Freshpaint is a HIPAA-focused privacy gateway that proxies healthcare marketing data and strips protected health information before passing events to advertising and analytics vendors. That makes it valuable for healthcare organizations, but it does not make it "strictly necessary" under IAB TCF, OneTrust, Osano, or Cookiebot taxonomies. Mis-categorizing Freshpaint loads it pre-consent, creates regulatory exposure, and is the single most common CMP configuration error Lokker finds in healthcare deployments.
Privacy Gateways
Freshpaint is a healthcare-specific privacy gateway that intercepts outbound marketing and analytics data, strips electronic protected health information (ePHI), and routes compliant event data to advertising and analytics platforms without exposing patient-level identifiers.
Trademark
Freshpaint is a trademark of Freshpaint, Inc.. Lokker is not affiliated with or endorsed by Freshpaint, Inc..
Risk and failure modes
Freshpaint solves a real problem for healthcare marketers, but its scope is limited to the vendors it proxies and the data it de-identifies. The risks below fall outside Freshpaint's coverage and appear routinely in Lokker scans of healthcare web properties.
Freshpaint is a marketing data router, not a security or operational primitive. Loading it before consent fires under IAB TCF Purpose 1 without a lawful basis, creates GDPR Article 6 exposure, and violates CCPA opt-out of sale and sharing obligations.
Freshpaint only processes the data of vendors it is explicitly configured to proxy. Every other third-party script on the page, including session replay tools, analytics platforms, and ad pixels outside its scope, still fires without HIPAA or CMP validation unless independently governed.
Freshpaint does not scan your web estate for third-party trackers, consent-state failures, or GPC signal handling. Organizations running multiple sites or a large property portfolio have no visibility into risks outside Freshpaint-proxied traffic.
Freshpaint does not honor Global Privacy Control signals or enforce CCPA/CPRA opt-out of sale and sharing for non-proxied scripts. The site's CMP and consent infrastructure remain responsible for those obligations across the full page.
Consent and configuration
The search queries that lead privacy and engineering teams to this page are almost always the same question: can Freshpaint be set to "essential" or "strictly necessary" so it loads without consent? The direct answer is no, with narrow exceptions. Here is what each major CMP taxonomy requires.
IAB TCF v2.2 defines "strictly necessary" under Purpose 1 (storage and access) for cookies required to deliver the service the user explicitly requested. A marketing data router that enables advertising is not strictly necessary under this definition regardless of HIPAA compliance.
OneTrust, Osano, Cookiebot, and most enterprise CMPs require vendors that route data to advertising or analytics platforms to be categorized under functional, analytics, or advertising consent categories and gated behind user consent or opt-out of sale signals.
Under GDPR and UK GDPR, any script that collects or transmits data for the purpose of advertising targeting or analytics measurement requires a lawful basis such as consent, even when the data is de-identified before reaching the destination.
Lokker runs automated browser flows in pre-consent, reject, and GPC states to confirm whether Freshpaint actually gates correctly under your CMP, so you can verify the categorization is enforced and not just configured.
Regional compliance
HIPAA and GDPR address different obligations. HIPAA governs the handling of protected health information by covered entities and business associates in the US. GDPR, UK GDPR, and US state privacy laws govern personal data processing including IP addresses, device identifiers, and behavioral data for residents regardless of health context. The OCR guidance on tracking technologies published in 2022 and updated in 2024 clarified that web trackers on patient-facing portals and public-facing healthcare sites can constitute impermissible disclosures of ePHI. Freshpaint addresses the HIPAA layer. It does not replace the consent obligations under GDPR, CCPA, CPRA, VPPA, or state biometric and health data laws that apply to the broader third-party script inventory.
How Lokker helps
Freshpaint and Lokker solve different parts of the healthcare privacy problem. Freshpaint proxies and de-identifies data for the marketing vendors it supports. Lokker validates, monitors, and enforces privacy across every script on the page, including the CMP configuration that must correctly gate Freshpaint itself.
Privacy Edge scans your healthcare web properties and surfaces every third-party request, cookie, and payload with risk scoring and reason codes mapped to HIPAA, GDPR, CCPA, and state laws. It covers scripts outside Freshpaint's proxy scope.
Explore Privacy EdgeConsent Validator runs automated browser flows in reject, no-interaction, and GPC states and confirms whether Freshpaint and every other vendor actually gate correctly under your OneTrust, Osano, or Cookiebot configuration.
Explore Consent ValidatorGuardian intercepts and enforces blocking at the network layer for any script outside your trusted-vendor list, giving you real-time control over data leaving the browser for vendors Freshpaint does not proxy.
Explore GuardianExplore Lokker
Each product links to its full details so you can explore features, view a demo, and understand how it applies to your Freshpaint deployment.
Intelligence
Scans the full third-party script inventory on healthcare sites and surfaces risks Freshpaint does not cover, including session replay, non-proxied pixels, and consent failures.
Explore Privacy EdgeValidation
Confirms that Freshpaint and every other vendor are correctly gated in pre-consent, reject, and GPC states under your OneTrust, Osano, or Cookiebot configuration.
Explore Consent ValidatorEnforcement
Enforces network-layer blocking for scripts outside Freshpaint's proxy scope, so data cannot leave the browser from ungated vendors.
Explore GuardianBefore you deploy
Marketing teams often evaluate tools on performance and features. These privacy questions are worth settling before the script goes live, because fixing them after a complaint is significantly more expensive.
Which consent category will Freshpaint be assigned in your CMP (OneTrust, Osano, Cookiebot, or other)? Confirm it is not "essential" or "strictly necessary" unless your legal team has written justification under the applicable law.
Does your CMP configuration prevent Freshpaint from loading before a visitor accepts or in a GPC/opt-out state? Have you validated this at the network layer, not just the dashboard?
Which vendors are you routing through Freshpaint? Do those vendors have their own consent requirements in GDPR, CCPA, or state law beyond HIPAA that require separate CMP categorization?
What third-party scripts on your page are outside Freshpaint's proxy scope? Have those been audited and assigned correct consent categories?
Do you have a process for monitoring new scripts added through tag managers or CMS updates that may bypass both Freshpaint and your CMP?
Next step
Lokker runs automated browser-level consent flows and scans the network layer to confirm whether Freshpaint fires in states where it should not.