Understanding Unified Identity & Consent Management

A single person often interacts with a brand across multiple devices - a smartphone, a tablet, and a work laptop. Traditionally, privacy preferences were "siloed" on each device. If a user opted out of tracking on their phone, the brand might still track them on their laptop because the two sessions weren't connected.

Concord's Unified Identity and Consent system solves this challenge. We bridge the gap between anonymous browsing and known customer profiles, ensuring that privacy choices are respected everywhere the user goes.

The Core Identity Model

Concord views a visitor not as a collection of cookies, but as a single identity. Our system operates on three integrated levels:

1. The Context (Device): The specific browser or hardware being used.
2. The Identity (The Person): A persistent profile that connects various contexts.
3. The Consent State: The actual choices made by that person (e.g., "Yes to Analytics," "No to Marketing").

To maintain a privacy-first approach, Concord never stores raw personal information, like email addresses, for syncing privacy choices. Instead, we use advanced cryptographic hashing to create a unique "digital fingerprint" for each user. This allows us to recognize a returning customer without ever holding their sensitive data.

The Cross-Device Experience

The primary benefit of Concord's architecture is the ability to maintain a "Single Source of Truth" for consent across the entire customer journey.

• Seamless Synchronization: When a visitor logs into your site, Concord identifies them and instantly checks for any existing privacy preferences in our global vault.
• Consent Inheritance: If a user has already opted into marketing communications on their desktop, those preferences are automatically applied when they log in on their mobile device. The user isn't pestered with the same consent banners repeatedly.
• Anonymous-to-Known Transition: If a visitor makes a choice while browsing anonymously and later logs in, Concord "merges" that session into their permanent profile, ensuring their most recent decision is the one that sticks.

Flexible Compliance Frameworks

Every region has different legal requirements (such as GDPR in Europe or CCPA in California). Concord adapts its behavior based on the regulatory environment:

• Express vs. Implied Consent: In stricter regions, we can ensure no tracking occurs until the user takes an explicit action (Express). In other areas, we can allow tracking to begin immediately while providing a clear path to opt-out (Implied).
• Adaptive Controls: Our system can toggle between standard "Category" controls (Analytics, Functional, Marketing) and specific "Do Not Sell/Share" requirements to meet diverse global standards without needing multiple privacy tools or different approaches per region.

Conflict Resolution: "Most Recent Wins"

Privacy choices aren't static. A user might change their mind or update their settings at any time. To ensure accuracy, Concord follows a deterministic logic: The most recent interaction always takes precedence.

If a user previously opted out but later clicks "Accept All" on a new device, the system updates their global profile to reflect the new "Opt-In" status across all platforms. This ensures that the brand always operates based on the user's latest stated intent.

User Experience and Global Signals

Concord is designed to be "quiet" and respectful of the user's time.

• Banner Suppression: If we already know a user's global consent state, we can suppress the cookie banner entirely, creating a cleaner, more professional browsing experience.
• Respecting Browser Signals: We actively listen for Global Privacy Control (GPC) signals. If a user has configured their browser to signal a preference for privacy, Concord automatically honors that request, even before the user interacts with the site.

By unifying identity and consent, Concord enables brands to build trust through consistency while significantly simplifying the technical burden of global privacy compliance.

Frequently Asked Questions

1. Does Concord store personal information like email addresses? No. When it comes to identity and syncing of privacy choices via user identifiers like emails, we prioritize privacy by using cryptographic hashing. This transforms those identifiers into a unique digital fingerprint, allowing us to recognize returning users without ever storing actual email addresses or names.
2. What happens if a user updates their preferences on a different device? The system follows a "most recent wins" logic. If a user changes their settings on their phone, that decision is instantly synced to their global profile. The next time they visit on their laptop, their preferences will reflect that update.
3. Will users see a consent banner every time they switch devices? Not necessarily. If a user is identified and preferences are already on file, Concord can suppress the banner, providing a smoother experience by not asking the same questions twice.
4. How does Concord handle browser-level privacy signals? The platform is fully compatible with Global Privacy Control (GPC). If a user has enabled GPC in their browser, Concord recognizes this as a valid opt-out preference for do not sell or share rights and adjusts their consent state automatically.
5. What happens to consent when a user logs out? When a user logs out, the identity link is reset. The browser returns to an anonymous state, ensuring that the next person using that device does not inherit the previous user's privacy settings.
6. How does this help with regulations like GDPR or CCPA/CPRA? It ensures GDPR style Opt-In/Explicit/Express consent choices or CCPA/CPRA style Opt-Out/Implicit/Implied & Do Not Sell/Share requests are honored globally, not just on a single browser. This maintains a higher standard of compliance and builds trust by respecting choices across the entire digital journey.