Privacy Policy

Last Updated: January 6, 2026

Your Privacy Matters

We are committed to protecting your privacy and complying with GDPR and other applicable data protection laws. This policy explains what data we collect, why we collect it, and your rights regarding your personal data.

1. Data Controller

Cookie Compliance Scanner ("we," "us," or "our") is the data controller responsible for your personal data.

For privacy-related inquiries, please contact us through the contact information provided on our website.

2. What Data We Collect

2.1 Information You Provide

When you use our Service, we collect:

  • Email Address: Required to unlock full scan reports and communicate with you about your scans.
  • Scanned Website URL: The website address you submit for scanning.
  • Payment Information: When purchasing PDF reports, payment is processed securely by third-party payment processors. We do not store complete credit card details on our servers.

2.2 Scan Results Data

We collect and store technical data from website scans, including:

  • Scan timestamp and overall compliance status (PASS/WARN/FAIL)
  • Number and types of violations detected
  • Presence of pre-consent tracking
  • Cookie banner configuration details
  • List of cookies and tracking requests detected
  • Website screenshots for evidence purposes

2.3 Automatically Collected Data

We automatically collect:

  • Analytics Data: We use privacy-focused, GDPR-compliant analytics to collect aggregated usage statistics, including page views, referrers, device types, and geographic regions, without tracking individuals.
  • Technical Data: Browser type, operating system, IP address (anonymized), access times, and referring URLs for security and service improvement purposes.

3. How We Use Your Data

We process your personal data for the following purposes:

Service Delivery (Legal Basis: Contract Performance)

  • Perform website compliance scans
  • Generate and deliver scan reports
  • Provide access to detailed findings and evidence
  • Deliver purchased PDF reports

Communication (Legal Basis: Legitimate Interest / Consent)

  • Deliver scan results and purchased reports to your email
  • Respond to your inquiries and support requests
  • Send important service updates when necessary
  • Marketing communications (only with your explicit consent, which you can withdraw at any time)

Service Improvement (Legal Basis: Legitimate Interest)

  • Analyze aggregated scan data to improve detection algorithms
  • Identify common compliance issues and trends
  • Monitor service performance and fix technical issues
  • Prevent abuse and ensure service security

Legal Compliance (Legal Basis: Legal Obligation)

  • Comply with applicable laws and regulations
  • Respond to legal requests and prevent fraud
  • Maintain records for tax and accounting purposes

4. Data Sharing and Third Parties

We do not sell your personal data. We share data only with trusted service providers necessary to operate our Service:

Database and Hosting Providers

We use secure, GDPR-compliant database and hosting services located within the European Union to store email addresses, scanned URLs, and scan results.

Analytics Services

We use privacy-focused analytics services that collect anonymized usage statistics without cookies or personal tracking.

Payment Processors

When purchasing PDF reports, payment information is processed securely by third-party payment providers. We do not store complete payment card details on our servers.

Email Service Providers

We use email service providers to deliver scan results and purchased reports to your email address.

All third-party service providers are contractually required to protect your data and use it only for the purposes we specify. We only work with providers that meet strict data protection and security standards.

5. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

6. Data Retention

We retain your personal data for as long as necessary to provide our Service and comply with legal obligations:

  • Email addresses and scan data: Retained while you use our Service and for up to 12 months after your last interaction, unless you request deletion.
  • Payment records: Retained for up to 7 years to comply with tax and accounting regulations.
  • Aggregated, anonymized data: May be retained indefinitely for statistical analysis and service improvement.

7. Your Rights Under GDPR

If you are in the European Economic Area, you have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data, subject to legal retention requirements.

Right to Restriction of Processing

Request limitation of how we process your data in certain circumstances.

Right to Data Portability

Request a machine-readable copy of your data to transfer to another service.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Withdraw consent for marketing communications at any time without affecting other processing.

Right to Lodge a Complaint

File a complaint with your local data protection authority if you believe we have mishandled your data.

To exercise any of these rights, please contact us through the contact information on our website. We will respond to your request within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • Secure authentication and access controls
  • Regular security assessments and updates
  • Restricted access to personal data on a need-to-know basis
  • Secure cloud infrastructure with industry-standard security practices

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Cookies and Tracking Technologies

Our website uses minimal cookies and tracking technologies:

Strictly Necessary Cookies

Essential cookies required for the Service to function, such as session management and security. These do not require consent under ePrivacy Directive.

Analytics Cookies

We use privacy-focused analytics that collect anonymized, aggregated data without tracking individuals or using persistent identifiers. Our analytics solution is GDPR-compliant and respects user privacy.

We do not use third-party advertising cookies or cross-site tracking technologies.

10. Children's Privacy

Our Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we learn we have collected data from a child without parental consent, we will delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting a notice on our website or sending an email to registered users. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy, to exercise your data protection rights, or to contact our Data Protection Officer, please reach out through the contact information provided on our website.

Summary (Not Legally Binding)

We collect your email and scan data to provide our Service. We use GDPR-compliant service providers and do not sell your data. You have full GDPR rights including access, deletion, and data portability. We use minimal cookies and privacy-focused analytics. Your data is stored securely within the European Union.