Last updated: 4/8/2025

Privacy Policy

1. Introduction and Data Controller

Welcome to CookieComply. This Privacy Policy explains how we (CookieComply, Daimlerstr. 5E, 76669, Bad Schönborn, BW, Germany - hereinafter "we" or "us"), as the data controller, collect, use, disclose, and safeguard your information when you visit our website. Please read this Privacy Policy carefully. By accessing or using our website, you acknowledge that you have read, understood, and agree to be bound by all the terms outlined in this Privacy Policy and our Terms of Service.

2. What Data We Collect and Legal Basis for Processing

We collect and process your data based on the following legal bases under the General Data Protection Regulation (GDPR):

  • Contractual Necessity (Art. 6(1)(b) GDPR): To provide the core services you request, such as creating an account, performing cookie scans you initiate, generating reports, and managing your subscription (if applicable). This includes:
    • Personal identification information you provide (e.g., name, email address when signing up).
    • Data related to the websites you submit for scanning (URLs).
    • Data necessary for processing payments if you subscribe to paid tiers (handled by our payment processor).
  • Consent (Art. 6(1)(a) GDPR): Where you have given us explicit consent for specific purposes. This includes:
    • Sending you marketing newsletters (if you subscribe via ConvertKit).
    • Collecting analytical data about your interaction with our website (e.g., page visits, usage patterns via Vercel Analytics) to help us improve our service. This data is collected only if you accept analytical cookies/tracking via our consent mechanism.
    • Using non-essential cookies as detailed in our Cookie Policy. You can withdraw your consent at any time (see Section 6).
  • Legitimate Interests (Art. 6(1)(f) GDPR): For purposes such as website security, basic operational logging, fraud prevention, and addressing technical issues, where our interests are not overridden by your data protection interests or fundamental rights and freedoms. This may include:
    • Device information (browser type, IP address for security logging).
    • Basic server logs required for website operation and security.
  • Legal Obligation (Art. 6(1)(c) GDPR): Where processing is necessary for compliance with a legal obligation to which we are subject (e.g., retaining financial records for tax purposes).

The specific categories of data we may collect include:

  • Personal identification information (name, email address).
  • Website URLs submitted for scanning.
  • Usage data (how you interact with our website, collected subject to consent).
  • Cookie data (as detailed in our Cookie Policy, subject to consent for non-essential cookies).
  • Device information (browser type, IP address, device type - primarily for security and basic functionality).
  • Subscription and payment information (if applicable, processed via third parties).

3. How We Use Your Data

We use your data based on the legal grounds mentioned above for the following purposes:

  • To provide and maintain our services
  • To notify you about changes to our services
  • To allow you to participate in interactive features of our service
  • To provide customer support
  • To gather analysis or valuable information to improve our services
  • To monitor the usage of our services
  • To detect, prevent and address technical issues

4. Data Sharing and International Transfers

We do not sell your personal data. We may share your information with third-party service providers (data processors) who perform services for us or on our behalf and require access to such information to do that work. These include:

  • Hosting Provider (Vercel): Our website is hosted by Vercel Inc. (USA). Vercel processes data necessary for hosting and may collect analytics data if you consent.
  • Email Marketing Provider (Kit): If you subscribe to our newsletter, your email address is managed by Kit (USA).
  • Payment Processor (Stripe): We use Stripe Inc. (USA) for payment processing, subscription management, and card verification.
  • AI Analysis Provider (Google Cloud / Generative AI): The AI-powered scan analysis features utilize services from Google LLC (USA).

Some of these providers (Vercel, Kit, Stripe, Google) are located in the United States. When we transfer your data outside the European Economic Area (EEA), we ensure a similar degree of protection is afforded to it by ensuring adequate safeguards are implemented. This may include relying on an adequacy decision by the European Commission (like the EU-US Data Privacy Framework, where applicable and certified by the provider) or using Standard Contractual Clauses (SCCs) approved by the European Commission. You can request more information about the safeguards we use.

5. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, based on the legal basis for processing. Specific retention periods or the criteria used to determine them include:

  • Account information: Retained for the duration your account is active and for a reasonable period thereafter to allow reactivation or as required for legal compliance.
  • Data processed under Consent (e.g., newsletter subscription, analytics): Retained until you withdraw your consent or the purpose is fulfilled.
  • Data related to contractual obligations (e.g., scan history): Retained for the duration necessary to provide the service and fulfill contractual requirements, potentially longer if needed for legal claims or compliance.
  • Data required by Legal Obligation (e.g., financial records): Retained for the period specified by German law (e.g., tax retention periods).
  • Security logs: Typically retained for shorter periods (e.g., 90 days) unless needed for an ongoing investigation.

We will delete or anonymize your data when it is no longer necessary for these purposes.

6. Your Data Protection Rights Under GDPR

As a resident of the European Economic Area (EEA), you have the following data protection rights regarding your personal data:

  • The right to access – You have the right to request copies of your personal data.
  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete.
  • The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that we transfer the data that we have collected (processed based on consent or contract) to another organization, or directly to you, under certain conditions.
  • The right to withdraw consent – Where we process your data based on your consent (Art. 6(1)(a) GDPR), you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
  • The right to lodge a complaint – You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes GDPR. The competent authority for us is: Der Landesbeauftragte fĂĽr den Datenschutz und die Informationsfreiheit Baden-WĂĽrttemberg Website: www.baden-wuerttemberg.datenschutz.de (Postal address: Postfach 10 29 32, 70025 Stuttgart, Germany)

To exercise any of these rights, please contact us using the details in Section 8.

7. Cookies

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. Please see our Cookie Policy for more details.

8. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

CookieComply Daimlerstr. 5E 76669 Bad Schönborn Germany Email: legal@cookie-comply.com