Privacy and GDPR

The minimal SDK call does not require prompt text or consent fields. Add privacy controls only when your app needs them, and prefer context.topic when you want matching context without sharing prompt text.

Recommended privacy-first shape

privacy.ts

typescript

PRIVACY

const { slot_ids } = await client.createJob({
  job_type: "chat",
  context: { topic: "programming" },
  consent: {
    semantic_targeting: true,
    prompt_shared: false,
    gdpr_applies: true,
    tcf_consent_string: "CONSENT_STRING",
    us_privacy: "1YNN",
  },
});

prompt_shared: false keeps prompt text out of the targeting path while still letting you send a direct context.topic.
gdpr_applies maps to OpenRTB regs.gdpr.
tcf_consent_string maps to OpenRTB user.consent.
us_privacy is available for US privacy signaling when your integration needs it.

What can leave your system

The contract supports topic, consent, brand-safety, publisher, and slot metadata. If you choose to send prompt text, the CSL's data firewall reduces it to abstract matching signals before SSP egress.

What stays inside CSL

Raw prompt text does not go to SSPs, DSPs, or advertisers. If you omit prompt text entirely and provide only context.topic, no prompt text enters the flow at all.

Consent and CS

Disclosure template

API first, Script Tag second, SDK third

Back to API docs Contact the team

These pages are the advanced package layer for teams that intentionally choose @csl/wrapper-sdk. Primary onboarding still lives in the API docs, and browser-first installs should start with the Script Tag. Use contact only when you want rollout review, enterprise coordination, or help with non-standard integration constraints. Beacon billing rules live in SDK Concepts.