How biskoui Works

Understanding biskoui's architectural approach to consent management and privacy compliance.

Architectural Overview

biskoui operates as a comprehensive consent orchestration system that sits between your website and third-party services, ensuring compliance with Swiss nFADP and optionally GDPR. biskoui works based on strict opt-in consent, ensuring no personal data or tracking is processed prior to user approval of configured 3rd-party services.

Core Components

JavaScript Integration
Add a single script snippet or install a CMS plugin. biskoui manages third-party service by only loading them until proper consent is granted.

Add services subject to consent
Configure your services (Google Analytics, Google Ads, Meta Pixel, Hotjar etc.) in the biskoui dashboard. You have multiple integrations possible:

Including automated by biskoui (available on certain services)
Manually, through the script provided by your service
Tag Manager, which will send an event upon consent which you can use as a trigger in your Tag Manager (Google, Matomo, etc)

Consent Collection Engine
Displays context-appropriate banners and manages user consent decisions across sessions and domains.

Compliance Logging
Records all consent events in a service-level tamper-proof audit trail stored in Swiss data centers.

1. Script Initialization

When a user visits your website:

biskoui script loads, performs environment detection.
Sets up an ephemeral, unique, random session id stored in sessionStorage. The session id is required for proper functioning of biskoui, in particular to correlate requests of the same user (which helps in calculating correct view counts and consent counts, and detect bots and abuse) in an anonymous and privacy-respectful way.
Checks for existing consent preferences in localStorage (in cookies if cross-subdomain is enabled)
Evaluates cross-subdomain consent if configured
Determines banner display requirements based on consent state

2. Services Management

For all third-party services that are registered with biskoui

Loads the previous user choices if any
Automatically loads services that were previously consented to by the user or sends consent event.
Queues other services pending consent decisions
Maintains service state for instant activation post-consent

When consent is required:

Displays customizable banner with configured service categories
Automatically presents category of cookies used based on configured services: Analytics, functional, marketing. Necessary category is always displayed by default and can't be turned off.
Presents granular or bulk consent options
Supports managed vs unmanaged consent modes
(If GDPR is required) Consent log feature captures detailed consent preferences with timestamp and IP logging

4. Service Activation

Based on consent decisions:

Immediately enables consented services from queue
Maintains blocks on non-consented services
Triggers consent mode signals (Google Consent Mode v2 Basic Mode or Advanced Mode)
Updates service state across page navigation

Throughout the user journey:

Syncs consent state across subdomains if Sub-domain consent sharing configured
Maintains consent validity periods and re-consent flows
Logs all consent changes for audit compliance

Technical Architecture

Client-Side Components

Consent Banner: Customizable UI for consent collection with multi-language support
Service Management: Manages third-party services pending consent
JavaScript API/SDK: Comprehensive API for consent state management and custom integrations
Storage Manager: Handles consent persistence via localStorage (or first-party cookies for cross-domain support)
Event System: Real-time consent change notifications for dynamic service management

Server-Side Infrastructure (Swiss-Hosted)

Configuration Dashboard: Web interface for service setup, banner customization, compliance management and subscription management
Consent Registry: Tamper-proof audit logs stored in Swiss data centers
Analytics Engine: Consent rate tracking and user preference insights
Compliance Reporting: nFADP and GDPR reporting tools with data export capabilities

Basic Mode: Updates Google services consent state without sending user data
Advanced Mode: Allows cookieless measurement with consent state signals
Automatic consent signals propagation to Google Analytics, Ads, and Tag Manager

Supported Consent Mode signals: analytics_storage - Controls storage for analytics cookies (e.g., Google Analytics)1 ad_storage - Controls access to cookies related to advertising (e.g., remarketing, conversion tracking)2 ad_user_data - Controls whether personal data (e.g., user identifiers) can be sent to Google for advertising purposes2 ad_personalization - Controls whether ads shown to users can be personalized based on their data2 personalization_storage - Controls cookies for personalized content (e.g., recommended products)2

1Automatically supported when Google Analytics service is added and Google Consent Mode v2 activatied. 2Automatically supported when Google Ads or Google Ads Remarketing or Google Conversion Linker service is added and Google Consent Mode v2 activatied.

Data Privacy and Security

Swiss Data Sovereignty

All consent logs stored exclusively in Swiss data centers
Full compliance with Swiss Federal Act on Data Protection (nFADP)
Optional GDPR compliance for EU operations
Data residency guarantees for sensitive consent information

Privacy-First Design

Minimal Data Collection: Only essential consent metadata (timestamp, IP, choices)
Client-Side Preference Storage: User choices stored locally when possible
Encrypted Transmission: All API communication via HTTPS with certificate pinning
Automatic Data Cleanup: Configurable retention periods with automatic purging
User Rights: Built-in consent withdrawal and data portability features

Integration Deployment Models

Direct Script Integration

JavaScript snippet in HTML <head> for maximum control and performance.

CMS Plugin Integration

WordPress plugin with visual configuration

Tag Manager Full Support

Google Tag Manager, Matomo Tag Manager and Adobe Launch compatible
Centralized deployment for enterprise environments
Advanced trigger and variable configurations

API-First Custom Implementations

Client-side JavaScript API access for hooking into various lifecycle events of the banner and develop a more custom consent experiences while maintaining compliance logging.

Architectural Overview​

Core Components​

The Consent Flow​

1. Script Initialization​

2. Services Management​

3. Consent Collection​

4. Service Activation​

5. Consent Persistence​

Technical Architecture​

Client-Side Components​

Server-Side Infrastructure (Swiss-Hosted)​

Google Consent Mode v2 Integration​

Data Privacy and Security​

Swiss Data Sovereignty​

Privacy-First Design​

Integration Deployment Models​

Direct Script Integration​

CMS Plugin Integration​

Tag Manager Full Support​

API-First Custom Implementations​