CookieBeam

Privacy Policy

Last updated: October 19, 2025

1. Introduction

CookieBeam ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cookie consent management service.

This policy complies with the EU General Data Protection Regulation (GDPR), UK GDPR, and California Consumer Privacy Act (CCPA).

2. Data Controller Information

CookieBeam Ltd.

[Your Business Address]
[email protected]
[Your Phone Number]

Data Protection Officer: [email protected]

3. Information We Collect

3.1 Personal Information You Provide

  • Account information (name, email address, company details)
  • Billing information (payment details, billing address)
  • Communication data (support tickets, feedback)
  • Website configuration data (domains, banner settings)

3.2 Information Collected Automatically

  • Usage data (pages visited, features used, time spent)
  • Device information (IP address, browser type, operating system)
  • Consent records (user consent choices, timestamps)
  • Performance data (banner load times, error logs)

3.3 Third-Party Data

  • Payment processing data from Stripe
  • Analytics data from Google Analytics (anonymized)
  • Authentication data from OAuth providers

4. Legal Basis for Processing

Contract Performance (Article 6(1)(b) GDPR)

Processing necessary to provide our cookie consent service

Legitimate Interests (Article 6(1)(f) GDPR)

Service improvement, security, fraud prevention

Consent (Article 6(1)(a) GDPR)

Marketing communications, optional analytics

Legal Obligation (Article 6(1)(c) GDPR)

Tax records, legal compliance requirements

5. How We Use Your Information

  • Provide and maintain our cookie consent service
  • Process payments and billing
  • Send service-related communications
  • Improve our services and develop new features
  • Ensure security and prevent fraud
  • Comply with legal obligations
  • Provide customer support

6. Data Sharing and Disclosure

6.1 Service Providers

  • Stripe (payment processing)
  • AWS/Cloudflare (hosting and CDN)
  • Customer support tools

6.2 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights.

6.3 International Transfers

Data may be transferred to countries outside the EU/UK with adequate protection measures including Standard Contractual Clauses.

7. Your Rights Under GDPR/UK GDPR

Right of Access (Article 15)

Request copies of your personal data

Right to Rectification (Article 16)

Request correction of inaccurate data

Right to Erasure (Article 17)

Request deletion of your data ("Right to be Forgotten")

Right to Data Portability (Article 20)

Receive your data in a portable format

Right to Object (Article 21)

Object to processing based on legitimate interests

Right to Restrict Processing (Article 18)

Limit how we process your data

To exercise these rights, contact us at [email protected] or use ourData Rights Portal.

8. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information
  • Right to non-discrimination for exercising privacy rights

Note: We do not sell personal information to third parties.

9. Data Retention

  • Account data: Retained while account is active + 3 years
  • Consent records: Retained for 3 years from last consent
  • Billing data: Retained for 7 years (legal requirement)
  • Support communications: Retained for 2 years
  • Usage logs: Retained for 1 year

10. Security Measures

  • Encryption in transit and at rest
  • Regular security audits and penetration testing
  • Access controls and authentication
  • Employee security training
  • Incident response procedures

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or service notification.

13. Contact Information

For privacy-related questions or to exercise your rights:

Data Rights Portal: cookiebeam.com/data-rights
Postal Address: [Your Business Address]

You also have the right to lodge a complaint with your local data protection authority.