COKIQ docs

Evidence Proof Guide

Use this guide to explain exactly what COKIQ can provide as product evidence, what customers can share with teams or auditors, and which items still need legal review or external certification.

Best for

Founders, agencies, sales teams, compliance operators, procurement reviewers, and customers comparing COKIQ with major consent platforms.

What the report shows

These are the product-side evidence areas COKIQ can surface when the site has the required scan, banner, consent log, and blocker data.

Product evidence COKIQ provides

COKIQ can show scan baseline, detected cookies and scripts, policy inventory, banner configuration, consent receipts, regulation profile context, GPC signal evidence where observed, and blocker evidence from the runtime script.

Operational exports

Admins can use dashboard reports, CSV exports, JSON exports, and PDF-style evidence summaries to hand over proof to clients, legal teams, leadership, or auditors.

Regional proof context

Evidence can include regulation profile, regulation region, visitor country, geo source, banner version, policy version, and consent action so teams can explain why a visitor saw a specific consent flow.

Customer responsibility

Customers remain responsible for their final privacy policy wording, legal basis, business-specific legal interpretation, data-transfer decisions, and any lawyer-issued compliance opinion.

External certification boundary

Google CMP certification, IAB TCF approval, SOC 2, ISO certification, app marketplace approval, and attorney sign-off require separate external review or third-party programs.

Buyer-safe positioning

The correct claim is that COKIQ provides operational consent evidence and readiness proof. The unsafe claim is that COKIQ makes every business automatically certified compliant in every country.

Setup steps

Step 1

Run a fresh scan

Start with the latest scan so the customer conversation is based on real cookies, scripts, embeds, policy links, and risk signals from the website.

Step 2

Verify the banner and runtime

Confirm the COKIQ script loads once, displays the correct consent flow, and records accept, reject, and custom choices.

Step 3

Check regional evidence

Use the relevant regulation profile or preset, then review country, region, geo source, GPC, banner version, and policy version fields.

Step 4

Export the evidence pack

Use the dashboard, CSV, JSON, or PDF-style evidence output depending on whether the receiver is a client, auditor, marketer, legal reviewer, or leadership team.

Step 5

Separate proof from legal claims

Present COKIQ evidence as operational proof, then clearly list privacy wording, legal basis, DPA, transfers, and certification items for customer/legal review.

Step 6

Keep proof current

Re-scan and export again after adding plugins, pixels, ecommerce apps, analytics tags, ad campaigns, embeds, or important policy changes.

Implementation checklist

Latest scan date and scan status are visible
Detected cookies and scripts are reviewed
Policy inventory and policy version are available where captured
Consent receipts include action, categories, timestamp, country/profile context, and banner version where available
GPC and opt-out evidence are checked where relevant
Tracker and iframe blocker evidence is reviewed
Export format matches the receiver: client, auditor, legal team, leadership, or agency
Legal-review and external-certification gaps are listed separately

Important boundaries

COKIQ is a consent operations and evidence platform, not a law firm or certification body.
COKIQ can help customers prove product behavior, visitor choices, scan findings, policy inventory, and blocker activity; it cannot replace legal judgment about whether a business has met every obligation.
Do not claim Google CMP certification, IAB TCF approval, SOC 2, ISO, external audit, marketplace certification, or attorney-reviewed compliance unless the specific approval has been completed and documented.
Country pages and regulation profiles explain operational readiness and product behavior. They are not a substitute for country-specific legal advice.
A missing field in an evidence export can mean the signal was not observed, the banner was not installed yet, or the site has not generated that data. It should be investigated before making claims.

FAQ

What can COKIQ honestly prove?

COKIQ can prove product-side consent operations: scan findings, cookie inventory, banner configuration, consent choices, timestamps, country/profile context, policy and banner versions, GPC evidence where observed, and blocker behavior.

What should we not promise?

Do not promise automatic legal compliance, Google CMP certification, IAB TCF approval, SOC 2, ISO, attorney-issued certificates, marketplace approvals, DPA negotiation, or country-specific legal conclusions unless those external steps are separately completed.

How should sales explain COKIQ?

Say that COKIQ gives businesses operational consent evidence, reporting, and region-aware readiness workflows. Then explain that legal wording and external certifications remain separate review steps.

Can clients share the evidence with auditors?

Yes. Evidence exports are useful for audits and legal review because they show what the product observed and recorded. Auditors or counsel still decide what the evidence means for that business.

Why is this boundary important?

It keeps COKIQ credible. Major platforms also separate product functionality from external legal advice, certification programs, and customer-specific compliance responsibility.