Shield CMP - Cookie & Tracker Consent
Category-based banner, consent-gated script blocking, and an automated tracker scanner - bundled free on every plan. Same DPDPA proof vault as your consent notices.
Your penalty exposure
Every analytics or ad script firing before consent is data processing without a lawful basis - the same violation as a bad consent notice, just running silently in the background.
Necessary, Functional, Analytics, and Marketing categories - each independently enabled and toggleable. No all-or-nothing consent.
Analytics tags, ad pixels, and any data-category-tagged script hold until the visitor grants that exact category - not just the banner.
One toggle hard-blocks Analytics and Marketing with no way to re-enable them - server-enforced, not just hidden in the UI.
Headless crawl of your site cross-references every cookie and third-party script against your declared registry. Drift alerts, not noise.
A consent-status API lets your backend check a visitor's decision before firing a server-side tag (e.g. a Conversions API call).
A floating reopen icon means withdrawing consent is exactly as easy as giving it - the DPDPA S.6(4) requirement, built in by default.
All standard plans include the banner, script blocking, and automated scanner. Not included on the standalone Shield Collect plans.
There's no separate "cookie law" in India the way GDPR has the ePrivacy Directive. But a cookie or tracking pixel that resolves to an identifiable person - directly, or via a persistent device/browser identifier - is processing personal data under DPDPA S.4 and S.5. Firing that script before consent is the same S.5/S.6 violation as collecting an email address without consent; it's just running silently in the background instead of through a form.
Generic banner plugins are built around GDPR's category language and store consent in their own format, disconnected from anything else on your site. Shield CMP writes every cookie-consent decision into the same ConsentAuditLog your notice-based consent records use - one proof format, one audit trail, one DPO dashboard for both.
Any third-party script tagged with a data-category attribute stays out of the page until that specific category is granted. Necessary cookies always fire. Analytics, Marketing, Functional, and Unclassified categories are held back independently, so a partial decision - accept Analytics, reject Marketing - blocks exactly the right scripts instead of an all-or-nothing switch.
A headless crawl of your own site (up to 5 pages per run) reads every cookie that gets set and every third-party script domain that loads, then cross-references that against what you've already declared in the tracker registry. Your DPO only gets an email when the scan finds something genuinely new and undeclared - not a repeat alert for a tracker you already know about.
No - it's a core module, bundled free with every standard plan starting at Starter, including the automated scanner. The one exception is the standalone Shield Collect plans (Lite/Plus), which are a narrower forms-only product and don't include the full cookie-consent stack.
Bundled free on every plan. No lawyers. No spreadsheets.
Prove every consent. Court-admissible SHA-256 proof.
Learn moreOTP-verified portal. 30-day SLA countdown.
Learn moreNever miss the 72-hour Board notification window.
Learn moreReal-time 0–100 compliance health score.
Learn moreMap every asset, processor, and data flow. Auto-generate RoPA.
Learn moreTrack, score, and treat every DPDPA risk. Growth+.
Learn moreAutomated security scoring for every data processor. Growth+.
Learn moreAI co-pilot with DPDPA citations, policy drafts, PII classification.
Learn moreAWS scanner - CIS → ISO → DPDPA triple mapping. Business+.
Learn moreChildren's data, DPIA, SDF - highest-penalty coverage.
Learn more40+ Indian PII types. Scan and auto-populate Data Inventory. Free.
Learn more