Skip to main content


Questions about our market positioning / Questions about how AppConsent works

Questions about our market positioning​

  • Are you a valid registered IAB CMP ?​

YES. Our CMP_ID is 2. You can consult this page to check our status :

  • Do you support only IAB Purposes ?​

NO. Using the backoffice, you can add as many purposes you need. We also support higly sensitive purpose like Geolocation for advertising purpose. Check the iOS and Android section to learn more.

From the 1st of april, as indicated by the CNIL when posting its new guidelines on the October 1st, scrolling on a website will no longer be considerated like a valid consent for using data.

Indeed, now the user must express his consent with a clear and precise act, like clicking on the button Β« Accept all Β».

As a CMP, we never considered the scrolling as a valid act of consent, mais by using our callback, you could decice to still use this events to fetch consents from users.

From the 1st of april, it will no longer be possible.

A CMP, for Consent Management Platform, is a technological platform specifically dedicated to the collection, recording and restitution of consents given by users in the field of personal data.

By using our CMP, you can control whether you want to use a banner to obtain consent in a first place. This banner is generally positioned at the bottom of the screen. What we call the notice, is the real visible part of the CMP, i.e. where the Internet user or mobile user will make his choices. Sometimes we call it WebApp to make a clear difference between the Web perimeter and in-App.

YES. This is the recipe: Put a hard wall; meaning that the user has no choice to accept or configure. Blur the background. Don't hesitate to put a very large window. Change the configure button to a link. And put a lot of text before the button. Do not use a font size that is too large. Put a cross in the top right that is wired with an acceptance event. Do not forget to add an event wired to a 100px event and/or a click in the page. That's it, you just finished to cooking something that will give you a > 99% consent rate.

But in return, you will see your bounce rate increase a lot. By the way, it depends a lot on the shape and structure of your audience. Some websites are less impacted. But in the case of control by the regulator, the are a lot of chances that they don't see that as a valid way of getting consent. And the doctrine is simple: no consent, no right to use the data. And the vendors connected to the CMP may lose the right to process all the data already collected as they rely on consent.

At SFBX, we think that in order to cook something more clever, we all need to take into account: The user in the first place, because after all, we ask his/her data. But we also need to keep an eye on the reactions of the European data protection authorities (and especially the French CNIL) to build a balanced way of getting consents that :

  • Respect the user

  • Preserve as much as possible your turnover

  • Respects the essence of the GDPR, and the comments of regulators.

  • Do I need to present the CMP to the users who are not in the UE area?​

GDPR aims to protect personal data for European users. You must display the CMP for all European country. For all other countries, there is no need to display the CMP, for the moment.

  • How long are the consents kept?​

The consents are kept for 12 months. After that, the user must give his consent again.

  • It seems that you know a lot about users. How do you proceed?​

As already mentioned above, we use proprietary UX approaches to understand user behavior when faced with CMP-typechoices. But also what they understand about the GDPR, what they expect. Focus groups, interviews, guerrilla tests. We do a lot of work on these topics. This work allows us to obtain consent rates that converge towards the maximum expected, including in frameworks that will be constrained by regulators. Example: Refuse/Accept button instead of Configure/Accept.

  • In case of control from an ICO, do you help us?​

YES. In each contract, you some days provisioned to assist you technically. We are not lawyers and we don't act as DPO. Never. But we offer workforce and tools (like APIs) in order to help you to prove that you have consents from your users.

Since the very first day, we use blockchain technology to prove consent. Beginning of 2020, we switched from Hyperledger to Chainsaw, our proper blockchain.

99.99%. We believe as we are directly responsible for your turnover and the comfort of your end-users, we have no alternative to offer this high standard of SLA.

We prefer to act as a member of the team rather than protect ourselves behind weaker SLAs. With this objective in mind, this has led us to put in place a whole battery of internal procedures, countermeasures in order to be able to fulfill such a promise.

SFBX was founded by two people acting in the data and ad tech companies for a wild. We see 3rd cookies efficacity and stability declining almost every day for a while. Thus, one of our first feature was to build a workaround to this. So we use LocalStorage in order to store consent status and cache information to speed up the CMP response time. Moreover, the entire platform is ID agnostic, meaning that we are ready for common login initiatives and using CRM IDs. We are even capable to do web2app consent Propagation.

