Implement comprehensive cookie consent management for Microsoft Clarity and Google Analytics

Co-authored-by: BenjaminMichaelis <22186029+BenjaminMichaelis@users.noreply.github.com>

Author: Copilot

EssentialCSharp.Web/COOKIE_CONSENT.md

@@ -0,0 +1,117 @@
+# Cookie Consent Implementation
+
+This document describes the cookie consent implementation for Essential C# website to comply with Microsoft Clarity's new consent requirements for EEA, UK, and Switzerland users.
+
+## Overview
+
+Starting October 31, 2025, Microsoft Clarity requires explicit consent signals for users from the European Economic Area (EEA), United Kingdom (UK), and Switzerland. This implementation provides a comprehensive solution using Google Consent Mode v2 that works with both Microsoft Clarity and Google Analytics.
+
+## Implementation Details
+
+### Files Modified/Added
+
+1. **`/wwwroot/js/consent-manager.js`** - New consent management system
+2. **`Views/Shared/_Layout.cshtml`** - Updated to integrate consent manager with analytics
+3. **`Views/Home/Privacy.cshtml`** - Enhanced privacy policy page
+
+### Features
+
+- **Automatic Region Detection**: Detects users from EEA/UK/Switzerland using timezone
+- **Google Consent Mode v2**: Unified consent framework for both analytics platforms
+- **Granular Consent**: Separate consent for Analytics and Advertising cookies
+- **Persistent Storage**: Saves consent preferences for 365 days
+- **Responsive Design**: Works on desktop and mobile devices
+- **Accessibility**: Proper ARIA labels and keyboard navigation
+
+### Consent Categories
+
+1. **Essential Cookies** - Always granted (required for functionality)
+2. **Analytics Cookies** - Optional (Google Analytics, Microsoft Clarity)
+3. **Advertising Cookies** - Optional (advertising and remarketing)
+
+### User Experience
+
+For users in EEA/UK/Switzerland:
+1. Cookie banner appears on first visit
+2. Users can Accept All, Reject All, or Customize preferences
+3. Customization shows detailed information about each cookie category
+4. Preferences are saved and respected across visits
+5. Users can change preferences anytime via footer link
+
+For users outside these regions:
+- No banner shown by default
+- Analytics work normally
+- Consent preferences still accessible via footer link
+
+## Technical Integration
+
+### Google Consent Mode v2
+
+The implementation uses Google's Consent Mode v2 with these consent types:
+- `analytics_storage`
+- `ad_storage` 
+- `ad_user_data`
+- `ad_personalization`
+- `functionality_storage` (always granted)
+- `security_storage` (always granted)
+
+### Microsoft Clarity Integration
+
+Clarity consent is managed via the Clarity Consent API:
+```javascript
+clarity('consent', analyticsConsent);
+```
+
+### Google Analytics Integration
+
+Google Analytics respects consent mode automatically:
+```javascript
+gtag('consent', 'update', consentState);
+gtag('config', 'G-761B4BMK2R'); // Only when consent granted
+```
+
+## Testing
+
+### Test Parameters
+
+Add `?testConsent=true` to any URL to force consent banner display for testing.
+
+### Verification Steps
+
+1. Visit site from EEA timezone or with test parameter
+2. Verify banner appears
+3. Test Accept All - analytics should activate
+4. Test Reject All - analytics should remain disabled
+5. Test Custom preferences - verify granular control
+6. Check consent persistence across page loads
+
+## Compliance
+
+This implementation ensures compliance with:
+- **GDPR** - Explicit consent before processing personal data
+- **ePrivacy Directive** - Cookie consent requirements
+- **Microsoft Clarity** - New consent enforcement requirements
+
+## Browser Support
+
+- Modern browsers with ES6 support
+- Graceful degradation for older browsers
+- Works without JavaScript (essential functionality only)
+
+## Maintenance
+
+### Adding New Analytics Services
+
+1. Add consent check in initialization code
+2. Update consent manager to include new service
+3. Test consent flow with new service
+
+### Updating Consent Categories
+
+Modify the `consentState` object in `ConsentManager` constructor and update the banner UI accordingly.
+
+## Support
+
+For technical issues or questions about this implementation, please refer to:
+- Microsoft Clarity documentation: https://learn.microsoft.com/en-us/clarity/
+- Google Consent Mode documentation: https://developers.google.com/tag-platform/gtagjs/consent

