Is your website generating demand, or demand letters?
Agency 39A is your partner for consent-first marketing. We bring the engineering expertise to implement and integrate consent tooling, the marketing fluency to protect your goals, and a remediation practice built on real CIPA, GDPR, and ADA engagements.
Talk to a compliance strategistCoverage across the regulations aimed at your website
CIPA & pen-register claims
California's wiretap-era statute is now aimed at everyday marketing tags, with demand letters seeking $5,000 per violation. We find what fires before consent — the exact behavior these claims cite — and shut the door.
GDPR & ePrivacy
Prior consent for cookies and trackers for EU and UK visitors, implemented so a regulator can verify it and a marketer can live with it.
CCPA, CPRA & state privacy laws
Opt-out flows, Global Privacy Control signals, and sale-or-share disclosures mapped across the growing patchwork of US state privacy laws.
ADA & WCAG 2.1 AA
Accessibility audits and remediation aligned to WCAG 2.1 AA, the standard the DOJ's web accessibility rule points to, handled by the same team that governs your tags.
Google Consent Mode v2
Mandatory if you advertise to EEA or UK audiences. We wire and verify the consent signals that keep Google Ads and GA4 measuring while you comply.
VPPA & session-replay exposure
Video-viewing data, session recording, and chat transcripts each carry their own litigation theories. We inventory them, gate them, or replace them.
The tracking stack we audit and govern
WordPress
Consent-governed tags and forms across WordPress sites
Google Tag Manager
Every tag gated behind verified consent state
Google Analytics 4
Measurement kept lawful without losing the signal
Google Consent Mode
Consent signals wired so campaigns keep converting
Meta Pixel
Fires after consent, never a moment before
LinkedIn Insight Tag
B2B tracking governed under consent, not habit
HubSpot
Forms, chat, and tracking made consent-aware
TikTok Pixel
Audited, gated, and documented before it fires
Hotjar
Session replay masked, gated, and consent-bound
Google Ads
Conversion tracking that survives strict consent gating
Microsoft Clarity
Heatmaps and recordings behind explicit consent only
OneTrust (migration)
Clean migrations from OneTrust to Usercentrics
Five ways we keep marketing compliant
CIPA & GDPR digital audit
A full inventory of every tracker, cookie, pixel, chat widget, and session-replay tool on your site: what fires before consent, where the data goes, and which findings map to active litigation theories.
Consent architecture & Usercentrics implementation
CMP selection, configuration, and rollout as a Usercentrics partner: geo-aware banners, auditable consent records, and Google-certified CMP wiring that legal and marketing both sign off on.
Tag governance & remediation
We rebuild GTM containers, gate pixels, chat, and session replay behind consent state, and retire the zombie tags nobody remembers installing.
Marketing continuity engineering
Consent Mode v2, server-side tagging, and modeled conversions, so gating your trackers doesn't blind attribution or starve your ad platforms of signal. Compliance that keeps revenue flowing.
Counsel-ready documentation & monitoring
Change logs, consent records, and scan reports formatted so your attorneys can actually use them, plus scheduled re-scans that catch drift before a demand letter does.
Not sure what your site is firing right now?
Ask for a CIPA exposure check. We run the same kind of crawl plaintiff-side tools use and come back fast with what fires before consent, and whether any of it matches the current wave of pen-register claims. No obligation, no scare tactics — just what we found.
Request a CIPA exposure check