Overview
A privacy vendor is the consent management platform (CMP) your site uses to ask visitors what categories of tracking they accept. Enabling one in AutoTag instructs the sync process to generate consent-gated triggers for every pixel, so no tag fires before the user grants consent for its category.
AutoTag supports seven vendors out of the box: Cookiebot, CookieYes, Google Consent Mode, OneTrust, Osano, Termly, and TrustArc. Pick the one your legal or compliance team has already approved, and AutoTag handles the wiring to GTM.
Choose a vendor
In your project configuration, scroll to the Privacy Vendors section. Expand the vendor you've chosen and toggle it on. Only one vendor should be enabled per project to avoid conflicting consent signals that leave tags in an unpredictable state.
If you're not sure which vendor you have, check your site source for obvious markers like cookiebot.com/uc.js (Cookiebot) or cdn.cookielaw.org (OneTrust). The script tag reveals which CMP is deployed, and that's the one you should enable here.
Enter credentials
Each vendor requires specific IDs from your consent platform account. Cookiebot needs a CBID. CookieYes needs a Client ID. OneTrust needs a Domain Script ID. Osano needs both a Customer ID and a Configuration ID. Termly needs a Website UUID. TrustArc needs a Domain and a Site ID.
These IDs are sourced from the vendor's admin dashboard under the settings or deployment page. Most vendors make the relevant ID visible when you copy the script snippet they provide for manual installation. If you can't find the ID, check the vendor's documentation for "script ID" or "domain script" specifically.
Save and sync
Save the project, then click Sync from the project card. AutoTag generates consent triggers for all consent categories, not just the ones mapped to your enabled pixels, which ensures full compliance coverage even if you add pixels later without re-examining consent setup.
After the sync completes, open GTM and confirm the TagPipes-managed tags now reference the consent-gated triggers. You should see a new set of trigger names tied to the vendor you chose, and every marketing tag gated behind them.
Only enable one privacy vendor per project to avoid conflicting consent signals. Google Consent Mode is the exception to the pattern: it adds consent signals (ad_storage, analytics_storage) to tags without deploying a separate consent banner. When switching vendors, disable the old one before enabling the new one and then re-sync, because consent triggers are generated dynamically based on the vendor you select.
Troubleshooting
Tags fire before user consents
The vendor probably isn't enabled in AutoTag, or you saved the vendor but haven't synced yet. Sync writes the consent triggers into GTM, and until that happens, tags remain ungated. Re-sync and re-check.
Consent banner appears twice
Two CMPs are active on the page, usually because the old vendor's script is still embedded in the site template while a new one is enabled in AutoTag. Remove the old script from the site HTML template, or disable the new vendor and keep the old, but don't run both.
Tags blocked even after consent granted
The vendor's consent categories probably don't map correctly to GTM consent types in the generated triggers. If you're using consent profiles, open the profile and verify the mapping. If you're not using profiles, the default category mapping may not match your CMP's deployment, in which case a consent profile is the clean fix.