Tickbox.dev Sign in →

Spec · §1 — Capabilities

Built for engineers, not compliance theatre.

Everything Tickbox does, summarised. If something's missing, open an issue — the roadmap is public.

  1. 01 / config

    Type-safe consent config

    A single defineConsent({...}) call in TypeScript. Autocomplete on categories, vendors, jurisdiction. Compile-time errors when you mis-spell a category name.

  2. 02 / gating

    PECR-correct script gating

    Tag any script type="text/plain" data-tb-category="analytics" and it stays inert until consent. No race conditions, no fragile timing, no setTimeout workarounds.

  3. 03 / gtag

    Google Consent Mode v2

    gtag('consent','default',...) defaults to denied; flipping a category in the SDK calls gtag('consent','update',...) automatically. Works with GA4, Ads, GTM.

  4. 04 / jurisdiction

    UK DUAA + EU GDPR presets

    Built-in jurisdictions classify every known vendor into consent / notice / always-allowed. Auto-detect by visitor country if you serve both regions.

  5. 05 / ai

    AI training opt-out

    One toggle generates /ai.txt and the matching robots.txt rules for GPTBot, ClaudeBot, PerplexityBot, Google-Extended and 6 others. EU AI Act ready.

  6. 06 / framework

    Framework adapters that feel native

    React (, useConsent), Vue 3 plugin, Nuxt module with auto-imports and SSR hydration. Headless or drop-in styled banner — your call.

  7. 07 / audit

    Audit log (opt-in)

    Add @tickboxhq/cloud and every decision POSTs to api.tickbox.dev. Searchable dashboard, CSV export, retention policy. Without it, nothing leaves the visitor browser.

  8. 08 / privacy

    No tracking, no fingerprinting

    We don't set our own cookies, don't load remote scripts, don't talk to ad networks. The SDK is fully local unless you install the cloud package.

Generate your config in 60 seconds.

Try the builder Read the docs