EssentialCSharp.Web/Views/Home/Privacy.cshtml

@@ -3,4 +3,93 @@
 }
 <h1>@ViewData["Title"]</h1>
 
-<p>Use this page to detail your site's privacy policy.</p>
+<div class="container">
+    <div class="row">
+        <div class="col-lg-8">
+            <h2>Privacy Policy</h2>
+            <p>At Essential C#, we are committed to protecting your privacy and ensuring you have a positive experience on our website.</p>
+
+            <h3>Information We Collect</h3>
+            <p>We collect information to provide better services to our users. The types of information we collect include:</p>
+            <ul>
+                <li><strong>Usage Information:</strong> How you interact with our website, including pages visited, time spent, and navigation patterns</li>
+                <li><strong>Technical Information:</strong> Browser type, operating system, IP address, and device information</li>
+                <li><strong>Account Information:</strong> When you create an account, we collect your email address and any profile information you provide</li>
+            </ul>
+
+            <h3>How We Use Your Information</h3>
+            <p>We use the information we collect to:</p>
+            <ul>
+                <li>Provide and improve our services</li>
+                <li>Analyze website usage to enhance user experience</li>
+                <li>Communicate with you about updates and features</li>
+                <li>Ensure website security and prevent fraud</li>
+            </ul>
+
+            <h3>Cookies and Tracking Technologies</h3>
+            <p>We use cookies and similar technologies to enhance your browsing experience. Our website uses:</p>
+            <ul>
+                <li><strong>Essential Cookies:</strong> Required for basic website functionality</li>
+                <li><strong>Analytics Cookies:</strong> Help us understand how you use our site (Google Analytics, Microsoft Clarity)</li>
+                <li><strong>Advertising Cookies:</strong> Used to deliver relevant advertisements</li>
+            </ul>
+            
+            <p>You can manage your cookie preferences at any time by clicking the "Cookie Preferences" link in our footer.</p>
+            
+            <div class="mt-3 mb-3">
+                <button class="btn btn-primary" onclick="openConsentPreferences()">
+                    <i class="fa fa-cog me-2"></i>Manage Cookie Preferences
+                </button>
+            </div>
+
+            <h3>Your Rights</h3>
+            <p>Depending on your location, you may have certain rights regarding your personal information:</p>
+            <ul>
+                <li>Access to your personal information</li>
+                <li>Correction of inaccurate information</li>
+                <li>Deletion of your personal information</li>
+                <li>Restriction of processing</li>
+                <li>Data portability</li>
+                <li>Objection to processing</li>
+            </ul>
+
+            <h3>Third-Party Services</h3>
+            <p>Our website uses the following third-party services that may collect information:</p>
+            <ul>
+                <li><strong>Google Analytics:</strong> Web analytics service provided by Google Inc.</li>
+                <li><strong>Microsoft Clarity:</strong> User behavior analytics service provided by Microsoft Corporation</li>
+            </ul>
+
+            <h3>Data Retention</h3>
+            <p>We retain your information only as long as necessary to provide our services and fulfill the purposes outlined in this privacy policy.</p>
+
+            <h3>International Transfers</h3>
+            <p>Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.</p>
+
+            <h3>Contact Us</h3>
+            <p>If you have questions about this privacy policy or your personal information, please contact us through our GitHub repository or at the contact information provided on <a href="https://intellitect.com/about/privacy-policy/" target="_blank">IntelliTect's Privacy Policy</a>.</p>
+
+            <h3>Changes to This Policy</h3>
+            <p>We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page.</p>
+
+            <p><small><em>Last updated: @DateTime.Now.ToString("MMMM dd, yyyy")</em></small></p>
+        </div>
+        <div class="col-lg-4">
+            <div class="card">
+                <div class="card-header">
+                    <h5>Quick Actions</h5>
+                </div>
+                <div class="card-body">
+                    <div class="d-grid gap-2">
+                        <button class="btn btn-outline-primary" onclick="openConsentPreferences()">
+                            <i class="fa fa-cog me-2"></i>Cookie Preferences
+                        </button>
+                        <a href="https://intellitect.com/about/privacy-policy/" target="_blank" class="btn btn-outline-secondary">
+                            <i class="fa fa-external-link me-2"></i>IntelliTect Privacy Policy
+                        </a>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>

EssentialCSharp.Web/Views/Shared/_Layout.cshtml

@@ -78,24 +78,43 @@
     <environment exclude="Development">
         <script type="importmap" asp-importmap="@prodMap"></script>
     </environment>
+    <!-- Cookie Consent Manager - Load before analytics -->
+    <script src="~/js/consent-manager.js" asp-append-version="true"></script>
+    
+    <!-- Microsoft Clarity - Will be activated based on consent -->
     <script type="text/javascript">
         (function (c, l, a, r, i, t, y) {
             c[a] = c[a] || function () { (c[a].q = c[a].q || []).push(arguments) };
             t = l.createElement(r); t.async = 1; t.src = "https://www.clarity.ms/tag/" + i;
             y = l.getElementsByTagName(r)[0]; y.parentNode.insertBefore(t, y);
         })(window, document, "clarity", "script", "g4keetzd2o");
     </script>
+    
     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css">
     <!-- Markdown and sanitization libraries -->
     <script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
     <script src="https://cdn.jsdelivr.net/npm/dompurify@3.0.5/dist/purify.min.js"></script>
-    <!-- Google tag (gtag.js) -->
+    
+    <!-- Google tag (gtag.js) - Will be activated based on consent -->
     <script async src="https://www.googletagmanager.com/gtag/js?id=G-761B4BMK2R"></script>
     <script>
         window.dataLayer = window.dataLayer || [];
         function gtag() { dataLayer.push(arguments); }
+        
+        // Initialize gtag but don't configure until consent is given
         gtag('js', new Date());
-        gtag('config', 'G-761B4BMK2R');
+        
+        // Configuration will be handled by consent manager
+        // Only configure if consent is already granted or region doesn't require consent
+        document.addEventListener('DOMContentLoaded', function() {
+            // Small delay to ensure consent manager is initialized
+            setTimeout(function() {
+                if (window.consentManager && 
+                    (window.consentManager.hasAnalyticsConsent() || !window.consentManager.requiresConsent)) {
+                    gtag('config', 'G-761B4BMK2R');
+                }
+            }, 100);
+        });
     </script>
     <style>
         [v-cloak] {
@@ -506,6 +525,9 @@
                 <div class="col-12 col-md-auto align-self-end p-2">
                     <a target="_blank" rel="noreferrer noopener" href="https://intellitect.com/about/privacy-policy/">Privacy</a>
                 </div>
+                <div class="col-12 col-md-auto align-self-end p-2">
+                    <a href="javascript:void(0)" onclick="openConsentPreferences()">Cookie Preferences</a>
+                </div>
                 <div class="col-12 col-md-auto align-self-end p-2"><a asp-route="TermsOfService">Terms Of Service</a></div>
             </div>
         </footer>