Consent Mode Monitor Logo
Try our Extension
Try our Add-on
Consent Mode Monitor Logo
Consent Mode Monitor Logo

Consent Mode Monitor Privacy Policy

Last updated: 8 April 2026

This Privacy Policy explains how MeasureMinds Group Ltd (“MeasureMinds”, “we”, “us”, and “our”) collects, uses, stores, shares, and protects personal data when you use Consent Mode Monitor, including our website, application, browser extension, and related services.

Important: the Consent Mode Monitor Chrome Extension does not use Google Sign-In, does not access your Google Tag Manager account directly, and does not make GTM changes on its own. Google account access and GTM editing access apply only when you use the Consent Mode Monitor web application and explicitly choose to connect to Google Tag Manager or use the fixing functionality.

What information does Consent Mode Monitor collect?

Chrome Extension

When you click Scan, the Chrome Extension may access the current tab’s hostname or URL, together with technical website metadata needed to perform the audit. This includes the website hostname, the Google Tag Manager container ID(s) detected on the page, and whether a known consent-autoblocker script is present.

This information is processed solely to generate the user-requested audit, including the compliance score and scan results for the website you are currently viewing.

To generate these results, the extension sends only the scan-related technical data required for scoring and reporting to our service at https://app.consentmodemonitor.com.

The extension also stores scan results and related per-site state locally in browser extension storage, such as status, GTM key(s), score, tags, last scan time, and autoblocker flag. This allows you to reopen the extension and view previous results without rescanning, improves performance, and keeps popup and badge state consistent. This locally stored scan data is removed if you uninstall the extension. We do not use the extension to monitor browsing activity in the background or to maintain a general browsing history of the websites you visit.

The extension uses activeTab and scripting only after you click Scan, together with storage, tabs, and a narrow host permission for app.consentmodemonitor.com to support scan results, popup state, badge updates, and communication with our scoring service.

In incognito windows, the extension runs as a fully separate instance (incognito: split) and keeps all state in chrome.storage.session, which is in-memory only and never written to disk. Scan results from incognito tabs are discarded when the browser session ends and are never shared with normal (non-incognito) browsing data.

Web Application

If you use the Consent Mode Monitor web application, we may collect your email address to create and manage your account, provide essential service communications, and manage subscriptions and billing.

If you choose to sign in with Google and connect Google Tag Manager in the web application, we may request access to the following Google OAuth scopes:

  • https://www.googleapis.com/auth/userinfo.email (See your primary Google Account email address)
  • https://www.googleapis.com/auth/userinfo.profile (See your personal info, including any personal info you’ve made publicly available)
  • https://www.googleapis.com/auth/tagmanager.edit.containers (Manage your Google Tag Manager container and its subcomponents, excluding versioning and publishing)

We use these scopes only to authenticate your account, link your Google account to Consent Mode Monitor, store account-related information, manage subscriptions and billing integrations, and carry out user-requested GTM actions within the web application.

How does Consent Mode Monitor use the information?

The email addresses collected are used to create and manage user accounts, send essential service communications, and, where the user has opted in, send newsletters or product updates. Users can opt out of marketing emails at any time.

If a user chooses to sign in with Google and connect Google Tag Manager in the web application, we use the Google OAuth scopes listed above to authenticate the user, link the user’s Google account, store account-related information in Firestore, manage subscriptions and billing integrations such as Stripe, and apply user-requested consent-related updates within the user’s GTM container.

What information does Consent Mode Monitor share?

We do not sell personal data or share it with other users. We may share personal data and service data with trusted service providers that help us operate Consent Mode Monitor, such as Google Firebase / Firestore for account and application data storage, Stripe for billing and subscription management, and other infrastructure, email, or support providers where needed to operate the service. We may also share data where required by law or where necessary to protect the security, integrity, or operation of the service.

The use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. When a user chooses to connect Google Tag Manager in the web application, Consent Mode Monitor may access the user’s Google Tag Manager accounts, containers, workspaces, and related items only to provide the user-requested functionality described in this Privacy Policy.

How we protect sensitive data

Access Control

  • Role-Based Access Control (RBAC): We restrict access to sensitive data within our systems using RBAC, ensuring that only authorised personnel have access to specific data based on their roles.
  • Two-Factor Authentication (2FA): To further secure accounts and prevent unauthorised access, we require two-factor authentication for all users and administrators accessing sensitive data.
  • Least Privilege Principle: Access to sensitive data is granted only to the minimum extent necessary for individuals to perform their job functions.

Data Anonymisation and Masking

  • Anonymisation: When feasible, sensitive data is anonymised, meaning personal identifiers are removed to protect individual identities in our datasets.
  • Data Masking: In cases where anonymisation is not applicable, sensitive data fields are masked, making it unreadable to unauthorised users.

Regular Security Audits and Penetration Testing

  • We perform regular security audits and third-party penetration testing to identify and address vulnerabilities within our infrastructure. This ensures that our systems are always up-to-date with the latest security protocols and best practices.

Intrusion Detection and Monitoring

  • We employ advanced intrusion detection and monitoring systems that continuously monitor for suspicious activities or unauthorised access attempts. In the event of any unusual behavior, immediate alerts are triggered, and our security team responds to mitigate potential threats.

Data Minimisation and Retention Policies

  • We practice data minimisation by only collecting the necessary information required for the app’s functioning. Data retention policies are strictly enforced to ensure that sensitive information is deleted when it is no longer needed, reducing the risk of unnecessary data exposure.

Compliance with Regulations

  • Our data protection mechanisms are designed to comply with industry standards and regulations, such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant laws. This ensures that your sensitive data is handled lawfully and responsibly.

User Control and Data Portability

  • Users have control over their data, including the ability to request access, correction, or deletion of their personal information at any time. We also provide mechanisms for users to download or export their data securely if needed.

Our data retention policy

Purpose of Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, regulatory, or contractual obligations, resolve disputes, and enforce our policies. Scan results and per-site state stored locally by the browser extension remain in extension storage until they are overwritten, cleared by the user, or removed when the extension is uninstalled, unless a shorter retention period applies.

Data Deletion 

Users may request the deletion of their data at any time by contacting dpo@consentmodemonitor.com.

Legal Obligations 

We may retain data longer if required by law or to protect our legitimate interests (e.g., fraud prevention, enforcing terms).

Contact Us

If you have any questions about this Privacy Policy, please contact us at dpo@consentmodemonitor.com

Cookies used on this site

Add Your Heading Text Here

Save your business millions in privacy-related fines

Ensure Consent Mode is implemented properly with Consent Mode Monitor

  • Check for missing consent
  • Fix consent-related issues
  • Schedule monthly scanning
Use Consent Mode Monitor
Consent Mode Monitor Logo