Product Overview
Single Product, Two Modules
Consent Management Layer
Handles all external-facing consent operations and enforcement.
Capabilities:
- Purpose-specific consent capture (grant/deny)
- Verify-before-processing API (runtime enforcement)
- Consent withdrawal and renewal workflows
- Webhook delivery + acknowledgement loop
- Grievance intake and SLA tracking
- Immutable audit logs and compliance reporting
- Embeddable widgets and iframe integrations
Privacy Intelligence Layer
Runs inside your infrastructure to manage internal data visibility and compliance validation.
Capabilities:
- Enterprise-wide data discovery
- PII scanning with classification and scoring
- Cross-system identity mapping (human-in-loop)
- Post-withdrawal compliance verification
- Connector-based integration across systems
- Metadata-first processing (no external PII movement)
How the Modules Work Together
SaaS
SaaS module captures and enforces consent
On-Prem
On-Prem module discovers, maps, and verifies data internally
Secure Exchange
Both modules exchange events securely via APIs and webhooks
Result: Closed-loop compliance
action → enforcement → verification → evidence
Core Use Cases
Purpose-specific consent capture
Granular consent collection for specific intents and usage.
Real-time consent verification before processing
Verify consent states before external processing occurs.
Consent withdrawal with proof of execution
Demonstrate proper withdrawal handling with auditable logs.
Enterprise data discovery
Answer 'Where is the PII?' across disparate systems.
Cross-system identity resolution
Reliably link user identities across platforms.
Post-withdrawal compliance validation
Ensure data is handled correctly after withdrawal.
Feature Breakdown
- Purpose-level consent control (no bundling)
- Consent artifacts with metadata
- Renewal and expiry workflows
- Instant withdrawal propagation
- Enforcement via API before processing
- Immutable audit logs (hash-chained)
- Consent artifact tracking with versioned notices
- Webhook delivery logs + acknowledgements
- Integrity verification endpoints
- Compliance-ready reports
- Signed webhook events (HMAC-SHA256)
- Delivery ID tracking
- Acknowledgement API loop
- Idempotent event handling
- Connector-based scanning across systems
- Schema + sample + full scan modes
- Confidence-based classification
- Risk heatmaps and prioritization
- Probabilistic identity graph
- Human validation workflow
- Cross-system identity linking
- No forced auto-merging (reduces risk)
- Triggered from SaaS withdrawal events
- Targeted scans across systems
- Expected vs actual state comparison
- Violation detection and reporting
Implementation Roadmap
- Integrate consent UI (widget/iframe)
- Enable verification API
- Configure webhooks and acknowledgements
- Enable reporting and audit workflows
- Add grievance tracking and SLA metrics
- Implement renewal workflows
- Deploy On-Prem module
- Run discovery and PII scans
- Enable identity mapping
- Activate post-withdrawal verification
Security & Compliance
Role-based access control (RBAC)
API key + secret authentication
Scoped JWT for On-Prem integration
HMAC-signed webhook validation
TLS-secured communication
Metadata-first architecture (no raw PII leakage)
Audit-ready evidence outputs
Frequently Asked Questions
Is Consent Nexus a CMP or full platform?
It is a full platform. The SaaS module functions as a CMP, while the On-Prem module adds enterprise privacy intelligence.
Can we use only SaaS?
Yes. The SaaS module is fully functional independently.
Why add On-Prem?
To achieve true compliance through data visibility, identity mapping, and verification.
Where is data stored?
Consent data in SaaS. Internal data remains within your infrastructure via On-Prem.
Evaluation Checklist
- Consent capture UX and purpose control
- API-based enforcement reliability
- Webhook integrity and acknowledgement flow
- Audit and evidence generation
- RBAC and security controls
- On-Prem discovery and scanning capability
- Identity mapping accuracy
- Post-withdrawal verification outputs