Privacy Policy

Last updated: March 18, 2026

1. Who we are

CookieRisk (“we”, “us”, “our”) provides a website scanning service that detects cookies, trackers, and consent banner behaviour. We are the data controller for the personal data described in this policy.

2. What data we collect

Account data

When you create an account, we collect your email address and name via our authentication provider (Neon Auth). We do not store passwords directly.

Scan data

When you scan a website, we store the URL you submitted, the scan results (cookies found, trackers detected, compliance scores, screenshots), and metadata such as scan timestamps and duration. We do not collect any personal data from the websites you scan.

Usage data

We collect basic usage analytics: pages visited, scan counts, and feature interactions. This data is used to improve the service and is not sold to third parties.

Payment data

Payments are processed by Mollie (mollie.com). We do not store credit card numbers, bank account details, or other payment credentials. Mollie acts as an independent data controller for payment processing. See Mollie’s Privacy Policy.

3. How we use your data

  • To provide and operate the scanning service
  • To display scan history and monitoring dashboards
  • To send compliance alerts and regression notifications (if enabled)
  • To process payments and manage subscriptions
  • To improve the service through aggregated, anonymised usage statistics
  • To respond to support requests

4. Legal basis for processing (GDPR)

  • Contract: Processing account and scan data is necessary to provide the service you signed up for (Art. 6(1)(b) GDPR).
  • Legitimate interest: Usage analytics and service improvement (Art. 6(1)(f) GDPR). You can opt out by contacting us.
  • Legal obligation: Retaining transaction records for tax and accounting purposes (Art. 6(1)(c) GDPR).

5. Data retention

Scan results are retained based on your plan:

  • Free: 7 days
  • Pro: 90 days
  • Agency: 1 year

Account data is retained for the duration of your account. You can delete your account and all associated data at any time from the dashboard settings.

6. Data sharing

We do not sell your data. We share data only with the following service providers who act as data processors on our behalf:

  • Neon — database hosting and authentication
  • Mollie — payment processing (independent controller)
  • Vercel — application hosting

All processors are EU-based or provide adequate safeguards for data transfers.

7. Your rights

Under GDPR, you have the right to access, rectify, erase, restrict, and port your personal data, as well as the right to object to processing. To exercise any of these rights, contact us at the email below. We will respond within 30 days.

8. Security

We use encryption in transit (TLS), encrypted database connections, role-based access controls, and regular security reviews. Scan results are stored in isolated database rows scoped to your organisation.

9. Changes to this policy

We may update this policy from time to time. Significant changes will be communicated via email or an in-app notification. The “last updated” date at the top of this page reflects the most recent revision.

10. Contact

For privacy-related questions, data requests, or complaints, contact us at: privacy@cookierisk.eu