IAB TCF 2.2 Certified CMP

Consent Framework for IAB TCF 2.2 with
|

Name: IAB TCF 2.2 integration
Brand: Secure Privacy

Secure Privacy is an IAB Europe-registered and Google-certified Consent Management Platform. Enable IAB TCF 2.2 to generate standards-compliant TC Strings, present the Global Vendor List to visitors, collect granular purpose-level consent, and satisfy Google's EU User Consent Policy for ad-serving in the EEA and UK.

IAB Europe Registered CMP

Google-Certified CMP Partner

TC String v2.2 Generation

Global Vendor List v3 Support

EEA & UK Ad-Serving Ready

10

TCF Purposes Covered

4.9

Why IAB TCF 2.2

Standards-Based Consent
for Digital Advertising

The Transparency & Consent Framework gives publishers, advertisers, and ad-tech vendors a shared protocol for collecting and communicating consent. Secure Privacy implements TCF 2.2 so your consent UI, TC String, and vendor signals meet IAB Europe policy and Google's certification requirements.

TC String Generation

Machine-readable consent string shared with vendors via the CMP API
Encodes purpose consents, vendor consents, and publisher restrictions
Stored in first-party cookie and available through __tcfapi()
Compatible with TCF v2.2 and v2.3 string formats

Global Vendor List (GVL)

IAB-managed registry of 1,000+ participating ad-tech vendors
GVL v3 includes data categories, retention periods, and multiple policy URLs
Secure Privacy surfaces vendor details in the preference centre
Vendor count shown on the first layer as required by TCF 2.2 policy

Purpose-Level Consent

10 standard purposes (e.g. Store and/or access on a device, Personalised advertising)
Legitimate interest removed for Purposes 3–6 under TCF 2.2
Special purposes and features disclosed transparently
User-friendly descriptions and real-world illustrations per IAB policy

TCF 2.2 Features

Full TCF 2.2 Support inSecure Privacy

Secure Privacy handles TC String encoding, the CMP API (__tcfapi), vendor list rendering, purpose consent collection, publisher restrictions, and Google Consent Mode mapping—all from a single dashboard configuration.

CMP API (__tcfapi)

Standards-compliant TCF API that vendors query for consent status via addEventListener.

getTCData deprecated in 2.2—Secure Privacy uses event listeners as required
Vendors receive proactive updates when consent state changes
Validate with the IAB Europe CMP Validator Chrome extension

First-Layer Transparency

TCF 2.2 requires the total vendor count and purpose summaries on the initial consent screen.

Vendor count automatically pulled from the GVL
Standardised purpose descriptions shown to visitors
Real-world illustrations explain data processing uses

Vendor Consent & Restrictions

Granular vendor-level consent and publisher restrictions for fine-grained control.

Per-vendor consent and legitimate interest toggles
Publisher restrictions override vendor-declared legal bases
Encode restrictions directly into the TC String

Google Consent Mode Mapping

Automatically map TCF purpose consents to all seven Google Consent Mode v2 types.

ad_storage, analytics_storage, ad_user_data, ad_personalization, and more
Satisfies Google EU User Consent Policy for Ads in EEA/UK
Advanced mode for cookieless pings and behavioral modeling in GA4

Consent Withdrawal

TCF 2.2 mandates easy consent withdrawal—Secure Privacy provides a persistent preference link.

Floating widget or footer link reopens the preference centre
Updated TC String generated immediately on change
Proof-of-consent logs record every change with timestamps

Geo-Targeted TCF Activation

Show the TCF-compliant banner only to EEA/UK visitors; use standard banners elsewhere.

IP-based region detection triggers the right consent flow
Non-EEA visitors see a simpler CCPA, LGPD, or generic banner
Reduce consent fatigue without sacrificing compliance

Proof-of-Consent & Audit Logs

Immutable records of every consent event for regulatory audits and advertiser requests.

Timestamped consent records with TC String snapshots
Export-ready for DPA inquiries or advertiser due diligence
IP anonymisation available for GDPR alignment

TCF v2.3 Migration Path

TCF v2.3 adds mandatory Disclosed Vendors—Secure Privacy supports the upgrade.

disclosedVendors segment included in TC String when enabled
Google Ad Manager checks for error code 1.4 (missing segment)
Toggle in the Secure Privacy dashboard—no code changes

Setup Guide

Enable IAB TCF 2.2 in Secure Privacy

Activate TCF 2.2 in your Secure Privacy dashboard, configure vendor and purpose settings, deploy to your site, and validate the TC String using IAB's tools.

01

Enable TCF in Dashboard

Open your Secure Privacy domain settings and toggle IAB TCF 2.2 on. Select which vendors from the Global Vendor List to include and configure purpose defaults.

5 minutes

02

Customise the Consent UI

The banner automatically includes vendor count, purpose descriptions, and withdrawal options per TCF 2.2 policy. Adjust branding, copy, and layout in the visual editor.

10 minutes

03

Deploy & Validate

Add the Secure Privacy script to your site head (or use the GTM template). Test with the IAB CMP Validator extension, decode the TC String, and confirm vendor signals are correct.

10 minutes

TCF 2.2 is live on your site.

Global Compliance, Built In

Instant Access to 55+ Legal Templates Worldwide

Automatically adapt legal templates and consent banners by location — compliant by default, seamless for users.

Privacy Laws Mapped & Monitored

Countries Covered

Continuously Updated Regulations

Core Global Privacy Frameworks

Why Choose Secure Privacy

Secure Privacy vs Non-TCF Cookie Bars

Feature	Secure Privacy (TCF 2.2)	Generic Cookie Banner
IAB Europe registration
Google-certified CMP
TC String generation
Global Vendor List integration
Purpose-level consent	10 standard purposes	Generic accept/reject
Vendor count on first layer
Google Consent Mode v2 mapping	All 7 types automatically	Manual or unsupported
Publisher restrictions
Easy consent withdrawal	Persistent preference link	Often missing
Eligible for EEA ad-serving		May not qualify