ℹ️ This guide provides step-by-step instructions for configuring JENTIS in different privacy configurations and how these configurations must be reflected in the Consenter Manager when configuring your Consent Banner.
Step 1: Choose which configuration matches your demands and configure JENTIS accordingly
Step 2: Configure the Consent Banner in the Consenter Manager accordingly
Step 3: Explain how you use JENTIS in your privacy policy
JENTIS is a server-side tag management system (TMS) and Data Capturing Platform (DCP) that replaces conventional client-side third-party tag management by routing website visitor data through a first-party server layer — the JENTIS Twin Server — before forwarding it to downstream analytics and advertising tools. Rather than allowing third-party scripts (e.g. Google Analytics, Meta Pixel) to fire directly from visitors' browsers and collect data independently, JENTIS collects data first-party on the website operator's behalf, applies configurable privacy-enhancing transformations (including pseudonymisation, IP stripping, and ID substitution), and only then forwards data to downstream tools under controlled conditions. JENTIS is headquartered in Vienna, Austria, processes all data exclusively within EU/EEA data centres, and is ISO 27001 certified.
Important scope note: JENTIS is infrastructure through which other tracking tools are routed — it is not itself a behavioural tracking or advertising tool. This guide covers the JENTIS platform's own data processing layer only. Each downstream tool connected to JENTIS (such as Google Analytics 4, Meta Pixel, LinkedIn Insight Tag, Google Ads) remains a separate data recipient and must continue to be reflected as a separate entry in the Customer Panel, using the configuration guides for those individual tools. The JENTIS entry described in this guide represents exclusively what JENTIS GmbH processes as a first-party server-side infrastructure provider.
Note on legal role: JENTIS acts as a data processor in its relationship with the Customer (website operator), because it processes data only in accordance with the instructions enabled through the JENTIS SaaS configuration by the Customer. JENTIS does not process visitor data for its own purposes. The website operator (Customer) remains the sole data controller for all data captured and routed through JENTIS. A Data Processing Agreement (DPA) is incorporated into the JENTIS Customer Agreement as standard.
Note on processing location: JENTIS GmbH is headquartered in Vienna, Austria (EU). Corporate operations, hosting, and all data processing take place exclusively within the EU/EEA. JENTIS does not use US-based cloud infrastructure for visitor data processing. There is therefore no CLOUD Act risk associated with the JENTIS data processing layer itself. However, downstream tools to which JENTIS forwards data (such as Google Analytics 4 or Meta Pixel) may process data in the US via their own infrastructure; the CLOUD Act considerations for those tools are addressed in their respective configuration guides and remain unchanged regardless of whether JENTIS is used as the relay.
| # | Configuration Area | Where in JENTIS | Configuration A — Standard Consent Mode | Configuration B — Essential Mode | Configuration C — Essential Mode + Synthetic User Engine |
|---|---|---|---|---|---|
| 1 | Consent handling and tag activation | JENTIS Legal Hub → Consentbars (CMP connector); Legal Hub → Vendors → Consent Mode / Essential Mode toggle per vendor | Standard Consent Mode — CMP connected; all downstream tool tags blocked until a positive consent signal is received from the CMP; no fallback processing of visitor data without consent; MasterTag loads in the first-party context as a strictly necessary container solution to enable the CMP | Essential Mode activated — full downstream tool tracking with consent; strictly necessary fallback without consent: visitor IP address not stored, JENTIS Server IP substituted in all third-party communications, third-party client IDs replaced with randomly generated JENTIS IDs, click IDs removed from landing page URLs, IDs not merged across parameters to prevent re-identification, timestamps optionally blurred; no visitor data forwarded to downstream tools without consent; downstream server-side processing of strictly necessary fallback data on JENTIS Twin Server under legitimate interest (Art. 6(1)(f) GDPR) | Essential Mode activated with the same consent and no-consent handling as Configuration B; additionally, the Synthetic User Engine is activated for non-consenting users (see row 2) |
