Vendor Compliance (VenCo) Platform

Vendors refer to digital service providers used in companies' digital media and processes. Companies that operate digital media (e.g., marketers, website operators, e-commerce shops, retail media, etc.) are legally responsible for the compliance of these vendors. To enable companies to fulfill this responsibility, ePrivacy, in collaboration with leading publishers, has developed the Vendor Compliance (VenCo) platform.

These companies already use the VenCo database:


  • Comprehensive vendor management and compliance assessment/evaluation 
  • ePrivacy reviews and optimizes your technical vendors based on over 45 criteria 
  • Access to the VenCo platform and API with all vendor test results 
  • Ensuring that vendors comply with the IAB TCF framework 
  • Overview of tracking technologies used, such as first-party data, local storage, ID solutions Individual 
  • special audits as well as support for data protection inquiries


As an independent  service provider, ePrivacy can conduct assessments of your technical vendors very reliably and efficiently.

Vendor Management

  • Taking over the complete vendor management process 
  • Comprehensive overview of vendor behavior on your websites 
  • Overview and assessment of all deployed vendors and their compliance 
  • GAP analysis and optimization recommendations 
  • Data accessible via API and UI
Learn more about Vendor Management

Compliance Audit

  • Assessment based on 45 criteria and 4 data sources per vendor
  • Audit updates and ongoing monitoring
  • First-party data
  • Significantly reduces risks for website operators
  • VenCo ensures compliance with the IAB TCF and related GDPR requirements
Learn more about Compliance Audit

VenCo User Interface/API

  • All test results and vendor information are accessible via an API and the platform.
  • Results can be filtered by vendor ID, name, test result, and more.
  • All data can be downloaded as a JSON file.
  • Upload of vendor allow or white lists is possible.
  • Email notifications for vendor status changes.
  • Access to the API with additional features.
Learn more about our VenCo User Interface


  • Individual and special audits upon request
  • Support for data protection inquiries
  • Available directly and promptly
  • Assessment of custom vendors
  • Bi-monthly reports on the status of vendor assessments
  • Technical and organizational advancements, such as first-party data and ID solutions
Learn more about the Audit

VenCo Plattform

As part of the VenCo platform, ePrivacy creates assessments regarding the compliance of vendors with data processing standards (such as the IAB TCF) and GDPR. For this purpose, data is collected, reviewed, and evaluated. These data are available on the VenCo platform in the form of reports, assessments, and interfaces for controlling vendor compliance. Individual or group assessments of vendors are also conducted as needed. You can access the platform by clicking here.

  • All test results and vendor information are available via an API and the platform (user interface).
  • Results can be filtered by vendor ID, name, test result, and other criteria.
  • All data can be downloaded as a JSON file for further use.
  • The individual test results of vendors can be viewed in detail.
  • Over 45 criteria are used for the assessment from four data sources.
  • Criteria include, among others: tracking technologies, legal basis, Google Additional Consent Mode, TC String, etc.
  • Upload of vendors for allow or whitelist purposes possible - via CSV file or drag & drop
  • Email notifications for vendor status changes
  • Access to API with additional features and analysis functions

What kind of technologies are used?

Large website operators use many different technical vendors on their sites, which, for example, deliver personalized advertising and measure user activity across the board.

Vendors use a wide variety of technologies to process personal data. These processing operations must comply with the requirements of the agreed contracts and also with the GDPR. The operators of the digital media have the responsibility to check the compliance of the vendors data processing and to ensure the compliance of the vendors on a regular basis.

Technical vendors include all uses of web and app scripts (SDKs, pixels, tags, etc.) that are not set by their own website domain. among others, the following vendors are included in the VenCo Platform:

  • IAB TCF Vendors listed in the IAB Global Vendor List.
  • Custom vendors that are not on the Global Vendor List, such as the Meta Pixel, Google Tag Manager, Amazon Pixel, Microsoft Advertising UET (Universal Event Tracking) or other tracking providers.
  • ID providers for the digital advertising ecosystem, such as ID5, netID
  • etc.

Technologically, these vendors are often integrated via Consent Management Platforms (CMPs) and use a variety of technologies to collect and process data about internet users. These include:

  • 3rd party cookies
  • First Party Data
  • Local Storage
  • ID Solutions
  • SDKs
  • etc.

For website opoerators it is a major challenge and often not feasible to check and ensure the compliance with the large number of different vendors on one's own website. In some cases, over 100 vendors are used on websites. That is why ePrivacy has built the VenCo platform together with leading publishers and operates it for all customers.

Leading website operators are constantly confronted with requests for information from the data protection authorities in Germany and other EU member states. These relate to the processing of personal data under the GDPR, including:

  • Lawfulness of the processing (Art. 6(1) DSGVO)
  • Information requirements (Art. 13 DSGVO)
  • Data protection by technology and by default (Art. 25(2) GDPR)
  • Responsibility and demonstrability of compliance (Art. 5(2) GDPR)

Via the VenCo platform, ePrivacy checks the vendors used and ensures that, for example, the IAB EU TCF and associated data protection requirements are complied with. This significantly reduces the risks for website operators.

The following services are included in the VenCo platform

The VenCo platform is operated by ePrivacy and provides all participants with regular and up-to-date details about their vendors' compliance with the TCF and related privacy requirements. This includes:

  • Legal basis and consent
  • Cookies type and scope
  • Storage time and duration of the cookies used
  • Type and scope of other trackers (LSO, etc.)
  • Privacy policy
  • TCF string
  • Type of service
  • Territorial scope
  • International data transfer
  • Vendor contact information
  • Name of the product or service
  • Usage of Google Additional Consent Mode
  • Matching data and GAP Analysis with the Global Vendor List
  • Matching data with results from our crawler
  • Regular mailing of questionnaires to the vendors
  • etc.

This information is collected for over 1000 vendors operating within the IAB EU TCF or in some cases even operating beyond it as IT service providers.

ePrivacy has further developed its own crawler for this purpose, which is used to determine the current activity of the vendors and to verify whether the data collected by questionnaire and by the IAB TCF Global Vendor list are consistent and complete.

As part of the use of the VenCo platform, ePrivacy makes the collected and verified information available to all licensees as a document or via API. This allows publishers, e-commerce shops, website operators, advertisers, etc. to get the most important information about their vendors and thus ensure that the vendors are used in a privacy-compliant manner. Inquiries from clients, compliance departments, and authorities can be answered very efficiently and comprehensively.

Looking to gain a comprehensive understanding of vendor behavior on your website? VenCo platform provides your company with a holistic view of vendor activity, allowing you to make informed decisions and optimize your operations.

Do you have questions or recommendations for us?

We are glad to receive your comments.