Privacy Policy

1. Who We Are

We are the team behind Consentify (consentify.app), a cookie consent platform. We follow GDPR and do our best to protect your privacy.

Contact Us: support@consentify.app

2. What Data We Collect

2.1 Your Account Data (You = Customer)

When you create an account, we collect:

• Email address - to identify your account and contact you
• Password - encrypted with bcrypt, we can't see your actual password
• Name (optional) - if you choose to add it
• Payment info - processed by Stripe (we never see your full card number)

2.2 Usage Data

• How you use the dashboard - which features you use, to improve the product
• Technical info - IP address, browser type, device (for security and debugging)
• Error logs - if something breaks, so we can fix it

2.3 Your End-Users' Consent Data

When someone interacts with your cookie banner, we store:

• Consent choices - which cookie categories they accepted/rejected
• Timestamp - when they gave consent
• A hashed IP address - A one-way encrypted version of the user's IP address to help recognize returning visitors without storing the actual IP.
• User agent - Browser and device information for analytics and debugging.
• Anonymous ID - a random identifier (not their IP or email)
• Banner ID - which of your banners it was

Important: For your end-users' data, YOU are the data controller and WE are the data processor. This means you're responsible for your compliance. See the DPA for details.

3. Why We Collect This Data

• To provide the service - Consentify can't work without storing your account and consent data
• To process payments - so you can upgrade to paid plans
• To give you support - when you email us with questions
• To improve the product - understanding which features are used helps us build better tools
• To fix bugs - error logs help us troubleshoot issues

Legal basis (GDPR): Contract performance (Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f))

4. Where Your Data Is Stored

Services We Use:

• Supabase (EU - Stockholm) - Database and authentication. They handle encryption, backups, and security.
• Stripe - Payment processing. They have their own strict security standards.
• Vercel/AWS - Hosting the website. Data here is minimal (mostly static files).
• Sentry - Error & Performance Monitoring

These are called "sub-processors" in GDPR terms. They all have proper data protection agreements in place.

5. How Long We Keep Data

• Your account data: Until you delete your account
• Consent logs: 12 months by default
• Payment records: 7 years (required by Norwegian accounting law)
• Support emails: Up to 3 years
• Error logs: 90 days

When you delete your account: We delete your data within 30 days, except for payment records we are legally required to keep.

6. Your Rights (GDPR)

You have the right to:

How to exercise these rights: Most things you can do yourself in the dashboard. For anything else, email us at support@consentify.app and we'll help you out.

7. Security

Here's what we do to keep your data safe:

• HTTPS everywhere - All data encrypted in transit (TLS 1.3)
• Encrypted passwords - Hashed with bcrypt, we can't see your password
• Supabase handles encryption at rest - They use industry-standard AES-256
• Regular updates - We keep dependencies up to date
• Access logs - We can see who accessed what, when

8. Data Breaches

If there's a security breach that affects your data, we will:

• Notify you as soon as we become aware of it (aiming for within 72 hours, as required by GDPR)
• Explain what happened and what data was affected
• Tell you what we're doing about it

We'll be honest and transparent if something goes wrong. That's a promise.

9. Cookies

Ironically, we also use cookies and similar technologies on our own website (consentify.app) to operate and improve our service for you, our customer. Here’s a breakdown of what we use:

9.1 Strictly Necessary

These are essential for the site to function and cannot be disabled. They are used to keep you logged in, maintain security, and provide basic, anonymous analytics.

• Consentify session cookie: Keeps you logged into your account.
• Sentry: Captures errors in real-time to help us identify and fix bugs. This is considered essential for maintaining service quality and stability.
• Vercel Analytics: Provides privacy-friendly, cookie-less insights into website traffic and performance. This helps us monitor and improve our service.

9.2 Analytics & Performance (Requires Consent)

These tools help us understand how you use the dashboard so we can improve it. These are only activated if you give us your explicit consent.

• PostHog: We use PostHog for product analytics to see which features are popular and how they are used.
• PostHog Session Replays: With your consent, we may also use PostHog to record your interactions within the dashboard (mouse movements, clicks, and scrolling). This helps us visually understand usability issues and improve the user experience. We are careful to exclude any sensitive information from being recorded.

You can manage your consent for these analytics cookies at any time through our cookie settings. We do not use any third-party advertising or marketing trackers on our platform.

10. Third-Party Links

If we link to other websites (like Supabase docs or Stripe), those sites have their own privacy policies. We're not responsible for their practices.

11. Children

Consentify is not for anyone under 18. We don't knowingly collect data from children. If you're a parent and think your child has created an account, please contact us and we'll delete it immediately.

12. Changes to This Policy

We may update this privacy policy occasionally (like when we add new features or change providers). If we make significant changes, we'll email you at least 30 days in advance.

13. Contact Us

Questions about privacy? Want to exercise your rights? Just want to say hi?

Email us: support@consentify.app

We're a real team and we read every email. We'll get back to you as soon as we can!