPA automated decision-making technology rules and the expanding state-level profiling opt-out landscape, alongside GDPR Article 22.
Monitoring and demonstrating compliance
Dedicated dashboards track the registry over time: choice volumes by type and source, deletion-list processing outcomes, and the sync status of every connected destination. An exploration view lets privacy teams investigate individual entries and export evidence — turning day-to-day preference management into demonstrable compliance.
Setting it up
-
Set up your Privacy Center and rights. Configure your branded Privacy Center and define the privacy rights your users can exercise, including custom rights. See Setting up your Privacy Center and Creating custom rights.
-
Use the data. Every account includes a dedicated, secure view of its own registry data, hosted on Google BigQuery. Query it directly, explore it through the built-in dashboard, deliver the data to your own systems or use a sync integration from the Automations Marketplace. See Registry schema reference
-
Record preferences from your request workflows. Add the DSR Helper integration to any data subject request workflow to write the resulting choices to the registry automatically as requests are fulfilled. See Using the Managed Suppression List DSR Helper
