> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kontext.so/llms.txt
> Use this file to discover all available pages before exploring further.

# TCF & CMP

> How the SDK reads IAB TCF v2.2 consent from your CMP automatically, plus the regulatory object for manual control.

## TCF

The **IAB Transparency and Consent Framework (TCF)** is the EU/UK ad-tech standard for collecting and propagating GDPR consent. Publishers display a consent dialog, the user picks what they're OK with, and the result is encoded into a **TCF v2.2 consent string**. Every downstream ad partner — Kontext included — reads that string to know what they may do with the user's data.

## CMP

A **Consent Management Platform (CMP)** is the tool that shows the consent dialog and produces the TCF string. The CMP writes the string to a well-known storage location that every TCF-compatible SDK can read.

If your app serves EU or UK users, you need a CMP:

* **GDPR and the UK Data Protection Act require explicit consent** for personalized advertising. Without a CMP, you can't legally collect it.
* **Without a valid TCF string, fill rate drops.** Most DSPs won't bid on traffic with no consent signal — or they only bid for the lowest-priced contextual-only inventory.
* **It's the publisher's responsibility, not the SDK's.** The Kontext SDK doesn't ship a consent dialog; you integrate a CMP yourself.

Any IAB-registered CMP works — OneTrust, Sourcepoint, CookieBot/Usercentrics, Didomi, and others.

## The SDK reads TCF automatically

Once a TCF-compliant CMP is integrated and the user has answered the consent prompt, the SDK reads the consent string through the standard IAB-defined interface for each platform:

* **iOS** — `UserDefaults` keys (`IABTCF_TCString`, `IABTCF_gdprApplies`, …)
* **Android** — `SharedPreferences` keys (same key names)
* **Web** — the `__tcfapi` window function exposed by the CMP

You don't have to forward the string manually. `gdpr` and `gdprConsent` are picked up on every `/preload`.

## Manual override: the regulatory object

If you don't have a CMP yet, want to override what the SDK reads, or need to set fields outside TCF (COPPA, GPP, US Privacy), use the **regulatory object** on the session. See [Compliance](/resources/compliance) for the full field list. Common cases:

* **No CMP yet** — pass `gdpr` and `gdprConsent` manually until you wire one up.
* **COPPA** — set `coppa: 1` for child-directed traffic. TCF doesn't cover this signal.
* **US privacy / GPP** — pass `usPrivacy`, `gpp`, or `gppSid` for US-state regulations.
