Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Privacy infrastructure platform that automates consent, data subject requests and vendor governance through a JavaScript SDK (airgap.js) and a server side API.
Transcend Inc. is a privacy infrastructure vendor headquartered in San Francisco. Its product suite includes a Consent Management Platform powered by the airgap.js bundle, an automated Data Subject Request (DSR) engine, a vendor and data inventory tool and a privacy policy assembly module. Large enterprises use Transcend to operationalise GDPR, ePrivacy, CCPA, LGPD and emerging US state laws across their tech stack.
On the public website, Transcend writes a first party preference cookie (transcend.consent) and a session token (transcend.session) used to identify the consent record. The DSR engine processes the data subject email, IP, request payload and the responses fetched from your downstream tools. The vendor inventory stores metadata about each processor (legal basis, retention, transfers).
The Transcend consent cookie is treated as strictly necessary under recital 66 of the ePrivacy Directive because it stores the user choice. Any other cookie that airgap.js gates on the page (analytics, marketing, social) requires Article 6(1)(a) consent before it loads. The DSR and vendor governance modules rely on legitimate interest (Art. 6(1)(f)) and on compliance with a legal obligation (Art. 6(1)(c)).
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Transcend Inc. is a US controller of customer support and account data. The airgap.js SDK can be hosted on US AWS by default or on the EU AWS Frankfurt region for customers with EU residency requirements. Sign Standard Contractual Clauses with Transcend Inc., complete a Transfer Impact Assessment and document the chosen region in your Record of Processing Activities.
Configure airgap.js to block all non essential vendors before consent, set the EU residency where applicable, sign the Data Processing Addendum and SCCs, scope the DSR connectors to the minimum systems, log every DSR for accountability, run a yearly DPIA review and surface a clear, granular consent banner that meets EDPB Guidelines 03/2022.
Websites using Transcend must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Transcend is used to centralise data subject requests across many internal systems and to broker consent for hundreds of vendors. Document the categories of data flowing through the DSR workflow, the legal basis, the residency choice and the SCCs with Transcend Inc.
Sample consent text
We use Transcend to manage your consent and privacy preferences. With your consent, the airgap.js bundle stores your choices and gates non essential trackers on this site.
Third-party domains contacted
transcend.iocdn.transcend.ioconsent.transcend.ioairgap.transcend.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| transcend.consent | first_party | 1 year | Stores the visitor consent preferences (categories accepted, refused) so airgap.js can decide which third party scripts to load. |
| transcend.session | first_party | Session | Session identifier used to attach the consent record to the active browsing session and the audit log. |
| airgap.consent | first_party | 1 year | Backup container used by airgap.js to store the consent payload when localStorage is unavailable. |
Transcend is an essential service, but transparency matters. Manage all your consent with FlowConsent.
The airgap.js bundle writes transcend.consent (preference record) and transcend.session (consent session). Other cookies appearing on a Transcend protected site come from third party vendors gated by airgap.js, not from Transcend itself.
The Transcend consent cookie is considered strictly necessary because it stores the user choice and so does not require prior consent. The non essential vendors that airgap.js gates do require Article 6(1)(a) GDPR consent before they fire.
Strictly necessary consent storage relies on Art. 6(1)(f) legitimate interest and the ePrivacy recital 66 exemption. Vendor cookies require Art. 6(1)(a) consent. DSR and vendor governance modules rely on legitimate interest and on compliance with a legal obligation (Art. 6(1)(c) GDPR).
Yes by default. Transcend Inc. processes account data in the US. The airgap.js consent SDK can be served from AWS US or AWS Frankfurt. SCCs with Transcend Inc. and a Transfer Impact Assessment are required when the US tenant or US support staff are involved.
A DPIA is recommended for the DSR engine because it centralises personal data flows from many internal systems. It is also advisable when Transcend governs hundreds of vendors with international transfers.
Choose EU residency where applicable, sign the DPA and SCCs, configure airgap.js in strict mode (block before consent), define minimum DSR connector scopes, log every DSR with timestamps, integrate with your IDP and review the deployment in a yearly DPIA.
EU based and Europe friendly alternatives include OneTrust, Didomi, Axeptio, Usercentrics, Cookiebot, Termly and the open source Klaro. Each has a different mix of CMP, DSR automation and vendor governance features.
List transcend.consent and transcend.session as strictly necessary. Mention Transcend Inc. as a processor, the chosen residency (US or EU), the SCCs in place, the DSR engine connectors and the right of users to withdraw consent at any time through the Transcend preference centre.