  • My best friend/DPO/CxO told me that the blockchain is not compatible with the GDPR can you still use blockchain?​

There is two main kinds of blockchain: Public and Private. It's true that Public blockchain raises many issues regarding GDPR/ePrivacy, especially when you need to honor the right to be forgotten. As blockchain is built to never forget something, it's a paradox.

But we use Private Blockchain. Meaning that Data Controller is not spread into the wild using nodes that we have not under control. All the nodes are running SFBX. We control the consensus, we control the participants. We control our ledger. And we never, ever store informations into our ledgers, we only store the proofs. And it makes a huge difference.

Moreover, this kind of architecture is preparing us for the future of Data. At SFBX, we are convinced that the data can't more circulate without either a consent or a legal base attached, tied to this Data. And in order to build the pipeline that will sustain this, private blockchain is very efficient.

  • The same people told me that blockchains are too slow to operate in the media field yet.​

We are working hard since two years to raise the bar of the scalability of our blockchain stack.

We process right now, in production, thousands of transactions per second. This means that when a end-user gives his/her consent, the proof of consent is available some ms after.

Questions on the operation of AppConsent​

  • Can I customize everything in your CMP?​

YES and NO. Using AppConsent, you can customize almost everything. Some things are not possible due to legal reasons but also to the way we understand the GDPR and the upcoming ePrivacy Regulation. As an example, it's not possible to force the status of our switch. This is something that will never pass a check from any European Regulator.

SFBX Official position on this: We believe that, as a market, we need to replace getting consents using scroll and click by other ways. It's not aligned with the core of the GDPR.

If you decide to carry on using scroll 'like events, we strongly advise you to test without scroll in order to do statistics on your consent rate.


The GDPR introduces the notion of accountabilty and co-responsabily. There is no doubt that in the very near future, the CMPs will no longer be able to act as sub-contractor. Thus, if we detect that something breaks the law, we'll invite you to contact us and to work on a more GDPR valid alternative.

Be aware that if consent is not valid, you're losing the right to process the underlying data. ( If you are using the consent as your legal base )

  • Does it take a long time to see the changes of a webApp in production?​

NO. Just refresh your page in your browser and that's it. It's a matter of only hundreds of ms to populate a new build of our CMP WebApp.

  • How are the translations managed?​

AppConsent manages translations of 13 default languages but this number can be extended to all EU languages if needed.

  • English (EN)
  • French (FR)
  • Spanish (SP)
  • Italian (IT)
  • Dutch (NL)
  • Polish (PL)
  • Portuguese (PT)
  • German (DE)
  • Bulgarian (BG)
  • Czech (CS)
  • Catalan (CA)
  • Swedish (SV)
  • Danish (DA)

Catalan, Swedish and Danish are currently only available for web notices.

As we can't know the user nationality, AppConsent CMP translation is based on the language used by the user on his browser or device:

For the web desktop version, the CMP is configured to be displayed in the language configured in the user's browser. For example, if the user is in the US but his browser is configured in French, the CMP will be displayed in French.

For mobile and mobile web versions, the CMP is configured to be displayed in the language configured in the device.

  • Which KPIs do you offer in the dashboard?​

You will get :

Consent Rate : the rate of Consent-In on [consent in + consent out + consent mixed]

Consent in: number of positive consents on all the purposes of a notice

Consent out: number of negative consents (refusals) on all the purposes of a notice

Consent mixed: a mixed IN/OUT signal is raised when a user has a combination of switch that are both positives and negatives

Bounce Rate: It is the difference between new users and those who are not seen after their ID has been created. Even if it's not directly related to privacy-CMP KPIs, you should follow closely these KPIs

For Premium/Enterprise account only many others metrics are available on demand like unique users, average spent time before choice, granular deny for vendors, split by device, country..

Have other questions?​

If you have any further questions, send us an email to and we will be happy to answer you and certainly add your question to this page.