← Back

Privacy Policy

Last updated: November 13, 2025

1. Who We Are

We are the team behind Consentify (consentify.app), a cookie consent platform. We follow GDPR and do our best to protect your privacy.

Contact Us: support@consentify.app

2. What Data We Collect

2.1 Your Account Data (You = Customer)

When you create an account, we collect:

  • Email address - to identify your account and contact you
  • Password - encrypted with bcrypt, we can't see your actual password
  • Name (optional) - if you choose to add it
  • Payment info - processed by Stripe (we never see your full card number)

2.2 Usage Data

  • How you use the dashboard - which features you use, to improve the product
  • Technical info - IP address, browser type, device (for security and debugging)
  • Error logs - if something breaks, so we can fix it

2.3 Your End-Users' Consent Data

When someone interacts with your cookie banner, we store:

  • Consent choices - which cookie categories they accepted/rejected
  • Timestamp - when they gave consent
  • A hashed IP address - A one-way encrypted version of the user's IP address to help recognize returning visitors without storing the actual IP.
  • User agent - Browser and device information for analytics and debugging.
  • Anonymous ID - a random identifier (not their IP or email)
  • Banner ID - which of your banners it was

Important: For your end-users' data, YOU are the data controller and WE are the data processor. This means you're responsible for your compliance. See the DPA for details.

3. Why We Collect This Data

  • To provide the service - Consentify can't work without storing your account and consent data
  • To process payments - so you can upgrade to paid plans
  • To give you support - when you email us with questions
  • To improve the product - understanding which features are used helps us build better tools
  • To fix bugs - error logs help us troubleshoot issues

Legal basis (GDPR): Contract performance (Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f))

4. Where Your Data Is Stored

All data is stored in the EU via Supabase (London)

This means your data stays within the EU and is protected by GDPR.

Services We Use:

  • Supabase (EU - London) - Database and authentication. They handle encryption, backups, and security.
  • Stripe - Payment processing. They have their own strict security standards.
  • Vercel/AWS - Hosting the website. Data here is minimal (mostly static files).
  • Sentry - Error & Performance Monitoring

These are called "sub-processors" in GDPR terms. They all have proper data protection agreements in place.

5. How Long We Keep Data

  • Your account data: Until you delete your account
  • Consent logs: 12 months by default (you can configure this)
  • Payment records: 7 years (required by Norwegian accounting law)
  • Support emails: Up to 3 years
  • Error logs: 90 days

When you delete your account: We delete your data within 30 days, except for payment records we are legally required to keep.

6. Your Rights (GDPR)

You have the right to:

  • ✓ Access your data - Export everything via the dashboard
  • ✓ Correct your data - Update your email/name in settings
  • ✓ Delete your data - Delete your account anytime (settings → danger zone)
  • ✓ Export your data - Download as JSON from the dashboard
  • ✓ Object to processing - Email us to discuss
  • ✓ Complain - Contact the Norwegian Data Protection Authority (Datatilsynet)

How to exercise these rights: Most things you can do yourself in the dashboard. For anything else, email us at support@consentify.app and we'll help you out.

7. Security

Here's what we do to keep your data safe:

  • HTTPS everywhere - All data encrypted in transit (TLS 1.3)
  • Encrypted passwords - Hashed with bcrypt, we can't see your password
  • Supabase handles encryption at rest - They use industry-standard AES-256
  • Regular updates - We keep dependencies up to date
  • Access logs - We can see who accessed what, when

Realistic expectations: We follow best practices, but we rely on trusted providers (Supabase, Vercel) for infrastructure security. No system is 100% secure, but we do our best.

8. Data Breaches

If there's a security breach that affects your data, we will:

  • Notify you as soon as we become aware of it (aiming for within 72 hours, as required by GDPR)
  • Explain what happened and what data was affected
  • Tell you what we're doing about it

We'll be honest and transparent if something goes wrong. That's a promise.

9. Cookies

Ironically, we also use cookies on consentify.app:

  • Essential cookies - Keep you logged in (can't be disabled)
  • Analytics - Google Analytics or similar (you can opt out in your browser)

That's it. No tracking cookies, no advertising cookies.

10. Third-Party Links

If we link to other websites (like Supabase docs or Stripe), those sites have their own privacy policies. We're not responsible for their practices.

11. Children

Consentify is not for anyone under 18. We don't knowingly collect data from children. If you're a parent and think your child has created an account, please contact us and we'll delete it immediately.

12. Changes to This Policy

We may update this privacy policy occasionally (like when we add new features or change providers). If we make significant changes, we'll email you at least 30 days in advance.

13. Contact Us

Questions about privacy? Want to exercise your rights? Just want to say hi?

Email us: support@consentify.app

We're a real team and we read every email. We'll get back to you as soon as we can!

TL;DR

  • We only collect data needed to run the service
  • Everything stored safely in the EU (Supabase)
  • You can export or delete your data anytime
  • We never sell your data to anyone
  • We're transparent and honest about what we do with your data
← Terms of Service→ Data Processing Agreement