| 2 | Synthetic User Engine | JENTIS → Synthetic Users (requires Essential Mode to be active); configured together with your JENTIS contact | Not activated | Not activated | Activated — non-persistent predictor data (e.g. browser type, session duration, number of page views, scroll rate, items added to cart) collected from non-consenting users as strictly necessary session-level data; combined on the JENTIS Twin Server with real behavioural data from consenting users to generate pseudonymised synthetic user profiles; pooled anonymised click IDs forwarded to downstream advertising tools (e.g. Google Ads, Meta Ads) on behalf of non-consenting user segments; raw non-consent predictor data permanently deleted from JENTIS servers after synthesis |
| 3 | Pseudonymisation of data forwarded to downstream tools | JENTIS Legal Hub → Data Destinations → per-tool connector settings | Configurable per downstream tool — JENTIS can strip or pseudonymise individual data parameters (e.g. full IP address, user IDs, click IDs) before forwarding to each downstream tool; the degree of pseudonymisation is set separately per tool connector and does not affect JENTIS's own server-side processing | Same as Configuration A; in the Essential Mode without-consent fallback, visitor IP is not stored or forwarded by design; with consent, per-tool pseudonymisation settings apply as configured | Same as Configuration B |
| 4 | Processing location | Fixed — determined by JENTIS infrastructure; not configurable per advertiser | EU/EEA exclusively — corporate headquarters in Vienna, Austria; all hosting and data processing within EU/EEA data centres; ISO 27001 certified; no US cloud infrastructure used for visitor data; no CLOUD Act exposure for JENTIS's own processing | EU/EEA exclusively (same as Configuration A) | EU/EEA exclusively (same as Configuration A) |
Use this configuration when JENTIS is used as a server-side tag management relay under a conventional consent-gated model. The JENTIS MasterTag loads in the first-party context (served from the website operator's own domain via the JENTIS reverse proxy) as a strictly necessary container solution for enabling the CMP and managing the consent banner. All downstream tools configured in JENTIS are blocked from firing — and no visitor data is forwarded to any of them — until a positive consent signal is received from the connected CMP. Without consent, JENTIS itself processes only the minimal transient data required to serve the CMP and manage the tag container; no persistent identifier is set by JENTIS at this stage and no data is forwarded to any downstream tracking tool.
With consent granted, visitor session and event data is captured first-party on the JENTIS Twin Server and forwarded to the relevant downstream tools (GA4, Meta Pixel, LinkedIn Insight Tag, etc.) under the pseudonymisation and parameter settings configured per tool connector. This configuration is directly comparable to conventional client-side tag management with a consent gate, but with the structural privacy advantage that all third-party scripts are replaced server-side: no downstream tool script runs directly in the visitor's browser, meaning no direct IP-to-tool transmission occurs from the client side.
As JENTIS processes all data exclusively within EU/EEA data centres and acts as a processor under a DPA, there is no CLOUD Act exposure for the JENTIS layer. Data forwarded by JENTIS to US-based downstream tools (GA4, Meta, etc.) retains the transfer risk of those tools, as documented in their respective guides.
Use this configuration when JENTIS is used with Essential Mode activated, enabling a strictly necessary fallback that allows some server-side data processing even when a visitor has not given consent. Essential Mode creates two parallel tracking paths:
With consent: Visitor data is captured and forwarded to downstream tools as in Configuration A, according to per-tool pseudonymisation settings.
Without consent: JENTIS activates a strictly necessary fallback on the JENTIS Twin Server. In this mode, the visitor's IP address is not stored; instead, JENTIS substitutes the JENTIS Server IP address in all communications with third parties. Third-party client IDs (such as GA4 client IDs or Meta browser IDs) are replaced with randomly generated JENTIS IDs. Click IDs in landing page URLs are removed. IDs are not merged across data parameters to prevent re-identification. Timestamps may optionally be blurred. No visitor data is forwarded to downstream tools without consent. The data retained for the strictly necessary fallback is processed on the JENTIS Twin Server by the website operator (as sole controller) under legitimate interest (Art. 6(1)(f) GDPR), with storage limited to a maximum of 13 months by JENTIS default (configurable by the Customer to a shorter duration). The legal basis for the strictly necessary storage access under ePrivacy is supported by JENTIS documentation including a legal memorandum prepared by Spirit Legal, available in the JENTIS documentation.
JENTIS's own processing remains EU/EEA-exclusive in both consent paths.